Security Basics mailing list archives
Re: Encryption question
From: "F.O. Bossert" <o.bossert () quapps org>
Date: Tue, 02 Mar 2004 14:49:42 +0100
Yoo,But that is his point! Sending an Fake message with an fake hash, with real public key and fake private key,
does give the receiver the false impression that the message is from Alice! Greetings O. Marco Araujo wrote:
Hi Tony,I think there's a mistake here. Digital signature is done by applying the sender's private key at the message hash. The private key is known only by the sender. The receiver knows that the message is not a fake one because he (she) has the sender's public key to check. He (she) applies the public key at the message hash to check. It's not possible to make a new private key from the public key.Hope it helps. Marco Araujo MCSE Recife/PE - BrasilFrom: "Preston, Tony" <Tony.Preston () acs-inc com> To: security-basics () securityfocus com Subject: Encryption question Date: Tue, 24 Feb 2004 13:01:29 -0600 Tony Preston Systems Engineer, AS&T Inc. Division of L3 Corporation (609) 485-0205 x 181I have what is a rather basic question... I probably am missing somethingso I thought I would ask here. Alice and Bob both have a public and private key.Alice encrypts her email to Bob using his public key. Sends the email andBob decrypts it using his keys..Since both Bob and Alice's public keys are known, Why can't I take Alice's public key and create a key pair using any other private key. Now, I fake an electronic signature from Alice using the pair I created and send a bogusencrypted message to Bob with my "fake" Alice signature. Bob checks thesignature by using the public key and it is valid. Bob assumes the messageis from Alice... What prevents me from spoofing someone's electronic signature this way?--------------------------------------------------------------------------- ----------------------------------------------------------------------------_________________________________________________________________MSN Messenger: instale grĂ¡tis e converse com seus amigos. http://messenger.msn.com.br--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,wireless securityProtect your network against hackers, viruses, spam and other risks with AstaroSecurity Linux, the comprehensive security solution that combines sixapplications in one software solution for ease of use and lower total cost ofownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301----------------------------------------------------------------------------
--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ----------------------------------------------------------------------------
Current thread:
- RE: Encryption question David Gillett (Mar 01)
- <Possible follow-ups>
- RE: Encryption question Marco Araujo (Mar 01)
- Re: Encryption question F.O. Bossert (Mar 02)
- Re: Encryption question Joerg Over Dexia (Mar 02)
- Re: Encryption question D.E. Chadbourne (Mar 03)
- Re: Encryption question F.O. Bossert (Mar 02)
- RE: Encryption question Daniel Menezes (Mar 02)
- RE: Encryption question Preston, Tony (Mar 02)
- Re: Encryption question Hector Luis Gimbatti (Mar 03)
- RE: Encryption question Daniel Menezes (Mar 04)