Full Disclosure mailing list archives
RE: Time Expiry Alogorithm??
From: "Tiago Halm" <thalm () void my-bulldog com>
Date: Mon, 22 Nov 2004 01:18:11 -0000
Gautam R. Singh <gautam.singh () gmail com> wrote:
I was just wondering is there any encrytpion alogortim which expires with time. For example an email message maybe decrypted withing 48 hours of its delivery otherwise it become usless or cant be decrypted with the orignal key
Scenario: Lets imagine there is a "trusted", non-hackable third-party which handles a timestamp database along with private/public keys. Lets cal it Trent. Trent manages timestamps in terms of existence and validity. Each timestamp can only be used once and only once. Each timestamp, as soon as it is created has also associated a validity window outside of which it will be considered as invalid. Whenever a timestamp its checked for existence, it will be marked as used, and hence becomes invalid afterwads. Each timestamp is also, obviously, unique. Alice has a message. Alice asks Trent for a timestamp. She generates a hash of the message, and then she signs the hash and the timestamp with her private key. She sends the message and the signature to Bob. When Bob receives the message, Bob decrypts the signature with Alice's public key and sends Trent the timestamp for validity check. Trent finds the associated timestamp in its database, sends Bob a positive response and invalidates the timestamp. While Bob wants to be sure the message originates from Alice, Alice wants the message to be valid (as originating from her) for only a certain period of time. Conclusion: If a certain validity (48h) is given to the timestamps, this may lead to a valid solution for the situation described above. How reasonable is this? Note: Trent, can of course, be interpreted/achieved by various implementations, while maintaining the model described above ... Tiago Halm --- [This E-mail has been scanned for viruses but it is your responsibility to maintain up to date anti virus software on the device that you are currently using to read this email. ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Time Expiry Alogorithm?? Gautam R. Singh (Nov 18)
- Re: Time Expiry Alogorithm?? Michael Simpson (Nov 19)
- Re: Time Expiry Alogorithm?? Andrew Farmer (Nov 20)
- Re: [Full-Dev-Server] Time Expiry Alogorithm?? Michael Simpson (Nov 19)
- Re: Time Expiry Alogorithm?? Pavel Kankovsky (Nov 19)
- Re: Time Expiry Alogorithm?? Anders Langworthy (Nov 19)
- Re: Time Expiry Alogorithm?? Andrew Farmer (Nov 20)
- Re: Time Expiry Alogorithm?? Anders Langworthy (Nov 20)
- Re: Time Expiry Alogorithm?? Anders Langworthy (Nov 20)
- Re: Time Expiry Alogorithm?? Pavel Kankovsky (Nov 21)
- RE: Time Expiry Alogorithm?? Tiago Halm (Nov 21)
- Re: Time Expiry Alogorithm?? Andrew Farmer (Nov 21)
- Re: Time Expiry Alogorithm?? Anders Langworthy (Nov 19)
- Re: Time Expiry Alogorithm?? Georgi Guninski (Nov 22)
- Re: Time Expiry Alogorithm?? Florian Weimer (Nov 22)
- Re: Time Expiry Alogorithm?? Andrew Farmer (Nov 23)
- Re: Time Expiry Alogorithm?? Florian Weimer (Nov 23)
- Re: Time Expiry Alogorithm?? Andrew Farmer (Nov 23)
- Re: Time Expiry Alogorithm?? Florian Weimer (Nov 29)
- Re: Time Expiry Alogorithm?? Michael Simpson (Nov 19)
- Re: Time Expiry Alogorithm?? Pavel Kankovsky (Nov 23)
- Re: Time Expiry Alogorithm?? Vincent Archer (Nov 22)