aceranker

encryption with public key

7 posts in this topic

Would it be possible to encrypt a message.txt file using only the receiver's public key?if so, what are the consequences?

0

Share this post


Link to post
Share on other sites

If I remember correctly Alice can encrypt a message with Bob's public key. Only Bob's private key can decrypt Alice's message (to Bob).

 

I believe that's how SSL works. The browser uses a public to encrypt a session key. The session key is sent to the server and used to encrypt data in the session.

Edited by tekio
0

Share this post


Link to post
Share on other sites

Would it be possible to encrypt a message.txt file using only the receiver's public key?if so, what are the consequences?

public key encryption is v. v. slow

probably no more than a MB/s or so at best

probably more like a few hundred kB/s

and provides no more security (in fact, a lot less, since I think they are limited to encrypting no more than the key length messages safely) than something like Rabbit/Twofish + AES, which can do 10's of MB/s

As I discuss on my programming thread - you should probably also treat public keys with a level of secrecy, since there is a good chance now anyone with enough cash to invest in a large number of FPGA's and a decent GNFS can factor back to private keys.

Shared Secret is the best way to go (e.g. username/password), this can be long lived if you only use it to encrypt session public keys.

And lets face it, by and large, if a user account is compromised, the encryption used to keep it's messages safe on the wire is the least of your worries.

Edited by mSparks
-1

Share this post


Link to post
Share on other sites

I don't know a lot about encryption. I always thought public / private key (asymmetric)  encryption was just used in instances where it was impossible or not practical to coordinate a pre-shared key? 

 

Like exchanging SSL session keys.  Or sending a "message.txt" where the receiver is known, but might not be expecting it or chances are great coordinating the pre-shared key could be a liability. A good case (but poor example, based on what msparks pointed out) might be Snowden sending texts to a reporter? Where he was using a secure operating system, but anything on the Interwebz might be unknown.

 

 

EDIT: or to digitally sign something.

Edited by tekio
0

Share this post


Link to post
Share on other sites

A "pre shared key" isn't quite enough.

(that programming thread: http://www.binrev.com/forums/index.php/topic/47200-ltbtbm-platform-encryption/ )

symmetric encryption is

f(M,K)=C

f(C,K)=M

therefore if you have several ciphertext's with the same key, you can rearrange the function to derive the key (think of it as just solving a load of simultanious equations)

The simplest of these are the stream ciphers, where C1 ^ C2 = K....

The work around is to share a "number used once", also called an Initialisation Vector (IV) to jigger around with the key, so no two keys are the same when two messages are encrypted.

0

Share this post


Link to post
Share on other sites

Kind of like WEP -vs- WPA / WPA2? The same "shared secret" is used to produce a different key for each client. Perhaps I used the incorrect terminology? I thought "pre-shared key" and "shared secret" were used interchangeably? My bad.

 

 

Key = PBKDF2(passphrase, ssid, 4096, 256)

 

 

Maybe I'm out in left field. 

0

Share this post


Link to post
Share on other sites

Kind of like WEP -vs- WPA / WPA2? The same "shared secret" is used to produce a different key for each client. Perhaps I used the incorrect terminology? I thought "pre-shared key" and "shared secret" were used interchangeably? My bad.

Key = PBKDF2(passphrase, ssid, 4096, 256)

Maybe I'm out in left field.
yeah. they are interchangable.

the problem with wep is it has a very short iv. so with enough packets you will eventually get two with the same iv. allowing you to break it.

pbkdf

http://en.m.wikipedia.org/wiki/PBKDF2

is passphrase based key derivation function

takes your key (passphrase) and salt (iv or nonce) and generates a new key.

Edited by mSparks
-1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now