Security Basics mailing list archives
Re: Encryption question
From: Lars Georg Paulsen <maillist () braindead nu>
Date: Thu, 26 Feb 2004 15:52:52 +0100
As I have just picked this info out from something I have read, I don't understand the hole theory behind it all. A mistake by me, is calling it the himlic method... it's actually called Diffie-Hellman key exchange method. This is only, Not a encrypting algorithm, but to exchange a key, with out exchanging the key. As I understand out from what I have read, you have no two keys, that will be able to encrypt and decrypt the same messange. I found a quite good article about the method, if anyone is interrested. http://www.netip.com/articles/keith/diffie-helman.htm This is usally just used, for lots of traffic, because if you use to asymetric keys the encrypting and decrypting will take quite a long time, with this method the keys are symetric, then there will be a lot faster transfer. If I understand right, this can be ablyed to any almost anything, but if it's worth doing it on a email messange, that's the questions, the it would be easyer to encrypt the messange with bob's public key and sign it with alice private key.... As I said in the beginning, I don't understand the hole theory.. so if I wrong, please correct me. regards Lars Georg Paulsen. On Thu, 2004-02-26 at 01:36, Hollis Johnson wrote:
Lars. That's interesting. I always thought Priv/Pub keys had to be composed of two primes. If you "combine" them (i'm thinking p*q) the result is no longer prime -- although it may not be any easier to break -- Is that what you meant? or did you mean applying one then the other?? Thanks for any additional info :-) Hollis At 07:17 PM 2/25/2004 +0100, Lars Georg Paulsen wrote:The encrypted key you have made, is not valid. Bob can't decrypt the messange with his public nor with is private. If alice sends a message to bob, and what him to be the only one to read it, she will encrypt it with his public key. And to make sure bob can trust the message, and tell for sure it's from alice, she will sign the message with alice private key. What you think of, combinding a private key and a public to make a new key, is the himlich method. The way describe above takes quite long time to decrypt. Another scenarior, is to make to new keys that are identical. This you do by combinding private keys and public keys. Alice makes a new key with her private and bobs public key. Bobs makes a new key with his private and alices public key. The two new keys are now identical, can not be produced by any outsiders. Hopes this answer a bit of your question. regards Lars Georg Paulsen. On Tue, 2004-02-24 at 20:01, Preston, Tony wrote:Tony Preston Systems Engineer, AS&T Inc. Division of L3 Corporation (609) 485-0205 x 181 I have what is a rather basic question... I probably am missing something so I thought I would ask here. Alice and Bob both have a public and private key. Alice encrypts her email to Bob using his public key. Sends the email and Bob decrypts it using his keys.. Since both Bob and Alice's public keys are known, Why can't I take Alice's public key and create a key pair using any other private key. Now, I fake an electronic signature from Alice using the pair I created and send abogusencrypted message to Bob with my "fake" Alice signature. Bob checks the signature by using the public key and it is valid. Bob assumes themessageis from Alice... What prevents me from spoofing someone's electronic signature this way? ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Encryption question Preston, Tony (Feb 25)
- Re: Encryption question Lars Georg Paulsen (Feb 25)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 26)
- Re: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Jamie Pratt (Feb 25)
- RE: Encryption question Burton M. Strauss III (Feb 25)
- Re: Encryption question Aaron Keck (Feb 25)
- Re: Encryption question Theo Chaojareon (Feb 25)
- Re: Encryption question Raghu Chinthoju (Feb 27)
- <Possible follow-ups>
- RE: Encryption question Gene LeDuc (Feb 25)
- Re: Encryption question SERGIO OTERO (Feb 25)
- RE: Encryption question Jordan, Jason D. "Dallas" (Feb 25)
- RE: Encryption question Prasad S. Athawale (Feb 26)
- RE: Encryption question Hollis Johnson (Feb 26)
- Re: Encryption question Lars Georg Paulsen (Feb 25)