RE: Encryption question

["Burton M. Strauss III" <BStrauss () acm org>]

Because there's no simple transformation between keys.  Instead, the simple
transforms are from some unknown shared item.

So   private key=f(x)
     public key=g(x)

which are easy,
But the invert functions f'() and g'() are hard.


Usually x is the product of two large prime numbers, so factoring it is the
hard task.  It turns out to be much easier to test if a number is prime than
to determine it's factoring.


-----Burton


> -----Original Message-----
> From: Preston, Tony [mailto:Tony.Preston () acs-inc com]
> Sent: Tuesday, February 24, 2004 1:01 PM
> To: security-basics () securityfocus com
> Subject: Encryption question
>
>
>
>
> Tony Preston
> Systems Engineer, AS&T Inc.
> Division of L3 Corporation
> (609) 485-0205 x 181
>
> I have what is a rather basic question...  I probably am missing something
> so I thought I would ask here.
>
> Alice and Bob both have a public and private key.
>
> Alice encrypts her email to Bob using his public key.  Sends the email and
> Bob decrypts it using his keys..
>
> Since both Bob and Alice's public keys are known, Why can't I take Alice's
> public key and create a key pair using any other private key.  Now, I fake
> an electronic signature from Alice using the pair I created and
> send a bogus
> encrypted message to Bob with my "fake" Alice signature.  Bob checks the
> signature by using the public key and it is valid.   Bob assumes
> the message
> is from Alice...
>
> What prevents me from spoofing someone's electronic signature this way?
>
>
>
> ------------------------------------------------------------------
> ---------
> ------------------------------------------------------------------
> ----------


---------------------------------------------------------------------------
----------------------------------------------------------------------------