Re: Encryption question

["Raghu Chinthoju" <chraghu.ml () fusemail com>]

What you are saying, "take Alice's public key and create a key pair", is as
good as breaking the key pair. When appropriate key length is maintained,
this is believed to be an impossible task with the existing computing
resources.

Also, a key pair is generated during a single operation, not that the one
derived from the other. Hope this answers your question.

Raghu


----- Original Message ----- 
From: "Preston, Tony" <Tony.Preston () acs-inc com>
To: <security-basics () securityfocus com>
Sent: Wednesday, February 25, 2004 12:31 AM
Subject: Encryption question


> Tony Preston
> Systems Engineer, AS&T Inc.
> Division of L3 Corporation
> (609) 485-0205 x 181
>
> I have what is a rather basic question...  I probably am missing something
> so I thought I would ask here.
>
> Alice and Bob both have a public and private key.
>
> Alice encrypts her email to Bob using his public key.  Sends the email and
> Bob decrypts it using his keys..
>
> Since both Bob and Alice's public keys are known, Why can't I take Alice's
> public key and create a key pair using any other private key.  Now, I fake
> an electronic signature from Alice using the pair I created and send a
bogus
> encrypted message to Bob with my "fake" Alice signature.  Bob checks the
> signature by using the public key and it is valid.   Bob assumes the
message
> is from Alice...
>
> What prevents me from spoofing someone's electronic signature this way?
>
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------