Re: New Encryption Idea
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: New Encryption Idea

From: <a.manansala@attbi.com>
Date: Fri Jun 17 2005 - 16:14:04 CEST




tomstdenis@gmail.com wrote:


> a.manans...@attbi.com wrote:


> > As I noted, secrecy is a problem with any encryption or security


> > system.


>


> You'll have to learn that "privacy" is not the only problem


> cryptography addresses...


>


> > The public key system must keep private keys secret where those keys


> > reside.


>


> Public key solves the problem you don't.  Distribution.


>



The authentication keys in my system are based on existing private


knowledge.  These keys basically have already been distributed so it is


not an issue.



This is quite plainly pointed out in the second article.



For example, one's credit card information would be an authenticating


key.  The person requesting the information gets no actual credit card


data just the encrypted authentication code.



> > No, the files are electronic files that are downloaded from disk or


> > possibly from the internet if you have end-to-end security.


>


> Where does end-to-end security come from?  And if I already have that


> why not use that instead?


>



Yes, that's another point I address. You don't have that. Except when


you can authenticate and encrypt initially with private knowledge.



That allows you to encrypt at both ends and not rely on servers.



> > Or they come already with your package like a new computer.


>


> So... now Dell knows your encryption keys?


>



Well, using the current system your "private keys" likely rests on


someone else's hardware.



Secrecy of the information is an issue, but not any greater here than


elsewhere.  However, your encryption keys are not what is included with


the hardware.



The files included are used for random number generation.



Your authentication key is based on private knowledge.



The problem of distributing files is equivalent to that of distributing


credit cards, serial numbers, etc.



However, it is possible to use one file to create a completely new file


privately after the hardware has been received by the user.



Basically it goes like this, the user enters in some data. The program


uses the data to determine a random number. The random number is used


with the old file to generate an entirely new random file.



> > The key is basically information you have to type in anyway for


> > authentication.


>


> ... AES is usually not used for authentication outside of a MAC


> construction.  Public Key algorithms are typically what you use to


> authenticate transactions for they have something MACs do not...


>


>



Well there is only one key that is "typed" in in my system and that is


the authentication key.


Received on Thu Sep 29 21:44:26 2005