Security Basics mailing list archives
RE: Encryption question
From: "Jordan, Jason D. \"Dallas\"" <Jason.Jordan () honeywell-tsi com>
Date: Wed, 25 Feb 2004 12:45:13 -0500
Tony,
I believe, in order to spoof a digital signature of Alice, you would need to get her private key....which she
should have securely stored somewhere. A hash of the message is done and then encrypted with Alices private key. The
only other key that
can decrypt it is the public key generated with her original key pair. You could substitute Alice's public key with
your public key so when Bob used that public key to encrypt the message meant for Alice, you could intercept it and
read the message.
Then you could re-encrypt it with Alice's real public key and send it on to her. Kinda like a man in the middle deal.
I think this is how it works, I could be wrong. Does that help any?
Dallas Jordan MCSE, CCNA, Security+
Electronics Technician II
Honeywell Technology Solutions
1010 Bankton Drive
Hanahan, SC 29406
843-744-1221 Ext 11
-----Original Message-----
From: Preston, Tony [mailto:Tony.Preston () acs-inc com]
Sent: Tuesday, February 24, 2004 1:01 PM
To: security-basics () securityfocus com
Subject: Encryption question
Tony Preston
Systems Engineer, AS&T Inc.
Division of L3 Corporation
(609) 485-0205 x 181
I have what is a rather basic question... I probably am missing something
so I thought I would ask here.
Alice and Bob both have a public and private key.
Alice encrypts her email to Bob using his public key. Sends the email and
Bob decrypts it using his keys..
Since both Bob and Alice's public keys are known, Why can't I take Alice's
public key and create a key pair using any other private key. Now, I fake
an electronic signature from Alice using the pair I created and send a bogus
encrypted message to Bob with my "fake" Alice signature. Bob checks the
signature by using the public key and it is valid. Bob assumes the message
is from Alice...
What prevents me from spoofing someone's electronic signature this way?
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:
- Re: Encryption question, (continued)
- Re: Encryption question Lars Georg Paulsen (Feb 25)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 26)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Jamie Pratt (Feb 25)
- RE: Encryption question Burton M. Strauss III (Feb 25)
- Re: Encryption question Aaron Keck (Feb 25)
- Re: Encryption question Theo Chaojareon (Feb 25)
- Re: Encryption question Raghu Chinthoju (Feb 27)
- RE: Encryption question Gene LeDuc (Feb 25)
- Re: Encryption question SERGIO OTERO (Feb 25)
- RE: Encryption question Jordan, Jason D. "Dallas" (Feb 25)
- RE: Encryption question Prasad S. Athawale (Feb 26)
- RE: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 25)