• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Public Key Encryption

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page 1, 2  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
huh
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0


Offline

PostPosted: Tue Apr 12, 2005 12:02 pm    Post subject: Public Key Encryption Reply with quote

Hello,

sorry but I do not know much about cryptograhy but have recetly discovered the wonders of PGP and have the following two questions. Please answer in laymans term.

1.If I have a PGP message and encypt it using key 1, then key 2, then key 3 and so on, ie encyption layering to make it more strong in order that it can not be cracked so I belive. Thus my question is layering encryption, like the above case, does it actually make the message more secure or not?

2.Is is safe to send my public key over the internet to those I intend to communicate with, because I have head that its not safe. What alternatives do I have then?

Thank for your patience with my lame questions.
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Tue Apr 12, 2005 2:32 pm    Post subject: Reply with quote

Hi huh. Very Happy

Quote:

1.If I have a PGP message and encypt it using key 1, then key 2, then key 3 and so on, ie encyption layering to make it more strong in order that it can not be cracked so I belive. Thus my question is layering encryption, like the above case, does it actually make the message more secure or not?


No I asked this question here some time ago and the general consensus is that it does not work. Just read posts by JT, mxb and Datah. In fact Datah explained how it could actually decrypt your message if you use the Ceaser cipher !!Shocked

Quote:

2.Is is safe to send my public key over the internet to those I intend to communicate with, because I have head that its not safe. What alternatives do I have then?


Yes it is safe. It’s your private key you need to keep to yourself. Who told you that you couldn’t send your public key and why ? Rolling Eyes

Bungle
Back to top
View user's profile Send private message
huh
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0


Offline

PostPosted: Tue Apr 12, 2005 7:36 pm    Post subject: Reply with quote

hi mate, could you kindly posts the links to these threads, i did search but failed to get anything. thanks. This is with PGP use so no ceaser ciphers
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Tue Apr 12, 2005 7:56 pm    Post subject: Reply with quote

hi,

If you send the public key via the internet it is susceptable to the Man in the Middle Attack. I think thats what he was refering to,Bungle.

A usual way to get around the problem is to take the help of a trusted certifying authoirty.

Pleas see this and this,as well as this.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
huh
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0


Offline

PostPosted: Tue Apr 12, 2005 9:03 pm    Post subject: Reply with quote

whats the man in the middle attack? please explain in greater detail, and i cant use a ca, because I send my mail through regular e-mail services, encrypted. what can i do in this case?
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Tue Apr 12, 2005 9:42 pm    Post subject: Reply with quote

Hi Datah Very Happy

Quote:

If you send the public key via the internet it is susceptable to the Man in the Middle Attack. I think thats what he was refering to,Bungle


Yes, thank you Datah an embarrassing oversight on my part…oops.Embarassed



Hi huh,

A man in the middle attack is when Alice sends Bob her public key but the key is intercepted by “a man in the middle”. The man in the middle then forwards a different key onto Bob that purports to be from Alice. This enables the man in the middle to decrypt Bobs messages to Alice. The man in the middle then re-encrypts the original message from Bob to Alice’s key. Neither Bob or Alice would be any wiser.

Unless you are Ultra Paranoid then this is unlikely to be a problem for you. If possible whenever you meet your friends swap public keys with each other via floppy etc.

If any of this is wrong I am sure Datah will put me straight ! Laughing

Bungle.
Back to top
View user's profile Send private message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlândia, MG, Brazil

Offline

PostPosted: Tue Apr 12, 2005 9:51 pm    Post subject: Man-in-the-middle. Reply with quote

A man-in-the-middle attack is exactly how it sounds - an adversary sits in the middle of a seemingly confidential conversation between Alice and Bob. Hence, the protocol can be manipulated by this adversary, which is due to the lack of authenticity of the key that Alice and Bob intend to agree on, as well as the source.

The adversary can masquerade as both Alice and Bob, establish key agreement between both of them, and use these keys to divulge, then relay, the information between Alice and Bob. To thwart this attack, appropriate authentication or certification services will need to be instantiated.
Back to top
View user's profile Send private message Visit poster's website
huh
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0


Offline

PostPosted: Wed Apr 13, 2005 11:58 am    Post subject: Reply with quote

OK, first of all I would like to show my appreciation with you'r patience and help, THANK YOU. I would like to learn, but on a practical basis which is applicable to my situation. Thus I would like to relate all this to a practical public key cryptographic software (& the ONLY one I know of, are there any other Public C. software other than this), which is PGP. Which is indeed a pretty good program.

