Re: Interesting Discussion with US Government Computer Expert

• Previous message: George Ou: "Re: Interesting Discussion with US Government Computer Expert"
• In reply to: dsr_at_Florence.edu: "Re: Interesting Discussion with US Government Computer Expert"
• Next in thread: dsr_at_Florence.edu: "Re: Interesting Discussion with US Government Computer Expert"
• Reply: dsr_at_Florence.edu: "Re: Interesting Discussion with US Government Computer Expert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 31 Aug 2003 01:12:34 GMT

On Sat, 30 Aug 2003 01:06:00 GMT, dsr@Florence.edu wrote:

>On Fri, 29 Aug 2003 16:41:14 -0400 (EDT), "No One"
><no-one-no-spam@home.com> wrote:
>
>>OK. Here's the deal. I work for the government as a consultant on SIPRNET.
>>Had a discussion with a fellow contractor who works for a government agency
>>in Maryland. (Hint, Hint).
>>
>>He implied that RSA-type keys were inherently unsecure because of known
>>plaintext attacks. That is if I have your public key and use it to encrypt
>>one or more text messages (or I guess any other data), by knowing the
>>algorithm I can calculate the private key by comparing the cipherttext and
>>the know plaintext.
>>
>>I think there has to be more to the story. Unfortunately, my knowledge of
>>this encryption stops at knowing what group (i.e. this one) to ask the
>>question in.
>>
>>There has to be more to the story, right guys?? Probably involving
>>factoring very large prime numbers?
>>
>>I don't really need to know the answer to this question, but it will
>>provide an indication of how seriously I should take anything else this guy
>>says.
>>
>>Thanks
>
>Not everybody uses public key systems to encrypt plaintext. Some
>people use an RSA or Diffie Hellman scheme to exchange a random
>symmetric key. The random symmetric key is then used as a start key
>for a more robust symmetric key system. Although some of the more
>robust systems are not commercially available without screening I
>don't think they are completely unavailable.

No, PKC is almost never used to encrypt data. PGP mail, S/MIME, SSL,
EFS, and any other app I can think of all use PKC to protect the
symmetric session keys to kick start the symmetric crypto session.

George Ou
http://www.LANArchitect.net

• Previous message: George Ou: "Re: Interesting Discussion with US Government Computer Expert"
• In reply to: dsr_at_Florence.edu: "Re: Interesting Discussion with US Government Computer Expert"
• Next in thread: dsr_at_Florence.edu: "Re: Interesting Discussion with US Government Computer Expert"
• Reply: dsr_at_Florence.edu: "Re: Interesting Discussion with US Government Computer Expert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Interesting Discussion with US Government Computer Expert ... (Hint, Hint). ... Not everybody uses public key systems to encrypt plaintext. ... The random symmetric key is then used as a start key ... (sci.crypt) Re: Where to store private key ... There are, however, some known techniques which are ... However being quite new to security I still don't ... > Rijndael class to encrypt the data. ... >> uses underlying symmetric key encryption based on user principal ... (microsoft.public.dotnet.security) Re: Basic question about RSA ... You "RSA Encrypt" padded data, ... message digest and sign the digest using her private key. ... the symmetric key. ... (sci.crypt) Re: Encryption of messages between embedded system and PC? ... that will allow you to encrypt strings, ... No other party, not even the PC, can decrypt data ... The answer is "pieces of each frame ... frame using the symmetric cipher and the symmetric key of the cipher, ... (comp.arch.embedded) Re: Java, MSCAPI interoperability - newbie ... A good solution (analogous to enveloped email) is to have the two parties have ... Then you can leverage RSA key-exchange protocol very easily. ... data with random symmetric key and encrypt the symmetric key with their local private RSA key ... (microsoft.public.platformsdk.security)