Security Basics mailing list archives
RE: Encryption question
From: "Jordan, Jason D. \"Dallas\"" <Jason.Jordan () honeywell-tsi com>
Date: Wed, 25 Feb 2004 12:45:13 -0500
Tony, I believe, in order to spoof a digital signature of Alice, you would need to get her private key....which she should have securely stored somewhere. A hash of the message is done and then encrypted with Alices private key. The only other key that can decrypt it is the public key generated with her original key pair. You could substitute Alice's public key with your public key so when Bob used that public key to encrypt the message meant for Alice, you could intercept it and read the message. Then you could re-encrypt it with Alice's real public key and send it on to her. Kinda like a man in the middle deal. I think this is how it works, I could be wrong. Does that help any? Dallas Jordan MCSE, CCNA, Security+ Electronics Technician II Honeywell Technology Solutions 1010 Bankton Drive Hanahan, SC 29406 843-744-1221 Ext 11 -----Original Message----- From: Preston, Tony [mailto:Tony.Preston () acs-inc com] Sent: Tuesday, February 24, 2004 1:01 PM To: security-basics () securityfocus com Subject: Encryption question Tony Preston Systems Engineer, AS&T Inc. Division of L3 Corporation (609) 485-0205 x 181 I have what is a rather basic question... I probably am missing something so I thought I would ask here. Alice and Bob both have a public and private key. Alice encrypts her email to Bob using his public key. Sends the email and Bob decrypts it using his keys.. Since both Bob and Alice's public keys are known, Why can't I take Alice's public key and create a key pair using any other private key. Now, I fake an electronic signature from Alice using the pair I created and send a bogus encrypted message to Bob with my "fake" Alice signature. Bob checks the signature by using the public key and it is valid. Bob assumes the message is from Alice... What prevents me from spoofing someone's electronic signature this way? --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Encryption question, (continued)
- Re: Encryption question Lars Georg Paulsen (Feb 25)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 26)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Jamie Pratt (Feb 25)
- RE: Encryption question Burton M. Strauss III (Feb 25)
- Re: Encryption question Aaron Keck (Feb 25)
- Re: Encryption question Theo Chaojareon (Feb 25)
- Re: Encryption question Raghu Chinthoju (Feb 27)
- RE: Encryption question Gene LeDuc (Feb 25)
- Re: Encryption question SERGIO OTERO (Feb 25)
- RE: Encryption question Jordan, Jason D. "Dallas" (Feb 25)
- RE: Encryption question Prasad S. Athawale (Feb 26)
- RE: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 25)