[plug] ANNOUNCE: Tuesday will be at Fast Eddies, feature PHP demo

Mike Holland myk at golden.wattle.id.au
Mon May 10 15:20:43 WST 1999

On Mon, 10 May 1999, Greg Mildenhall wrote:

> > > What does "MD5-exact" mean?

My 2-line answer:
Its a cryptographically secure checksum.  i.e. a hash thats hard to
reproduce from different input data.

> "private key". It is impossible to generate one key from the other.

Not impossible, just difficult if the key is big enough.

> by the owner of that key. In practise, one only needs to encrypt the first
> little bit of the message in order to prove authenticity.

How does that authenticate the rest of the message?
You mean you just need a little plaintext to verify the encrypted doc?

If you 'decrypt' a message with the wrong public key, does it fail, or
produce garbage?

I think pehaps the message was a bit confusing. As I understand it:

- a checksum is used to verify that the data has not been accidentally

- to guard against deliberate tampering, use a crypto-secure checksum
(such as MD5) AND encrypt that checksum with a trusted private key.

- the recipent uses the matching public key to verify the md5 (if
  he has a trusted copy of the public key), and then uses the 
  now-truisted md5 to verify the document.

Also worth mentioning that PK encryption is very slow, so normally you
just use it on a conventional key, and use that key on the whole document.

Mike Holland <mike at golden.wattle.id.au>            Perth, Australia.
Any sufficiently advanced bug is indistinguishable from a feature.
                -- Rich Kulawiec

More information about the plug mailing list