Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] Re: Cryptography - Hybrid Approach

from [Jeff] Network Security [Permanent Link]
Subject: [CISSP-D] Re: Cryptography - Hybrid Approach
Date: Tue, 26 Oct 2004 18:13:28 -0000 




My eyes kinda glazed over everytime I tried to study that domain but
here's my thoughts...

I tend to think of PGP as asymemetric-only crypto, maybe a better
example is something like SSH or SSL - you are presented with the
entity's public key (certificate) when connecting, and the actual
session is encrypted using symmetric crypto. 

Per wikipedia (couldn't get to netscape's official page), SSL uses:

# Public-key encryption-based key exchange and certificate-based
authentication
# Symmetric cipher-based traffic encryption

ref:  http://en.wikipedia.org/wiki/Secure_Sockets_Layer  for more
information.

HTH,

Jeff
CISSP, CISA

















--- In CISSP-Discuss@yahoogroups.com, "subbarau_2004"
<subbarau_2004@y...> wrote:



Hello,

In Cryptography (from Passport book), there is the hybrid approach to
achieve key distribution and scalability. Under the hybrid approach,
the symmetric algorithm encrypts the message AND the asymmetric
algorithm encrypts the symmetric key.

For the above concept, I would like to use PGP or OpenPGP to
understand the point better. If I am encrypting a message to my
collegue with his public key:
- Is the symmetric key generated on the fly which encrypt the message?

I use GNU Privacy Guard (GPG) for personal use. When I generate a
key, the option I select is the default selection.
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)

All the above choices are either public key algorithms or key exchange
algorithms or digital signature algorithms. I did not see any
symmetric algorithm choices such as 3DES, Blowfish etc. Now, how do I
know which symmetric algorithm is being used to encrypt the message to
my collegue?

I hope I have not overloaded this question.

Thank you for any explanation.

Regards,

Subbarao









------------------------ Yahoo! Groups Sponsor --------------------~--> 
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [CISSP-D] what is Sarbanes-Oxley, DSardina
Next by Date:  [CISSP-D] Proxy Servers and SSL, PLDT FOA-Armando Bonifacio
Previous by Thread:  [CISSP-D] Cryptography - Hybrid Approach, subbarau_2004
Next by Thread:  [CISSP-D] Re: Cryptography - Hybrid Approach, joeyconcrete
Indexes:  [Date] [Thread] [Top] [All Lists]