I understand the "Man in the Middle Attack", however I have the following to say:

1.If Bob sends his PubK to Alice via normal, email message (body of the message, not attachments which I believe is more likely to be intercepted by Charles) but encrypts it using Alice's key, then the MMA can't take place, because Charles can not decrypt Alice's private key.

2.When Bob encrypts his PubK using Alices Pubk, and if he signs it with his PivK, than is this authentication not good enough?. However I suppose we are discussing about the first initiation of communication, before any keys have been exchanged. Does signing not counter-attack Charles, or can Charles somehow also forge the signature?

3.Its not paranoia, its Security. I suppose the safest way is for physical exchange of keys, but Public Key Cryptography was suppose to bypass this flaw, since the Diffe-Helman protocol was coined up for geographical transmission, with out the need for two entities to meet up, wrong?

What if Alice used an one-time email address to send Bob the key, and Charles was not aware of this email address, then surely this would stop the MMA from taking place in the first place.

CA can only be used by companies, and I don't trust CA's, actually never used them.

I would also like to make some comment about encryption layering so please kindly stay with this thread, you are making a number of things clear for me. Thanks once again Very Happy
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Wed Apr 13, 2005 12:37 pm    Post subject: Reply with quote

Quote:

I understand the "Man in the Middle Attack", however I have the following to say:

1.If Bob sends his PubK to Alice via normal, email message (body of the message, not attachments which I believe is more likely to be intercepted by Charles) but encrypts it using Alice's key, then the MMA can't take place, because Charles can not decrypt Alice's private key.


True but how does Alice get her key to Bob in the first place ?

Quote:

2.When Bob encrypts his PubK using Alices Pubk, and if he signs it with his PivK, than is this authentication not good enough?. However I suppose we are discussing about the first initiation of communication, before any keys have been exchanged. Does signing not counter-attack Charles, or can Charles somehow also forge the signature?


You are talking about two different scenarios here. Firstly you are saying that Bob has Alice’s key and then you are saying he doesn’t. If Bob had Alice’s key from a trusted source then he could send Alice his public key encrypted and signed. Alice would need to be sure that she had a genuine public key from Bob before she could trust the signature.

Quote:

3.Its not paranoia, its Security. I suppose the safest way is for physical exchange of keys, but Public Key Cryptography was suppose to bypass this flaw, since the Diffe-Helman protocol was coined up for geographical transmission, with out the need for two entities to meet up, wrong?


What’s wrong with paranoia ? There has to be an element of trust somewhere. Alice and Bob never have to meet but Alice and John could meet and Bob and John could meet. So John could encrypt and sign Alice and Bobs keys and pass them on respectively.

Alice and Bob could also send each other their keys unencrypted and then speak on the phone. They could then read out the hash of their keys to each other to check for authentication.

Quote:

What if Alice used an one-time email address to send Bob the key, and Charles was not aware of this email address, then surely this would stop the MMA from taking place in the first place


Alice would still have to use her ISP. They can watch where she goes. It all depends on who Charles is. If he's Alice’s ex boyfriend then she doesn’t need to worry, but if he is CIA then she’s in trouble anyway !

Quote:

I would also like to make some comment about encryption layering so please kindly stay with this thread, you are making a number of things clear for me.
Thanks once again


Yes I know what you are thinking about layering. I too thought this way not long ago. Did you read the threads by Datah and JT ? it’s heavy going I know but I am starting to get it now. Just think of it as the attacker doesn’t have to go through all the encryption sequentially as you encrypted it. He just has to attack whats there either by plain text attack or weakness in application. Oh yeah, just to keep the paranoia up there are also keyloggers !!!

Bungle.
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Wed Apr 13, 2005 1:22 pm    Post subject: Reply with quote

hi,

huh wrote:
whats the man in the middle attack? please explain in greater detail, and i cant use a ca, because I send my mail through regular e-mail services, encrypted. what can i do in this case?

Bungle and Justin has shown you how it works.

For more details on the man in the middle attack, please see
this.

If you cannot use the CA or exchange the public key by any of the above mentioned ways, then there is no perfect to protocol to acheive your goal in classical cryptography. However, we can make it hard for the attacker(Man in the middle).

