Re: Encryption - Kerberos

["Edd Burgess" <edd.burgess () cantab net>]

It might also be worth noting that Kerberos is not itself an encryption
method. Kerberos is an identity authentication protocol defined by a
series of messages, it is built upon hash and cipher function primitives.

When a ciphertext is passed over a network or a key exchange of some kind
occurs, the network stack ensures end to end integrity in a variety of
ways, so the decryption which happens high up the stack in the
presentation layer can assume the values it is working with are what were
sent to it - whether or not they are correct is not the business of the
encryption layer, if you see what I mean.

-Edd

On Mon, October 26, 2009 16:46, Radmilo Racic wrote:
> Encryption only provides a confidentiality so even a human would not
> know if the text has been properly decrypted without an integrity check. In
> other words, a human or a service can check a hash/MAC/digital signature
> to ensure that the integrity of the text.
>
> Kerberos does indeed offer integrity service (optionally) through a
> one-way hash that is sent along the plaintext.
>
> Hopefully this answers your question.
>
>
> Cheers,
> -- Radmilo
>
>
> On Mon, Oct 26, 2009 at 9:46 AM, Radmilo Racic <rracic () gmail com> wrote:
>
> > Encryption only provides a confidentiality so even a human would not
> > know if the text has been properly decrypted without an integrity
> > check. In other words, a human or a service can check a
> > hash/MAC/digital signature to ensure that the integrity of the text.
> > Kerberos does indeed offer integrity service (optionally) through a
> > one-way hash that is sent along the plaintext. Hopefully this answers
> > your question. Cheers,
> > -- Radmilo
> > On Sat, Oct 24, 2009 at 2:23 AM, M.D.Mufambisi <mufambisi () gmail com>
> > wrote:
> >
> > > Hi people.
> > >
> > >
> > > I have a question on encryption. When say a sentence such as "my name
> > >  is bruno" is encrypted, to say ciphertext "sakjkg6*672khkhkjhs
> > > jhkhaskh" and sent to my friend stan....who then decrypts it....back
> > > to "my name is bruno". Stan will be able to tell that he has
> > > succesfully decrypted the ciphertext because he is human and the
> > > resultant decrypted text makes sense to him right? Now in the instance
> > > of kerberos, where there are no humans but computers or
> > > services.....how does a service know that it has succesfully decrypted
> > > ciphertext? I have seen that PGP can tell that a text is succesfully
> > > decrypted. How does it do this? I hope my question is clear.
> > >
> > > Regards
> > >
> > >
> > > ---------------------------------------------------------------------
> > > ---
> > > Securing Apache Web Server with thawte Digital Certificate
> > > In this guide we examine the importance of Apache-SSL and who needs an
> > > SSL certificate.  We look at how SSL works, how it benefits your
> > > company and how your customers can tell if a site is secure. You will
> > > find out how to test, purchase, install and use a thawte Digital
> > > Certificate on your Apache web server. Throughout, best practices for
> > > set-up are highlighted to help you ensure efficient ongoing
> > > management of your encryption keys and digital certificates.
> > >
> > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
> > > 442f727d1
> > > ----------------------------------------------------------------------
> > > --
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted
> to help you ensure efficient ongoing management of your encryption keys
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f
> 727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------