Re: Basic question about RSA


"David Wagner" <daw@xxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e5uacu$1id4$2@xxxxxxxxxxxxxxxxxxxxx
William L. Bahn wrote:
There is a natural tendency among people that are intimately
familiar with a topic (and I'm certainly as guilty of it as
the
next person) to assume that people that are new to that topic
should learn everything all at once. It seems like it should
be
easy to teach them everything because it all just makes so
much
sense. More specifically, there is a tendency to adopt the
belief
that it is not appropriate to teach them things based on a
simplified model that will have to be modified later when a
more
realistic model is used.

Perhaps. But when giving an oversimplified model that isn't
actually
accurate, I think at a minimum one should disclose to the
student that
what they've been told isn't actually accurate. Otherwise,
people may
rely upon that inaccurate model and make bad decisions.

In this case, the oversimplified model leads to many
misconceptions.
I've taught the material in the classroom, and I've seen the
misconceptions.

Personally, I think that describing signatures by saying that
they are
just a case of "encrypting with the private key" is the wrong
way to teach
this stuff. I think it's better to treat signatures as a
totally different
topic from encryption; to start by discussing the properties
that signatures
have; and then give some example signature schemes. If you
start by saying
that a signature scheme is where you encrypt with the private
key, then
you end up confusing the security goals with a specific
algorithm that
meets those goals; you confuse the specification with the
implementation;
you confuse the end with the means. It leads to a
misconception that all
signature algorithms work by "encrypting with the private key";
and that
misconception leads to many fundamental confusions.

I really haven't seen anything in this discussion that implies
that anyone has been under the impression that "encrypting with
the private key" and "digital signatures" are one and the same.
Perhaps it is just the perception that I interpret things from,
but everything seems to have been consistent with a discussion of
one particular means of authenticating messages. While the
discussion has been focused on that one method, there hasn't been
anything that I can recall that claimed it is the only method or
that all other methods are somehow derived from it.




.

Relevant Pages

  • Re: RSA signing security
    ... I would not even bother attacking the private key directly (as it's easy to ... in the padding for the signatures. ... exploit the flaws in MD5 to work towards believable plaintexts. ...
    (sci.crypt)
  • Re: RSA vs AES
    ... >way the current commercial PKI house of cards is constructed. ... >such is that the signatures used on the Certs are unforgeable. ... that idiot said no such thing. ... Master Key" cannot unlock everyone's private key. ...
    (sci.crypt)
  • Re: Basic question about RSA
    ... I've taught the material in the classroom, and I've seen the misconceptions. ... I think that describing signatures by saying that they are ... just a case of "encrypting with the private key" is the wrong way to teach ... you confuse the end with the means. ...
    (sci.crypt)
  • The great free thinkers of Podunk want the pledge of allegiance removed from US schools. They have p
    ... They are saying it "child abuse"..that is exactly their legal ... They are bragging about all their signatures they have ...
    (soc.retirement)
  • Re: Typical panic -guns!!!
    ... you don't understand digital signatures!" ... Verification of the integrity of the message ... Their private key is what would truly distinguish ... verified me in person but my digital signature, my identity in terms of PGP) ...
    (uk.legal)