Security Basics mailing list archives
RE: Signing before Encryption and Signing after Encryption
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 22 Mar 2006 13:23:50 -0800
Does non-repudiation require anything more than assurance that the private key (a) MUST have been used, and (b) HASN'T been compromised? Are you just alluding to the measures which support those assertions, or to some additional requirement(s) that escapes me? [If your private key isn't really private, all bets are off.] David Gillett
-----Original Message----- From: Craig Wright [mailto:cwright () bdosyd com au] Sent: Wednesday, March 22, 2006 12:56 PM To: gillettdavid () fhda edu; shyaam () gmail com; security-basics () securityfocus com Subject: RE: Signing before Encryption and Signing after Encryption True, but the argument was not one as to which is the better method. There are several secure hashing algorithms. Further there is more to verification to source than just asymmetric keys. Non-repudiation is a complex field in itself and requires a entire range of associated infrastructure. Regards Craig -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: 23 March 2006 4:32 To: Craig Wright; shyaam () gmail com; security-basics () securityfocus com Subject: RE: Signing before Encryption and Signing after Encryption The property that a hash match is supposed to verify (is this copy the same as the original) is not quite the same as the property that a signature verifies (did this document come from that source). There *are* many applications where one is an acceptable alternative to the other. However, there have been numerous news items in the last 18 months about the feasibility of engineering hash collisions with several popular algorithms; hashing must be assumed to provide weaker verification of its property than might have been previously assumed. (For now, I've recommended that folks using tools that don't yet do SHA-256 or better should use *both* MD5 and SHA-1 -- I don't think anyone has yet described an engineered collision that works with both.) Engineering hash collisions is apparently easier than compromising a properly-secured private key used in a good asymmetric algorithm. David Gillett-----Original Message----- From: Craig Wright [mailto:cwright () bdosyd com au] Sent: Tuesday, March 21, 2006 8:03 PM To: gillettdavid () fhda edu; shyaam () gmail com;security-basics () securityfocus com Subject: RE: Signing before Encryption and Signing after EncryptionHello, Just to be difficult....David stated "Signing requires a private key". This iscorrect throughfeasibility, but it is not technically correct as there aresignatureschemes that only require symmetric keys. Signing withsymmetric keysis a lot more complex and thus more prone to error and hasa range ofkey management issues. This does not mean that it is not possible.In fact there are scheme to sign a message using only Hashingalgorithms. The simplest of these is to hash the document and keep alist of document hashes (similar to software). A user couldcheck thelist to see if the message was valid or if tampering had occurred. Athird party could keep the hash tables to ensure that thelists whereaccurate.So signing does not require a private key - it just makes it easier. Next it also depends on non-repudiation/repudiation issues.It is easy to sign a document and have a verification that it isunaltered but with no proof that the original signer could not comeback and accuse the receiver of forging the document.An example symmetric scheme could be:Alice encrypts a message using a symmetric key known to Bob(and Aliceonly) Alice hashes the encrypted messageAlice encrypts the (encrypted) message and hash using asymmetric keyknown to Jim but unknown to Bob Bob receives the hashed andencryptedmessage.If Bob alters the message - the hash will not work. Alicecan not lieas Jim has a copy. Key management is a bugger, but still possible (though unlikely)ANSI X9.17 Notarised Symmetric Keys may be used to sign.Regards Craig S WrightPS There are also hybrid ciphers for signing which are based on acombination of all the above - but this for another post-----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu]Sent: 22 March 2006 6:21 To: shyaam () gmail com; security-basics () securityfocus com Subject: RE: Signing before Encryption and Signing after EncryptionSigning requires a private key -- therefore, it *must* beAsymmetric. Asymmetric is typically much slower than Symmetric, so youget thingslike SSL that use Asymmetric to protect the exchange of theSymmetrickey used for actual payload encryption.Signing after encryption allows the signature to be verifiedbefore/without decrypting the payload. There are a variety ofcircumstances in which that could be useful, which areblocked if thesigning is done first. I can't think of any where the opposite istrue.David Gillett, CISSPLiability limited by a scheme approved under Professional StandardsLegislation in respect of matters arising within those States andTerritories of Australia where such legislation exists.DISCLAIMER The information contained in this email and any attachments isconfidential. If you are not the intended recipient, youmust not useor disclose the information. If you have received thisemail in error,please inform us promptly by reply email or by telephoning+61 2 92865555. Please delete the email and destroy any printed copy.Any views expressed in this message are those of the individualsender. You may not rely on this message as advice unlessit has beenelectronically signed by a Partner of BDO or it is subsequentlyconfirmed by letter or fax signed by a Partner of BDO.BDO accepts no liability for any damage caused by this email or itsattachments due to viruses, interference, interception,corruption orunauthorised access.-------------------------------------------------------------- ---------- --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------- ---------- --- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Signing before Encryption and Signing after Encryption, (continued)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 24)
- RE: MS Windows Hidden Shares Jeffrey Smith (Mar 27)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 22)
- RE: Signing before Encryption and Signing after Encryption John Lightfoot (Mar 24)
- Re: Signing before Encryption and Signing after Encryption Greg Rubin (Mar 24)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
- RE: Signing before Encryption and Signing after Encryption David Gillett (Mar 24)
- Re: Signing before Encryption and Signing after Encryption Gregory Rubin (Mar 27)
