Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encryption - Kerberos

From: Radmilo Racic <rracic () gmail com>
Date: Mon, 26 Oct 2009 09:46:29 -0700
Encryption only provides a confidentiality so even a human would not
know if the text has been properly decrypted without an integrity
check. In other words, a human or a service can check a
hash/MAC/digital signature to ensure that the integrity of the text.

Kerberos does indeed offer integrity service (optionally) through a
one-way hash that is sent along the plaintext.

Hopefully this answers your question.

Cheers,
-- Radmilo

On Mon, Oct 26, 2009 at 9:46 AM, Radmilo Racic <rracic () gmail com> wrote:


Encryption only provides a confidentiality so even a human would not know if the text has been properly decrypted 
without an integrity check. In other words, a human or a service can check a hash/MAC/digital signature to ensure 
that the integrity of the text.
Kerberos does indeed offer integrity service (optionally) through a one-way hash that is sent along the plaintext.
Hopefully this answers your question.
Cheers,
-- Radmilo
On Sat, Oct 24, 2009 at 2:23 AM, M.D.Mufambisi <mufambisi () gmail com> wrote:


Hi people.

I have a question on encryption. When say a sentence such as "my name
is bruno" is encrypted, to say ciphertext "sakjkg6*672khkhkjhs
jhkhaskh" and sent to my friend stan....who then decrypts it....back
to "my name is bruno". Stan will be able to tell that he has
succesfully decrypted the ciphertext because he is human and the
resultant decrypted text makes sense to him right?
Now in the instance of kerberos, where there are no humans but
computers or services.....how does a service know that it has
succesfully decrypted ciphertext? I have seen that PGP can tell that a
text is succesfully decrypted. How does it do this? I hope my question
is clear.

Regards

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: