[plug] ANNOUNCE: Tuesday will be at Fast Eddies, feature PHP demo

Mon May 10 16:42:26 WST 1999

On Mon, 10 May 1999, Mike Holland wrote:
> On Mon, 10 May 1999, Greg Mildenhall wrote:
> > > > What does "MD5-exact" mean?
> My 2-line answer:
> Its a cryptographically secure checksum.  i.e. a hash thats hard to
> reproduce from different input data.

> > "private key". It is impossible to generate one key from the other.
> Not impossible, just difficult if the key is big enough.
Very true... but how big is big enough depends on who you ask - the US
government seems to have a very different idea to anyone else. In a
simplified crypto introduction, we assume it's impossible. I therefore
suspect the US govt. had only a simplified crypto introduction before
making this law, but thankfully it wasn't my confused one.

> > by the owner of that key. In practise, one only needs to encrypt the first
> > little bit of the message in order to prove authenticity.
> How does that authenticate the rest of the message?
Ooops, my brain is completely scrambled from too much graph theory,
automorphism-group-hunting and fourier filtering in MATLAB.
What I was thinking was "You don't have to encrypt the whole message
(slow) because you only need to encrypt the MD5sum of the message" for
some reason I forgot where MD5 came into it. (which was why I mistakenly
called MD5 an encryption algorithm :)

> If you 'decrypt' a message with the wrong public key, does it fail, or
> produce garbage?
Garbage, but if you are trying to check a digsig, the program will do it
for you and then say "fail". And it will be right, because the owner of
that key certainly didn't authenticate the message. :)

> I think pehaps the message was a bit confusing. As I understand it:
I now realise it was very confusing. :)

> - a checksum is used to verify that the data has not been accidentally
> corrupted.
> - to guard against deliberate tampering, use a crypto-secure checksum
> (such as MD5) AND encrypt that checksum with a trusted private key.
> - the recipent uses the matching public key to verify the md5 (if
>   he has a trusted copy of the public key), and then uses the 
>   now-truisted md5 to verify the document.
Yep, that's pretty much it, except there's no such thing as a "trusted
copy of the public key" - the more people who know your public key, the
better. Of course, you might mean "key you trust to be the person's real
public key", which would certainly be the case.

> Also worth mentioning that PK encryption is very slow, so normally you
> just use it on a conventional key, and use that key on the whole document.
Or only use it on the MD5sum of the document, which is usually
significantly shorter than the document itself.

-Greg