Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Simple Effective Secure Email

from [Barrie Dempster] Network Security [Permanent Link]
Subject: RE: Simple Effective Secure Email
Date: Thu, 09 Sep 2004 10:48:21 +0100 
On Wed, 2004-09-08 at 21:35, LordInfidel@directionweb.com wrote:

For encryption; you would do the same thing as above, but instead of
signing it, you would encrypt it.  The recipient would not be able to
read the e-mail (it would like what you saw in the lordinfidel.txt
file, unless they A) had the public key and B) new the password used to
encrypt the file.



Not entirely correct here.
When you send a PGP encrypted file the process is as follows.
1. Sender encrypts with recipients public _key_.
2. Message is sent (usually signed by the senders key)
3. Recipient decrypts the message using their _private_ key and their
_private password_

Your point A is incorrect, the recipient needs the Private key, not the
public key

Your point B is incorrect, the recipient needs the password used in
their own key generation, not the pass used to encrypt the file (files
are encrypted with Key's not passes)

The whole point of PGP is their is no shared secret, its a public key
exchange mechanism. All passwords and private keys are reserved by the
key's owner, the only thing ever exchanged is the public keys.
-- 
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Fwd: learning ethical hacking, Sean
Next by Date:  Re: RE: a tool like nestat, Hamish Stanaway
Previous by Thread:  Re: Simple Effective Secure Email, Steve
Next by Thread:  Re: Simple Effective Secure Email, Illya Knight
Indexes:  [Date] [Thread] [Top] [All Lists]