applied cryptography - protocols, algorithms, and source code in c

Key exchange will be discussed in minute detail in

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: t someone’s public key is from a secure database somewhere. The database has to be public, so that anyone can get anyone else’s public key. The database also has to be protected from write-access by anyone except Trent; otherwise Mallory could substitute any public key for Bob’s. After he did that, Bob couldn’t read messages addressed to him, but Mallory could. Even if the public keys are stored in a secure database, Mallory could still substitute one for another during transmission. To prevent this, Trent can sign each public key with his own private key. Trent, when used in this manner, is often known as a Key Certification Authority or Key Distribution Center (KDC). In practical implementations, the KDC signs a compound message consisting of the user’s name, his public key, and any other important information about the user. This signed compound message is stored in the KDC’s database. When Alice gets Bob’s key, she verifies the KDC’s signature to assure herself of the key’s validity. In the final analysis, this is not making things impossible for Mallory, only more difficult. Alice still has the KDC’s public key stored somewhere. Mallory would have to substitute his own public key for that key, corrupt the database, and substitute his own keys for the valid keys (all signed with his private key as if he were the KDC), and then he’s in business. But, even paper-based signatures can be forged if Mallory goes to enough trouble. Key exchange will be discussed in minute detail in Section 3.1. 2.8 Random and Pseudo-Random-Sequence Generation Why even bother with random-number generation in a book on cryptography? There’s already a random-number generator built into most every compiler, a mere function call away. Why not use that? Unfortunately, those random-number generators are almost definitely not secure enough for cryptography, and probably not even very random. Most of them are embarrassingly bad. Previous Table of Contents Next Products | Contact Us | About Us | Privacy | Ad Info | Home Use of this site is subject to certain Terms & Conditions, Copyright ©...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online