Penetration Testing mailing list archives
Re: Encryption - Kerberos
From: "Edd Burgess" <edd.burgess () cantab net>
Date: Tue, 27 Oct 2009 10:24:36 -0000 (UTC)
It might also be worth noting that Kerberos is not itself an encryption method. Kerberos is an identity authentication protocol defined by a series of messages, it is built upon hash and cipher function primitives. When a ciphertext is passed over a network or a key exchange of some kind occurs, the network stack ensures end to end integrity in a variety of ways, so the decryption which happens high up the stack in the presentation layer can assume the values it is working with are what were sent to it - whether or not they are correct is not the business of the encryption layer, if you see what I mean. -Edd On Mon, October 26, 2009 16:46, Radmilo Racic wrote:
Encryption only provides a confidentiality so even a human would not know if the text has been properly decrypted without an integrity check. In other words, a human or a service can check a hash/MAC/digital signature to ensure that the integrity of the text. Kerberos does indeed offer integrity service (optionally) through a one-way hash that is sent along the plaintext. Hopefully this answers your question. Cheers, -- Radmilo On Mon, Oct 26, 2009 at 9:46 AM, Radmilo Racic <rracic () gmail com> wrote:Encryption only provides a confidentiality so even a human would not know if the text has been properly decrypted without an integrity check. In other words, a human or a service can check a hash/MAC/digital signature to ensure that the integrity of the text. Kerberos does indeed offer integrity service (optionally) through a one-way hash that is sent along the plaintext. Hopefully this answers your question. Cheers, -- Radmilo On Sat, Oct 24, 2009 at 2:23 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:Hi people. I have a question on encryption. When say a sentence such as "my name is bruno" is encrypted, to say ciphertext "sakjkg6*672khkhkjhs jhkhaskh" and sent to my friend stan....who then decrypts it....back to "my name is bruno". Stan will be able to tell that he has succesfully decrypted the ciphertext because he is human and the resultant decrypted text makes sense to him right? Now in the instance of kerberos, where there are no humans but computers or services.....how does a service know that it has succesfully decrypted ciphertext? I have seen that PGP can tell that a text is succesfully decrypted. How does it do this? I hope my question is clear. Regards --------------------------------------------------------------------- --- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be 442f727d1 ---------------------------------------------------------------------- -------------------------------------------------------------------------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f 727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Encryption - Kerberos M.D.Mufambisi (Oct 27)
- Message not available
- Re: Encryption - Kerberos Radmilo Racic (Oct 27)
- Re: Encryption - Kerberos Edd Burgess (Oct 27)
- Re: Encryption - Kerberos Radmilo Racic (Oct 27)
- Message not available