Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > LimeWire+WireShare (Cross-platform) > New Feature Requests
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Today's Posts

New Feature Requests Your idea for a cool new feature. Or, a LimeWire annoyance that has to get changed.


Reply
 
LinkBack Thread Tools Display Modes
  #21 (permalink)  
Old May 9th, 2002
Gnutella Aficionado
 
Join Date: March 13th, 2002
Location: Aachen
Posts: 832
Taliban is flying high
Default

Any information you store in the clients and that is propagated by the clients to the rest of the network can easily be changed.

Moreover, any signature that are sent over a public network where everybody could read it, are easily spoofed. - Don't forget, that the source of many gnutella clients is open to everyone. If you know the algorithm to decrypt a signature, you can easily reverse it (reversing an encryption algorithm can mean a lot more work).
Reply With Quote
  #22 (permalink)  
Old May 9th, 2002
Disciple
 
Join Date: April 26th, 2002
Posts: 11
Sajma is flying high
Default

Taliban: of course "decrypting" a signature is easy to do: that's how you verify that the signature is authentic! What's important is that an attacker cannot forge a user's signature. This is only feasible if the attacker gains access to the user's private key, which is stored on the user's local machine. Without that key, forging a signature is computationally very difficult. It doesn't matter whether the attacker knows the source code -- the private key is the only thing that must be kept secret.
Reply With Quote
  #23 (permalink)  
Old May 9th, 2002
Gnutella Aficionado
 
Join Date: March 13th, 2002
Location: Aachen
Posts: 832
Taliban is flying high
Default

Whatever you can decrypt, you can also encrypt.

Your idea of one key only being able to decrypt something will not work. Current cryptographic programs work about this way:

There's key A and key B, you only need key A to encrypt but key A and key B to decrypt. So if you can decrypt something, you'll have both keys and therefore you'll be able to encrypt it also.

There is no crypto-algorithm that works the other way round.
Reply With Quote
  #24 (permalink)  
Old May 9th, 2002
Unregistered
Guest
 
Posts: n/a
Default

Quote:
Originally posted by Taliban
Whatever you can decrypt, you can also encrypt.

Your idea of one key only being able to decrypt something will not work. Current cryptographic programs work about this way:

There's key A and key B, you only need key A to encrypt but key A and key B to decrypt. So if you can decrypt something, you'll have both keys and therefore you'll be able to encrypt it also.

There is no crypto-algorithm that works the other way round.
"Data scrambled with Bob's private key can only be unscrambled with Bob's public key."

- PKI for Dummies: http://www.nwfusion.com/news/64452_05-17-1999.html
Reply With Quote
  #25 (permalink)  
Old May 9th, 2002
Gnutella Aficionado
 
Join Date: March 13th, 2002
Location: Aachen
Posts: 832
Taliban is flying high
Default

You're right, I forgot it's possible for RSA when you have a very short message.
Reply With Quote
  #26 (permalink)  
Old May 9th, 2002
Unregistered
Guest
 
Posts: n/a
Default

Quote:
Originally posted by Taliban
You're right, I forgot it's possible for RSA when you have a very short message.
Not just short messages.


If I encrypt, say, my database with my public key, only i could use it. This is where key management comes in.

I get my friends private key. Via AIM, email, secret meeting, whatever

I can then encrypt to it during export.

But why need to encrypt anything? (my method of local databases, anyway. But I'm not sure I like that. (convenience issues).
Reply With Quote
  #27 (permalink)  
Old May 9th, 2002
Disciple
 
Join Date: April 26th, 2002
Posts: 11
Sajma is flying high
Default

Taliban, I'm referring to standard public key cryptosystems. Each user has a private key (stored locally, so only they know it) and a public key that everyone can know about. A user signs a message using his private key. Other users can check the signature with the user's public key. There is no need for any user to ever reveal their private key to anyone.

In RSA, signatures are typically implemented by encrypting a hash of the signed file with the user's private key. To verify a signature, other users decrypt the signature block and check that it matches the hash of the signed file.

Note that actually encrypting data (such as mail messages in PGP) simply reverses this process. A sender encrypts his message with the receipient's public key. The recipient decrypts the message with her private key.

Note that in both cases, the security-sensitive operation (signing and decrypting) is done using the private key, which is never revealed to anyone.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows live MSN keeps signing off spiderman99 Open Discussion topics 0 March 22nd, 2007 05:47 AM
Signing In To Forum lokkop General Windows Support 0 January 6th, 2007 09:24 AM
Wrong e-mail address when signing up eddiehoughton Open Discussion topics 0 January 19th, 2006 10:00 AM
Hashing Files thunt Open Discussion topics 1 February 27th, 2005 10:40 PM
Limewire Pro not hashing files. Phaedra General Mac OSX Support 2 February 24th, 2005 05:30 AM


All times are GMT -7. The time now is 02:54 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.