From: Skybuck Flying on
Hello,

I have a question about the RSA public key encryption algorithm which is the
following:

I am wondering if it's possible to use the RSA public encryption/shared key
as a means of identification ?

So suppose two people are using the same name for example:

iJustine
iJustine

One of them is the real iJustine... the other one is the fake iJustine.

How easy/hard would it be for the faker to try and fake a public key ?

Example:

Real iJustine's private decryption key (D):
"72939831478294294739164515853570942883997805827756672958318945914651882044984974267976913068042297636392546490845126913"

Real iJustine's public encryption key (E):
"65537"

Real iJustine's shared key (N):
"434174181252767774234389180350848398715772637753360526609873060556853225612779513183792437032901271239849283324448766573"

Now the faker does not know the private key... but the faker does know the
public key (E) and shared key (N).

Let's suppose for a moment that a "safe/secured protocol" is being used
which uses "signatures" to make sure that messages are valid... and that the
keys are working/valid...

The mission for the faker is to find a private key (D) which will work with
the public (E) and shared key (N) in such a way that the public/shared key
is the same but the private key is different/working.

The mission for the faker is to not decrypt the message-stream ment for
iJustine but instead to fake himself pretending to be iJustine... by simply
using the same public/shared key.

So that the faker can give away the public/shared key and claim to be the
real iJustine.

The problem for the real iJustine is:

iJustine says on her website:

"I am the real one ! this is my public key: .... etc ...."

the faker, fakes her and says the same thing:

I am also the real iJustine:

"I am the real one ! this is my public key: .... etc ...."

Do you see the problem ?

For the "public" it's impossible to tell which the real iJustine is just
based on screen information, since both public keys are the same ?!?

The question is:

How hard is it to fake public keys ?

And if it's easy... are there any solutions ?

Bye,
Skybuck.


From: Tom St Denis on
On May 6, 7:49 am, "Skybuck Flying" <IntoTheFut...(a)hotmail.com> wrote:
> The mission for the faker is to find a private key (D) which will work with
> the public (E) and shared key (N) in such a way that the public/shared key
> is the same but the private key is different/working.

Any D that works for a fixed E will be congruent to the real D. more
so, being able to find such values [even for non-fixed E] leads to the
factorization of N and thus you have broken the cryptosystem.

How do you prevent that? Pray that factoring gets no better than the
GNFS.

Generally you discern real public keys from fakes if they are signed.
Your certificate [if RSA based] will have your E and N. If I sign it
I'm also signing the E/N pairs. So if someone comes to me with E' and
N I can tell it that way. If someone finds a D' for your E then they
can factor N and you're hosed anyways (e.g. no way to tell impostors).

Tom
From: Datesfat Chicks on
"Skybuck Flying" <IntoTheFuture(a)hotmail.com> wrote in message
news:8d637$4be2acba$54191e22$22663(a)cache2.tilbu1.nb.home.nl...
> Hello,
>
> I have a question about the RSA public key encryption algorithm which is
> the following:
>
> I am wondering if it's possible to use the RSA public encryption/shared
> key as a means of identification ?

Most of what you wrote (and I've snipped it out) indicates that you are just
becoming familiar with this technology and are kind of "thinking aloud". No
harm in that. Most people on this newsgroup are probably still living in
their parents' basements and attending Star Trek conventions ... not like we
have anything better to do.

That being said ...

The convention with public key cryptography is that only the real Justine
has Justine's private key.

If you want to verify that something is coming from the real Justine, have
her sign it using her private key. You can then verify using the public key
that the right private key has been used.

It doesn't make sense to ask the question if one can easily find a
compatible but perhaps different private key given a public key. NO! THAT
WOULD DESTROY THE VALIDITY OF THE WHOLE CRYPTOSYSTEM! NO! NO! NO! NO!
CAN'T BE DONE. NOPE! NO WAY! THAT IS DESIGNED TO BE UNDOABLE! NO! NOPE!
COVERED! COMPUTATIONALLY VERY HARD, AND DESIGNED TO BE THAT WAY!

However, a related question that I think you kind of hinted at is whether
someone could push a fake public key out there. That is one inelegant
feature of public-key cryptography--you have to be sure that the public keys
belong to the claimed parties. The same for browser certificates and so on.
This requires an infrastructure that goes beyond the cryptography itself.

You may find these links interesting:

http://en.wikipedia.org/wiki/Web_of_trust

http://en.wikipedia.org/wiki/Public_key_infrastructure

Datesfat