[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hack Lotus?
-----BEGIN PGP SIGNED MESSAGE-----
Hello "Peter Trei" <[email protected]>
and <[email protected]>, [email protected], [email protected]
P.T. writes:
> > "Peter Trei" writes:
...
> > > If they're nasty, they'll check on the receiving side as well, to
...
> > Nearly impossible. Why? Because they can only include the public key,
...
> 1 Alice generates session key K
> 2 encrypts with Bob's public key, producing Epb(K)
> 3 extracts 24 bits of K to make K'
> 4 encrypts with Eve's (spy) public key, producing Epe(K')
...
Eeek! that gives 2^24 possible plaintext/ciphertext pairs. Trivial to brute.
3 should be:
extracts 24 bits of K and concatenates it with H(K) to make K'
where H is a strong one-way hash.
Hope that makes sense...
Jiri
- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMQDZqCxV6mvvBgf5AQFrMgP/fE6wLHoJYZP6bI5Q29nuqvJNk5pR2WW9
L5URPg2Mc2HsGtjlyZYLEEpnCUAbWWgJ0cM/vHz/1VSApCLkeekZ73IhmEngijGc
HoHbl2krgVcKv3D6Rhlhoq4t5JgPbhU3hVpb2MiozxFmOBkZgzUYFC82Sk2leE5O
/P8lgTahzNE=
=mgkS
-----END PGP SIGNATURE-----