Put up your public key on your internet home page or website. Using SHA-256 compute the hash of the public key. Attach the hash as well as a pointer(url) to the public key on the home page in your e-mail signature.

-If the website is compramised and the public key changed, the hash with the recepient will not match with the hash he computes for the public key from your webpage. The recepient detects the attack.

-If the attacker manages to fake the sender's e-mail header and send a different hash to the recepient, it wont match with the hash of the public key on the website. The recepient detects the attack.

-If the attacker manages to compramise both the website as well as send fake mail to the recepient, with the newly computed hash of the public key he had put on the compramised website, the attack works. The recepient will be fooled in beleiving that the public key is truly yours.

-If the attacker sends fake mail to the recepient with a fake hash and a pointer to a fake home page or by DNS poisoning, the attack works.

If you feel that your secrets are not so important as for an adversary taking the trouble to do this, then you can use the above scheme although its not secure.

If you want a secure scheme, meet the receipient in person and hand over the key or trust a CA. Otherwise you can use quantum cryptography(if affordable). It is not suscecptable to the man in the middle attack.

Quote:
3.Its not paranoia, its Security. I suppose the safest way is for physical exchange of keys, but Public Key Cryptography was suppose to bypass this flaw, since the Diffe-Helman protocol was coined up for geographical transmission, with out the need for two entities to meet up, wrong?


Diffie-Hellman is also susceptable to the man in the middle attack, if there is no previously shared secret. Public key cryptography does not solve the problem of the man in the middle attack. Theorotically, in classical cryptography, the secret is always vulnerable to the man in the middle attack, unless there is a previously shared secret.




Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
huh
Just Arrived
Just Arrived


Joined: 07 Apr 2005
Posts: 0


Offline

PostPosted: Wed Apr 13, 2005 2:55 pm    Post subject: Reply with quote

[quote="Bungle"]
Quote:
....huh's comment


True but how does Alice get her key to Bob in the first place ?
OK they physically met and exchanged keys.

Quote:
What’s wrong with paranoia ? ...Alice and Bob could also send each other their keys unencrypted and then speak on the phone. They could then read out the hash of their keys to each other to check for authentication.


ehh sorry how do they read out the hash, don't worry i'l find it in the manual.

Quote:

huh's comment

Quote:

Alice would still have to use her ISP. They can watch where she goes. It all depends on who Charles is. If he's Alice’s ex boyfriend then she doesn’t need to worry, but if he is CIA then she’s in trouble anyway !

Now that's serious stuff = paranoia!

Quote:

Yes I know what you are thinking about layering. I too thought this way not long ago. Did you read the threads by Datah and JT ? it’s heavy going I know but I am starting to get it now. Just think of it as the attacker doesn’t have to go through all the encryption sequentially as you encrypted it. He just has to attack whats there either by plain text attack or weakness in application. Oh yeah, just to keep the paranoia up there are also keyloggers !!!
Bungle.


Yeah the threads are hard for a non-cryptographer like myself, i only use 'drag n drop' encryption. I dont understand it fully, it defies my logic. I mean it should be just like wearing layers of clothing to protect your self from the cold, but its not as simple as that. Can you explain this in more details, in layman's term please.

What are the different attacks that charles carries out in real-life situation (rather than cryptography theory), if you can pont me in the right direction kindly.

As regards to keyloggers, then charles has to be physically present to implant the key logger if physical or implant it via the internet to my computer but if one is in the jungles and don't connect one's computer to the internet, i think you should be safe ?

i'l get back to data's points, his on the next level, way over what i can grasp for the moment.

thanks.
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Wed Apr 13, 2005 4:53 pm    Post subject: Reply with quote

Quote:

ehh sorry how do they read out the hash, don't worry i'l find it in the manual.


You can use a third party hash tool or use the key ID or key fingerprint in PGP.

Using a third party hash tool.
Export your public key to your desktop. Then download a hashing program such as Hashcalc or Hyperhasher. Install the program and then right click your public key asc file. Hash it then copy the result. Then email your friend your public key then either display the hash result on a website or phone your friend. As far as I am aware I think SHA512 is the most secure but you better ask someone else.

PGP key ID or fingerprint.
Send your friend your public key then phone them. You can then read the key ID or use the word list found in PGP keys / properties. I think the words are specifically chosen for their ease of use during transmission. Phonetically that is.

Quote:

Yeah the threads are hard for a non-cryptographer like myself, i only use 'drag n drop' encryption. I dont understand it fully, it defies my logic. I mean it should be just like wearing layers of clothing to protect your self from the cold, but its not as simple as that. Can you explain this in more details, in layman's term please.


OK although it may help you to look here first as Datah explains it very well.

http://www.security-forums.com/forum/viewtopic.php?t=26183


If you still have questions I hope to be finishing a small ( very simple ) tutorial soon here.
http://www.security-forums.com/forum/viewtopic.php?t=26250

Quote:

What are the different attacks that charles carries out in real-life situation (rather than cryptography theory), if you can pont me in the right direction kindly.


I think a lot of this is answered in the above links but a few general ways are,

Keyloggers hardware / software
Tempest attacks ( thanks mxb )
Man in the middle
Phone tapping
Social engineering
Torture on either party. Don’t forget the security of your message depends on the person you encrypt it to.
Data recovery from your hard drive. This includes data you thought you had deleted.
Theft of your keys / computer etc
Carelessness
The use of weak passwords. Ideally these should be as long as the application will allow. Made up from numbers, letters, upper case, lowercase, symbols and spaces. It’s a nightmare to remember but it is the only safe way. You could use a password safe or you could simply make a pattern up on your keyboard. Make sure whatever password you choose has absolutely no link to you. ie no girlfriends names, pets names, football teams, common phrases etc.


Quote:

As regards to keyloggers, then charles has to be physically present to implant the key logger if physical or implant it via the internet to my computer but if one is in the jungles and don't connect one's computer to the internet, i think you should be safe ?


Well almost, what you need to ask yourself is who loaded the operating system ? Are you certain that only you have been on your computer ? I wouldn’t think a windows log in password would be sufficient to stop an expert.

Quote:

i'l get back to data's points, his on the next level, way over what i can grasp for the moment.


Next level !! I think there are a few more than that !!


If you find PGP a bit difficult have you ever considered using Axcrypt ? It appears to be very secure and it is extremely easy to use. Best of all it’s free !!
http://sourceforge.net/projects/axcrypt


Bungle.
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Wed Apr 13, 2005 8:41 pm    Post subject: Reply with quote

hi huh,

huh wrote:

As regards to keyloggers, then charles has to be physically present to implant the key logger if physical or implant it via the internet to my computer but if one is in the jungles and don't connect one's computer to the internet, i think you should be safe ?


Yes, that should be safe but you should be able to protect yourself from TEMPEST and break in's, as well as trustworthy OS. Pretty much what Mr.Bungle said.

Cheers,
Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlândia, MG, Brazil

Offline

PostPosted: Thu Apr 14, 2005 12:42 pm    Post subject: Thoughts. Reply with quote

Bungle wrote:

As far as I am aware I think SHA512 is the most secure but you better ask someone else.


Although there isn't a present, imminent, reason to disagree with this to any great extent, the media has largely failed to address the core of the issue. Contrary to what one might presume, given the media's portrayal of the recent months' worth of hash function cryptanalysis, it's not really a matter of use hash functions with larger output lengths; it is, however, really a matter of designing new hash functions that incorporate different strategies. I've written more thoughts in a short memo, here.

Why is this important? The conventional hash functions we've witnessed cryptanalysis of, recently, are all composed of similar strategies; they are based on the design principles of the Unbalanced Feistel Network structure of MD4. Quite a bit of interesting analysis surfaced, for several of these functions, within a short span of only months. Output length may buy us time, but perhaps we should have a variety of strategic routes to take, if science proves the current route incapable of further providing us with the conservative, yet efficient, cryptographic security we need.

huh wrote:

I mean it should be just like wearing layers of clothing to protect your self from the cold, but its not as simple as that.


It does seem as if it should be that simple, indeed! However, mathematics can be rather tricky, at times, in extremely subtle ways. This is why layering requires a meticulous effort to make sure these subtleties are avoided. These subtleties may include things, such as, if keys are related in some way, or perhaps even the primitives themselves.

Realistically, when done correctly, most of the issues surrounding both multiple and cascaded constructions, can likely be addressed and avoided, successfully. On the other hand, this introduces much more complexity, that isn't practically necessary, and if for some reason the architect behind the system isn't cryptographically competent enough, he or she may end up making things insecure.

I suppose, to simplify things a bit, the reason it's "not that simple" is due to the fact that the mathematics of cryptographic primitives can, as aforementioned, behave in rather subtle ways. When we try to do unusual things with primitives, such as using them in constructions that they weren't originally designed for, or in ways that there security models weren't meant to satisfy, specifically, then unusual things can happen.

At that point, we're left with the complexity of dealing with assumptions that essentially require cryptanalysis of their own, respectively. In practical cryptography, we need things to be simple and efficient; it's absolutely vital that we're relying on as few assumptions as possible. While layering, whether it be in multiple or cascaded schemes, has potential benefit, we can do without it, in practice, given the current state of what we know about the security of conventional cryptography.

There's a difference between being conservative and introducing unnecessary complexity, out of sheer paranoia. Allow me to distinguish between good paranoia and bad paranoia. First, bad paranoia, which usually invites the mentality of throwing every inch of cryptographic research into one layered juggernaut of mayhem, is the type that the uninformed summon; they render complexity that their sparse knowledge of cryptography cannot address securely, thus rendering horribly insecure systems.

Good paranoia is a natural part of cryptography. Academic cryptographers are, essentially, mathematical paranoids. After all, we're assuming information is at risk. The usefulness of this paranoia is that it's applicable to cryptographic design. We assume the worst-case scenario is realistic; we assume it occurs frequently. This makes establishing a thread model much more trivial, than if we attempt to specify one threat at a time, making assumptions as to which threats are significant and which threats are insignificant. Using paranoia as a basis for this model is the type of rigorous tactic that a good primitive should remain secure through.

Note, however, for real-world applications of good cryptography, this doesn't mean cobbling together every last measure known to man. Consider a scenario where one does this, though. The more components, the more complexity. The more complex the system, the more complex the implementation faults have the potential to be. In turn, this implies a system where analysis is also complex. In a model based on paranoia, this would contradict what is desired, as complexity gives the adversary more potential for exploitation, that the victim may fail to notice.

So, you see, being paranoid, in the cryptographic sense, isn't about piling on as much cryptography as possible, but making sure that your cryptography is simple enough to analyze, such that it withstands your threat model, in practice! We can do this conservatively, and rather efficiently, which is why I advocate it. Be sure to exercise the right kind of paranoia, as well! Remember, good cryptography is the result of one approach - realizing security by first recognizing insecurity. In other words, understanding how to attack bad cryptography is vital in understanding how to define good cryptography to defend against such attacks.

Simplicity is the pillar of the thorough analysis that is required to make this possible. So, be conservative, but not complex, if it can be helped! After all, if you're paranoid, you want as much assurance as possible, right? Keep that in mind.
Back to top
View user's profile Send private message Visit poster's website
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Thu Apr 14, 2005 2:01 pm    Post subject: Reply with quote

Hi JT Very Happy

Thank you for the link to the PDF. It was very interesting.

Now I am really going to push my luck here and dare I say it ….. I have a small problem with one part of it !! Shocked


Quote:

Perhaps this need for strategic variety requires an initiative. Maybe a design-bycontest; it worked exceptionally well for the AES selection process.


I personally believe they came to the wrong conclusion during this selection process, certainly as far as security goes at least. I believe most people, even yourself would have chosen “Serpent” over Rijndael AES.

Right that’s it I’ve don’t it Sad . I’ve stuck my neck out and criticised JT Shocked !! Oh my God I daren’t log back in Sad !!

Please be gentle with me when you prove me wrong Sad !

Bungle.
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Thu Apr 14, 2005 2:50 pm    Post subject: Reply with quote

hi Bungle,

Serpent is way slower than Rijndael. This gives a good comparison.

More over this encryption is meant to be used in U.S Federal and government offices perhaps including the databases of the IRS or the census database or some thing very large of that kind. It would be way too slow if they used Serpent. There had to be some tradeoff betrween security and efficiency.

I would also like to quote from Justin's earlier post.

JustinT wrote:
Sure thing. Serpent is quite a conservatively robust choice; much tighter than the other finalists. One cool trait is that it, along with Rijndael, are rather effective when defending against timing attacks, while RC6 is at the low end of that category. With it's juggernaut appeal does come potential software penalties, however, which place it [Serpent] at the bottom of the rung in several software categories. It's much like DES was - nearly as fast and better in hardware. But, for me, the decreased performance is well worth the wider margin of security


Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Goto page 1, 2  Next
Page 1 of 2


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register