home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: sci.crypt
- Path: sparky!uunet!elroy.jpl.nasa.gov!ames!ncar!csn!news.den.mmc.com!thor!jhull
- From: jhull@thor.NoSubdomain.NoDomain ( Joseph F. Hull)
- Subject: Re: PEM question
- Message-ID: <1992Oct7.230232.17530@den.mmc.com>
- Keywords: RSA PEM
- Sender: jhull@thor ( Joseph F. Hull)
- Nntp-Posting-Host: thor.den.mmc.com
- Organization: Martin Marietta Astronautics, Denver
- References: <BvL79M.8on@gpu.utcs.utoronto.ca>
- Date: Wed, 7 Oct 1992 23:02:32 GMT
- Lines: 28
-
- Bob,
- Your choice of words in this article runs a serious chance of confusing
- the issue.
-
- In article <BvL79M.8on@gpu.utcs.utoronto.ca>,
- mirage1@gpu.utcs.utoronto.ca (Robert Ames) writes:
- |> A number of people have replied to my question about the PEM protocol,
- |> pointing out that even if the private key involved in one message
- ^^^^^^^^^^^
- |> exchange were to be discovered, this would only have the effect of a
- |> "known plaintext attack" on the RSA encryption used to exchange the
- |> keys. In other words, the sender's private RSA would remain secure.
- ^^^^^^^^^^^
- What you call a "private key" above should be called a "single message key"
- to avoid any chance of someone else confusing it with the "private key"
- part of a public key encryption system, what you call "private RSA" above.
-
- A large part of PGP's strength is due to the fact that very limited amounts of
- information are ever directly protected by a single key, i.e., only one
- message is ever protected by the "single message key" and only the (very small
- amount of information of the) "single message keys" transferred between
- changes of "public key / private key" pairs is protected by those keys.
-
- --
- _ _
- /_ / ) / ) Jeff Hull jhull@den.mmc.com
- //_) -/- -/- 1544 S. Vaughn Cir
- /_/ \_/ / / Aurora, CO 80012 303-977-1061
-
