applied cryptography - protocols, algorithms, and source code in c

Of course you have to trust the hardware manufacturer

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: (KDC) signs Alice’s public key, Bob has to trust that his copy of the KDC’s public key has not been tampered with. In the end, someone who controls the entire network around Bob can make him think whatever he likes. Mallory could send an encrypted and signed message purporting to be from Alice. When Bob tried to access the public-key database to verify Alice’s signature, Mallory could substitute his own public key. Mallory could invent his own false KDC and exchange the real KDC’s public key for his own creation. Bob wouldn’t be the wiser. Some people have used this argument to claim that public-key cryptography is useless. Since the only way for Alice and Bob to ensure that their keys have not been tampered with is to meet face-to-face, public-key cryptography doesn’t enhance security at all. This view is naïve. It is theoretically true, but reality is far more complicated. Public-key cryptography, used with digital signatures and trusted KDCs, makes it much more difficult to substitute one key for another. Bob can never be absolutely certain that Mallory isn’t controlling his entire reality, but Bob can be confident that doing so requires more resources than most real-world Mallorys have access to. Bob could also verify Alice’s key over the telephone, where he can hear her voice. Voice recognition is a really good authentication scheme. If it’s a public key, he can safely recite it in public. If it’s a secret key, he can use a one-way hash function to verify the key. Both PGP (see Section 24.12) and the AT&ampT TSD (see Section 24.18) use this kind of key verification. Sometimes, it may not even be important to verify exactly whom a public key belongs to. It may be necessary to verify that it belongs to the same person to whom it belonged last year. If someone sends a signed withdrawal message to a bank, the bank does not have to be concerned with who withdraws the money, only whether it is the same person who deposited the money in the first place. Error Detection during Key Transmission Sometimes keys get garbled in tran...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online