Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Full-Disclosure] Time Expiry Alogorithm??

from [Tiago Halm] Network Security [Permanent Link]
Subject: RE: [Full-Disclosure] Time Expiry Alogorithm??
Date: Mon, 22 Nov 2004 01:18:11 -0000 
Gautam R. Singh <gautam.singh@gmail.com> wrote:

I was just wondering is there any encrytpion alogortim which expires
with time.
For example an email message maybe decrypted withing 48 hours of its
delivery otherwise it become usless or cant be decrypted with the
orignal key


Scenario:
Lets imagine there is a "trusted", non-hackable third-party which handles a
timestamp database along with private/public keys. Lets cal it Trent. Trent
manages timestamps in terms of existence and validity. Each timestamp can
only be used once and only once. Each timestamp, as soon as it is created
has also associated a validity window outside of which it will be considered
as invalid. Whenever a timestamp its checked for existence, it will be
marked as used, and hence becomes invalid afterwads. Each timestamp is also,
obviously, unique.

Alice has a message. Alice asks Trent for a timestamp. She generates a hash
of the message, and then she signs the hash and the timestamp with her
private key. She sends the message and the signature to Bob.

When Bob receives the message, Bob decrypts the signature with Alice's
public key and sends Trent the timestamp for validity check. Trent finds the
associated timestamp in its database, sends Bob a positive response and
invalidates the timestamp.

While Bob wants to be sure the message originates from Alice, Alice wants
the message to be valid (as originating from her) for only a certain period
of time.

Conclusion:
If a certain validity (48h) is given to the timestamps, this may lead to a
valid solution for the situation described above.
How reasonable is this?

Note:
Trent, can of course, be interpreted/achieved by various implementations,
while maintaining the model described above ...

Tiago Halm

---
[This E-mail has been scanned for viruses but it is your responsibility 
to maintain up to date anti virus software on the device that you are
currently using to read this email. ]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: joe the "expert" (was Re: [Full-Disclosure] IE is just as safe as FireFox ), joe
Next by Date:  RE: [Full-Disclosure] WiFi question, Ake Nordin
Previous by Thread:  Re: [Full-Disclosure] Time Expiry Alogorithm??, Pavel Kankovsky
Next by Thread:  Re: [Full-Disclosure] Time Expiry Alogorithm??, Andrew Farmer
Indexes:  [Date] [Thread] [Top] [All Lists]