RSA question: Can public encryption/shared key (E+N) be used as identification ?
in [Cryptography]
|
Prev: VBScript implementation of AES encryption
Next: RSA question: Can public encryption/shared key (E+N) be usedas identification ?
From: Skybuck Flying on 6 May 2010 07:49 Hello, I have a question about the RSA public key encryption algorithm which is the following: I am wondering if it's possible to use the RSA public encryption/shared key as a means of identification ? So suppose two people are using the same name for example: iJustine iJustine One of them is the real iJustine... the other one is the fake iJustine. How easy/hard would it be for the faker to try and fake a public key ? Example: Real iJustine's private decryption key (D): "72939831478294294739164515853570942883997805827756672958318945914651882044984974267976913068042297636392546490845126913" Real iJustine's public encryption key (E): "65537" Real iJustine's shared key (N): "434174181252767774234389180350848398715772637753360526609873060556853225612779513183792437032901271239849283324448766573" Now the faker does not know the private key... but the faker does know the public key (E) and shared key (N). Let's suppose for a moment that a "safe/secured protocol" is being used which uses "signatures" to make sure that messages are valid... and that the keys are working/valid... The mission for the faker is to find a private key (D) which will work with the public (E) and shared key (N) in such a way that the public/shared key is the same but the private key is different/working. The mission for the faker is to not decrypt the message-stream ment for iJustine but instead to fake himself pretending to be iJustine... by simply using the same public/shared key. So that the faker can give away the public/shared key and claim to be the real iJustine. The problem for the real iJustine is: iJustine says on her website: "I am the real one ! this is my public key: .... etc ...." the faker, fakes her and says the same thing: I am also the real iJustine: "I am the real one ! this is my public key: .... etc ...." Do you see the problem ? For the "public" it's impossible to tell which the real iJustine is just based on screen information, since both public keys are the same ?!? The question is: How hard is it to fake public keys ? And if it's easy... are there any solutions ? Bye, Skybuck.
From: Tom St Denis on 6 May 2010 08:14 On May 6, 7:49 am, "Skybuck Flying" <IntoTheFut...(a)hotmail.com> wrote: > The mission for the faker is to find a private key (D) which will work with > the public (E) and shared key (N) in such a way that the public/shared key > is the same but the private key is different/working. Any D that works for a fixed E will be congruent to the real D. more so, being able to find such values [even for non-fixed E] leads to the factorization of N and thus you have broken the cryptosystem. How do you prevent that? Pray that factoring gets no better than the GNFS. Generally you discern real public keys from fakes if they are signed. Your certificate [if RSA based] will have your E and N. If I sign it I'm also signing the E/N pairs. So if someone comes to me with E' and N I can tell it that way. If someone finds a D' for your E then they can factor N and you're hosed anyways (e.g. no way to tell impostors). Tom
From: Datesfat Chicks on 6 May 2010 11:47
"Skybuck Flying" <IntoTheFuture(a)hotmail.com> wrote in message news:8d637$4be2acba$54191e22$22663(a)cache2.tilbu1.nb.home.nl... > Hello, > > I have a question about the RSA public key encryption algorithm which is > the following: > > I am wondering if it's possible to use the RSA public encryption/shared > key as a means of identification ? Most of what you wrote (and I've snipped it out) indicates that you are just becoming familiar with this technology and are kind of "thinking aloud". No harm in that. Most people on this newsgroup are probably still living in their parents' basements and attending Star Trek conventions ... not like we have anything better to do. That being said ... The convention with public key cryptography is that only the real Justine has Justine's private key. If you want to verify that something is coming from the real Justine, have her sign it using her private key. You can then verify using the public key that the right private key has been used. It doesn't make sense to ask the question if one can easily find a compatible but perhaps different private key given a public key. NO! THAT WOULD DESTROY THE VALIDITY OF THE WHOLE CRYPTOSYSTEM! NO! NO! NO! NO! CAN'T BE DONE. NOPE! NO WAY! THAT IS DESIGNED TO BE UNDOABLE! NO! NOPE! COVERED! COMPUTATIONALLY VERY HARD, AND DESIGNED TO BE THAT WAY! However, a related question that I think you kind of hinted at is whether someone could push a fake public key out there. That is one inelegant feature of public-key cryptography--you have to be sure that the public keys belong to the claimed parties. The same for browser certificates and so on. This requires an infrastructure that goes beyond the cryptography itself. You may find these links interesting: http://en.wikipedia.org/wiki/Web_of_trust http://en.wikipedia.org/wiki/Public_key_infrastructure Datesfat |