Re: Encryption question

[Joerg Over Dexia <over () dexia de>]

Am 14:49 02.03.2004 +0100 teilte F.O. Bossert mir folgendes mit:
->But that is his point! Sending an Fake message with an fake
hash, with 
->real public key and fake private key,
->does give the receiver the false impression that the message is
from Alice!

No. again: No.
You sign your message (pretending to be Alice) with a private key
you made up yourself, since you don't have access to Alice's
private key. The receiver, checking the signature with Alice's
real public key, will get the message that the signature is
invalid, and his impression will be that someone tried to pretend
to be Alice, which is true: You tried. But failed.

btw: Would you really think that if it was *that* easy to fool,
anyone would use that stuff?

Regards, JO

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------