Full Disclosure mailing list archives
Re: Introducing TGP...
From: "Thor (Hammer of God)" <Thor () hammerofgod com>
Date: Tue, 15 Jun 2010 15:26:41 +0000
The SHA256 hashing of the private key may not result in authenticity assurances on the key (if I'm reading it correctly). I believe that's an Athenticate-then-Encrypt scheme, and the details of the interactions in AtE can be tricky.I had an opportunity to sleep on this, so here's my two cents. If I read the docs correctly, this construction is: ENC( HASH(m) || m )
No, that's not what I'm doing. As I said in my message yesterday, I'm simply using the hash of the encrypted private key and the hash of the public key to see if the keys were tampered with while at rest. When loading the private key fob, a passphrase is required. Before I prompt for the passphrase, I rehash the encrypted private key as stored, and compare that to the stored hash of the same. If they are different, I flag an error. I'll dive into your references though and see if any of it applies. Thanks. t _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Introducing TGP..., (continued)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 16)
- Re: Introducing TGP... Pavel Kankovsky (Jun 17)
- Re: Introducing TGP... lsi (Jun 17)
- Re: Introducing TGP... Thor (Hammer Of God) (Jun 17)
- Re: Introducing TGP... lsi (Jun 17)
- Re: Introducing TGP... lsi (Jun 14)
- Re: Introducing TGP... Christian Sciberras (Jun 14)
- Re: Introducing TGP... Thor (Hammer Of God) (Jun 14)
- Re: Introducing TGP... Jeffrey Walton (Jun 15)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 15)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 14)
- Re: Introducing TGP... Michael Neal Vasquez (Jun 14)
- Re: Introducing TGP... Thor (Hammer of God) (Jun 14)
- Re: Introducing TGP... rembrandt (Jun 15)