Security Basics mailing list archives

RE: Encryption question

From: "Marco Araujo" <amon87secfx () hotmail com>
Date: Mon, 01 Mar 2004 18:39:05 -0300

Hi Tony,

I think there's a mistake here. Digital signature is done by applying thesender's private key at the message hash. The private key is known only bythe sender. The receiver knows that the message is not a fake one because he(she) has the sender's public key to check. He (she) applies the public keyat the message hash to check. It's not possible to make a new private keyfrom the public key.


Hope it helps.

Marco Araujo
MCSE
Recife/PE - Brasil

From: "Preston, Tony" <Tony.Preston () acs-inc com>
To: security-basics () securityfocus com
Subject: Encryption question
Date: Tue, 24 Feb 2004 13:01:29 -0600

Tony Preston
Systems Engineer, AS&T Inc.
Division of L3 Corporation
(609) 485-0205 x 181

I have what is a rather basic question...  I probably am missing something
so I thought I would ask here.

Alice and Bob both have a public and private key.

Alice encrypts her email to Bob using his public key.  Sends the email and
Bob decrypts it using his keys..

Since both Bob and Alice's public keys are known, Why can't I take Alice's
public key and create a key pair using any other private key.  Now, I fake

an electronic signature from Alice using the pair I created and send abogus

encrypted message to Bob with my "fake" Alice signature.  Bob checks the

signature by using the public key and it is valid. Bob assumes themessage

is from Alice...

What prevents me from spoofing someone's electronic signature this way?



---------------------------------------------------------------------------
----------------------------------------------------------------------------


_________________________________________________________________

MSN Messenger: instale grátis e converse com seus amigos.http://messenger.msn.com.br



---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_security-basics_040301
----------------------------------------------------------------------------

Current thread:

RE: Encryption question David Gillett (Mar 01)
- <Possible follow-ups>
- RE: Encryption question Marco Araujo (Mar 01)
  - Re: Encryption question F.O. Bossert (Mar 02)
    - Re: Encryption question Joerg Over Dexia (Mar 02)
    - Re: Encryption question D.E. Chadbourne (Mar 03)
- RE: Encryption question Daniel Menezes (Mar 02)
- RE: Encryption question Preston, Tony (Mar 02)
  - Re: Encryption question Hector Luis Gimbatti (Mar 03)
- RE: Encryption question Daniel Menezes (Mar 04)