Re: Signatures and encryption headers



On Nov 7, 1:56 am, Kristian Gjøsteen <kristiag+n...@xxxxxxxxxxxx>
wrote:
Fabrice  <fabrice.gaut...@xxxxxxxxx> wrote:
Are you talking about modes such as CCM and EAX

Yes.

With EAX or CCM, you still need some way to communicate the session
key used, the underlying block cipher and maybe the other parameters
that the CCM specs calls "Prerequisites", (if there are not fixed by
the system)

My question is basically, does those prerequisites needs to be
authenticated and/or confidential ? The session key obviously need to
be confidential, so I can encrypt it with a Public Key algorithm for
the recipient. But does the chosen block cipher, and the encrypted
session key needs to be authenticated ? And what kind of attack would
you be vulnerable to if they are not ?

-- Fabrice
.



Relevant Pages

  • Re: Need an algorithm
    ... ]i am just making a secure login web component. ... ]using some dynamic string (so i thought session id would be eligible ... ]encrypt the username and password. ... ]pair using some dynamic string. ...
    (sci.crypt)
  • Re: Newbie data size encryption questions
    ... I want to encrypt the session data which may be a few chars, ... I'm not sure what you mean by a "mapping app". ...
    (sci.crypt)
  • SSH port forwarding not working?
    ... I was using SSH to encrypt a VNC session. ... I seem to encrypt the session it doesn't work. ... this opens a port on my machine to the vnc port on the ...
    (Security-Basics)
  • Re: Need an algorithm
    ... ]]algorithm that can satisfy the following. ... I have a session ID from which i ... ]have a string as long as the data you want to encrypt. ...
    (sci.crypt)
  • Re: How do you secure a web service?
    ... The data being passed is not particularly sensitive, we just do not want unauthorized users accessing the web service. ... You could probably just MD5 hash the password. ... We use a session ID and the user's password for generating the hash. ... Don't use SSL to encrypt the whole envelope as this requires overhead when encrypting and decrypting. ...
    (microsoft.public.dotnet.framework.webservices)