Re: Interesting Discussion with US Government Computer Expert

From: George Ou (533george_ou234_at_netzero234.com)
Date: 08/31/03

• Next message: George Ou: "Re: Interesting Discussion with US Government Computer Expert"
• Previous message: Gregory G Rose: "Re: Interesting Discussion with US Government Computer Expert"
• In reply to: Richard Heathfield: "Re: Interesting Discussion with US Government Computer Expert"
• Next in thread: Russ Lyttle: "Re: Interesting Discussion with US Government Computer Expert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 31 Aug 2003 00:56:30 GMT

First of all, RSA or any other PKC system is never used to encrypt
data. PKC is only used to initiate a symmetric crypto session. RSA
is only used to encrypt a randomly generated session key used for
symmetric encryption. You DON'T use RSA to encrypt plain text. You
don't even use it to directly sign plain text. You only sign the
hash.

The fact is, NO cryptographic implementation can withstand miss use.
In WWII, the US had an easy time cracking Japanese encryption codes
because the Japanese had a habit of always starting each message with
something to the effect of "I am pleased to inform your excellency".
A recent vulnerability with an implementation SSL in POP email
applications was due to the fact that there was a precipitability in
what was sent. Even then, it wasn't the private key that was
compromised. It was grossly misrepresented by many as a crack in SSL
itself.

This so called security "expert" is one of those people who know just
enough to be dangerous.

George Ou
http://www.LANArchitect.net

• Next message: George Ou: "Re: Interesting Discussion with US Government Computer Expert"
• Previous message: Gregory G Rose: "Re: Interesting Discussion with US Government Computer Expert"
• In reply to: Richard Heathfield: "Re: Interesting Discussion with US Government Computer Expert"
• Next in thread: Russ Lyttle: "Re: Interesting Discussion with US Government Computer Expert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Asp.net 2.0 deployment with encryption ... I guesss I will create a rsa key on the production server. ... Export the public xml/key to a common location on some server. ... As for the ASP.NET 2.0 configuration section protection, ... encryption which use a single shared session key to encrypt and decrypte ... (microsoft.public.dotnet.framework.aspnet) Re: What is exponent? ... For simple description of RSA algorithm ... I also have the receiver's certificate (public key only). ... Use RSA to encrypt the session key ... (microsoft.public.dotnet.security) Re: Decrypt RSA using D ... We are planning on using RSA with WSE, so it only uses RSA to encrypt the symmetric key used for the SOAP body--the same scenario you outlined below. ... owner of the private key can decrypt it. ... always embedded inside the CSP key container and never passed out into the ... (microsoft.public.dotnet.framework) Re: Java, MSCAPI interoperability - newbie ... A good solution (analogous to enveloped email) is to have the two parties have ... Then you can leverage RSA key-exchange protocol very easily. ... data with random symmetric key and encrypt the symmetric key with their local private RSA key ... (microsoft.public.platformsdk.security) Re: asymmetric encryption options ... now I am generating a random key, encrypting the data with it using ... then encrypting the key with rsa. ... You can split the longer key into blocks, and encrypt them alone. ... The original padding is really simple to implement, ... (comp.lang.ruby)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint