Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Simple Effective Secure Email

From: Illya Knight <powderedcesium () gmail com>
Date: Sun, 12 Sep 2004 18:12:04 +1100
Not entirely correct here.
When you send a PGP encrypted file the process is as follows.
1. Sender encrypts with recipients public _key_.
2. Message is sent (usually signed by the senders key)
3. Recipient decrypts the message using their _private_ key and their
_private password_


This isn't what really happens either. Here is a more accurate version:

1. Sender compresses plaintext
2. Sender generates a random ``session key''
3. Plaintext is encrypted using a conventional encryption algorithm
and the session key
4. Session key is encrypted with public key and added to the message

This is done so that one can retain the security of a public-key
cryptosystem like RSA, but decrypt as quickly as with a conventional
cryptosystem.

I know you probably understand this already, but many people reading
this list probably won't.

Thanks.

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: