View Single Post
  #22 (permalink)  
Old May 9th, 2002
Sajma Sajma is offline
Disciple
 
Join Date: April 26th, 2002
Posts: 11
Sajma is flying high
Default

Taliban: of course "decrypting" a signature is easy to do: that's how you verify that the signature is authentic! What's important is that an attacker cannot forge a user's signature. This is only feasible if the attacker gains access to the user's private key, which is stored on the user's local machine. Without that key, forging a signature is computationally very difficult. It doesn't matter whether the attacker knows the source code -- the private key is the only thing that must be kept secret.
Reply With Quote