[plug] ANNOUNCE: Tuesday will be at Fast Eddies, feature PHP demo
Mike Holland
myk at golden.wattle.id.au
Mon May 10 15:20:43 WST 1999
On Mon, 10 May 1999, Greg Mildenhall wrote:
> > > What does "MD5-exact" mean?
My 2-line answer:
Its a cryptographically secure checksum. i.e. a hash thats hard to
reproduce from different input data.
> "private key". It is impossible to generate one key from the other.
Not impossible, just difficult if the key is big enough.
> by the owner of that key. In practise, one only needs to encrypt the first
> little bit of the message in order to prove authenticity.
How does that authenticate the rest of the message?
You mean you just need a little plaintext to verify the encrypted doc?
If you 'decrypt' a message with the wrong public key, does it fail, or
produce garbage?
I think pehaps the message was a bit confusing. As I understand it:
- a checksum is used to verify that the data has not been accidentally
corrupted.
- to guard against deliberate tampering, use a crypto-secure checksum
(such as MD5) AND encrypt that checksum with a trusted private key.
- the recipent uses the matching public key to verify the md5 (if
he has a trusted copy of the public key), and then uses the
now-truisted md5 to verify the document.
Also worth mentioning that PK encryption is very slow, so normally you
just use it on a conventional key, and use that key on the whole document.
Mike Holland <mike at golden.wattle.id.au> Perth, Australia.
--==--
Any sufficiently advanced bug is indistinguishable from a feature.
-- Rich Kulawiec
More information about the plug
mailing list