Garfinkel and Spafford, Web Security and Commerce, chap. 11, O'Reilly 1997
Roger Clarke - many papers, including
<URL: http://www.anu.edu.au/people/Roger.Clarke/II/CryptoSecy.html>
Tanenbaum 3rd edition section 7.1.6, 7.4.5
recall:
methods such as RSA algorithm with (public key, prviate key) pairs
can be used for secure encryption of whole message - expensively
or short part of message - cheaply.
recall:
require
A means of getting integrity - detect whether message has been altered.
Can be combined with encryption or used with plain text.
Principle:
add a redundant tag piece of data to a message, which is generated from the message content
any change to the message content will then not match the tag (if the scheme is done well)
Compare with error detectection schemes - but here we expect attacks, not just statistically well-behaved noise.
A good message digest function has the properties:
figure 10-3 Garfinkel and Spafford
There are many proposals, several in use
examples of MD5 digests - from G&S p. 204
Sender adds shared secret password S to message P
Sender computes message digest MD = m(P+S)
Transmit P + MD
Receiver computes message digest MD' = m(P' + S)
If MD' = MD then receiver has confidence that sender knew secret S.
An intruder must find a message P*
such that MD* = m(P* + S) without knowing S - very hard.
Tanenbaum 7.1.6
requirements:
Message digests and public key encryption provide one method.
(Public key encryption of the whole message provides another.)
Based on symmetry of public and private keys
normally: sender encrypts with receiver's public key
M = ER(P)
and receiver decrypts with private matching key
M' = DR(M) = DR(ER(P)) = P
If keys also have the property that E(D(x)) = x
then sender can use own private key to encrypt a signature that anyone can decrypt with sender's public key - but only the sender could have sent.
Last modified: Tue Mar 30 11:27:54 EST 1999