home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- Path: sparky!uunet!wupost!uwm.edu!linac!att!cbnewsi!cbnewsh!cbnewsh.cb.att.com!wcs
- From: wcs@anchor.ho.att.com (Bill Stewart +1-908-949-0705)
- Subject: Re: Chosen crypto-text attack on RSA
- Organization: Here, beside the rising tide
- Date: Mon, 14 Dec 1992 00:16:59 GMT
- Message-ID: <WCS.92Dec13191659@rainier.ATT.COM>
- In-Reply-To: tedwards@eng.umd.edu's message of Sun, 13 Dec 1992 15:04:44 GMT
- References: <1992Dec4.102242.25130@extropia.wimsey.bc.ca> <YSN9FVS@minnie.zdv.uni-mainz.de>
- <1992Dec13.150444.8941@src.umd.edu>
- Sender: news@cbnewsh.cb.att.com (NetNews Administrator)
- Nntp-Posting-Host: rainier.ho.att.com
- Lines: 25
-
- In article <YSN9FVS@minnie.zdv.uni-mainz.de> pom@anke.imsd.uni-mainz.DE (Prof. Dr. Klaus Pommerening) writes:
- >[technique for stealing messages if you can get someone to
- > sign them by decrypting with their public key as an
- > acknowledgement of receipt.]
- >Never sign a document that Charles presents to you!
-
- It was an interesting attack, and demonstrated that there are stupid
- ways to use any technique, but the fundamental weakness was that
- the protocol assumed that Alice would sign a document without reading it first.
-
- This is just as stupid in the electronic world as it is in the paper world -
- Imagine if the post office used registered-mail receipts like
- Pay Charlie $1000000 from my account, signed ____________
-
- The most you would typically use for an delivery-acknowledgement protocol
- would be to sign a checksum (MD5 or whatever) or a document,
- or more likely to sign a note saying
- I received message with checksum 765765765 at time 14:37
- signed Alice
- which doesn't let your attack work.
- --
- # Pray for peace; Bill
- # Bill Stewart 908-949-0705 wcs@anchor.att.com AT&T Bell Labs 4M312 Holmdel NJ
- # Nov 12 - Anniversary of Indonesian massacre in East Timor, 1991
- # Indonesia first invaded in 1975, and about 1/3 of the people have been killed.
-
