Return-Path: hochung@usc.edu Delivery-Date: Mon Apr 12 15:15:05 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i3CMF5qB008668 for ; Mon, 12 Apr 2004 15:15:05 -0700 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0HW20007KWNCMA00@postal.usc.edu> for cs530@merlot.usc.edu; Mon, 12 Apr 2004 15:18:48 -0700 (PDT) Received: from [24.24.229.104] by postal.usc.edu (mshttpd); Mon, 12 Apr 2004 15:18:48 -0700 Date: Mon, 12 Apr 2004 15:18:48 -0700 From: ho chung Subject: Re: Qestion regarding HW2 Q4.2 - User forgets password To: cs530@merlot.usc.edu Message-id: MIME-version: 1.0 X-Mailer: Sun ONE Messenger Express 6.0 HotFix 1.01 (built Mar 15 2004) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal hello class, another Q & Cs: the answer is NO. you dont have to consider the scenario below. ----- Original Message ----- Subject: Qestion regarding HW2 Q4.2 > Dear TA, > > Does the Authentication system in Q4.2 need to return "password" of a > user, in > case the user forgets his/her password?? If so, the authentication server > databases need to store the password in clear or there must be a way for > them > to get it from the username. I was just wondering if the system is > supposed to > provide this kind of service or not. Becuase this does affect the design > of > the system. > > Return-Path: hochung@usc.edu Delivery-Date: Mon Apr 12 15:12:14 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i3CMCEqB008621 for ; Mon, 12 Apr 2004 15:12:14 -0700 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0HW200J50WIKEB60@postal.usc.edu> for cs530@merlot.usc.edu; Mon, 12 Apr 2004 15:15:56 -0700 (PDT) Received: from [24.24.229.104] by postal.usc.edu (mshttpd); Mon, 12 Apr 2004 15:15:56 -0700 Date: Mon, 12 Apr 2004 15:15:56 -0700 From: ho chung Subject: Re: [cs530] HW2, Prob 4.2 To: cs530@merlot.usc.edu Message-id: MIME-version: 1.0 X-Mailer: Sun ONE Messenger Express 6.0 HotFix 1.01 (built Mar 15 2004) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal hello class, another Q & Cs: the attacker can do both or only one of these. your design should be secure against these attacks. ----- Original Message ----- Subject: Re: [cs530] HW2, Prob 4.2 > > > Also Re: 4.2 > > When you say eavesdropping and compromising the DB.. > > do you mean the attacker has done both or only one of these. Return-Path: hochung@usc.edu Delivery-Date: Mon Apr 12 13:42:51 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i3CKgpqB006960 for ; Mon, 12 Apr 2004 13:42:51 -0700 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0HW200HHKSDMWS00@postal.usc.edu> for cs530@merlot.usc.edu; Mon, 12 Apr 2004 13:46:34 -0700 (PDT) Received: from [24.24.229.104] by postal.usc.edu (mshttpd); Mon, 12 Apr 2004 13:46:34 -0700 Date: Mon, 12 Apr 2004 13:46:34 -0700 From: ho chung Subject: [cs530] HW2, Prob 4.2 To: cs530@merlot.usc.edu Message-id: <90cf16b45779.407a9dba@usc.edu> MIME-version: 1.0 X-Mailer: Sun ONE Messenger Express 6.0 HotFix 1.01 (built Mar 15 2004) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal Hello class, For clarification on hw2 prob 4.2, I am broadcasting a question from a student and my comments. [Q] The problem specifies "multiple authentication servers," but does not specify the roles thereof. That is, are the multiple servers for redundancy, so that the failure of one still permits access to a *common* domain? Or do the servers specify *individual* domains, to which each arbitrates access independent of the other servers? [Comment] Multiple authentication servers are for *redundancy*, but reading id-pwd database of a server should not automatically compromise other authentication servers. Ho Return-Path: hochung@usc.edu Delivery-Date: Fri Feb 13 14:35:18 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i1DMZIcM004048 for ; Fri, 13 Feb 2004 14:35:18 -0800 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HT100DP1O5BU3@postal.usc.edu> for cs530@merlot.usc.edu; Fri, 13 Feb 2004 14:36:47 -0800 (PST) Received: from [128.125.208.150] by postal.usc.edu (mshttpd); Fri, 13 Feb 2004 14:36:47 -0800 Date: Fri, 13 Feb 2004 14:36:47 -0800 From: ho chung Subject: Re: Homework 2 Question 3.2 To: cs530@merlot.usc.edu Message-id: <4b7ee74b9b66.4b9b664b7ee7@usc.edu> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.21 (built Sep 8 2003) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal i think you are not on the right track. the focus of the question is not about the difficulty of factorization of RSA modulus. Pls think about what would happen on Bob's side when he tries to recover and verify Alice's signature of the message. Sorry, I cant give you more hints... 8-) Ho > Hi, > > I was thinking that if the modulus was too small, then the odds are > higher that when Alice encrypts with Bob's public key the message may go > to zero (c = m^(bobs_public_key) mod (bobs_modulus)) because with a > small modulus you are reducing the key space. If the modulus is a small > number, then those numbers (1-9 or more) can be divided into more other > numbers with a result of zero remainder. Is this potentially correct? > I would just like to know if I am on the right track. I know that there > is a reason for a large modulus and I think that this is it. Return-Path: hochung@usc.edu Delivery-Date: Thu Feb 12 10:11:20 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i1CIBKcM004766 for ; Thu, 12 Feb 2004 10:11:20 -0800 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HSZ0028YH974T@postal.usc.edu> for cs530@merlot.usc.edu; Thu, 12 Feb 2004 10:12:43 -0800 (PST) Received: from [128.125.208.83] by postal.usc.edu (mshttpd); Thu, 12 Feb 2004 10:12:43 -0800 Date: Thu, 12 Feb 2004 10:12:43 -0800 From: ho chung Subject: Re: Homework 2 Question 3.2 To: cs530@merlot.usc.edu Message-id: <8f18b88e61.88e618f18b@usc.edu> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.21 (built Sep 8 2003) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal > Prof., > Problem 3.2 on the homework is very unclear to me. > First of all, as far as I can tell, the message is > plaintext concatenated with a signature. The question never says that the message is plaintext concatenated with a signature.Here Alice simply wants to sign a plaintext message, then encrypt that signed message using the RSA. Neither hashing nor symmetric encryption are involved. Here is a mathematical interpretation: M: Plaintext message d_Alice: Alice's RSA private key e_Alice: Alice's RSA public key d_Bob: Bob's RSA private key e_Bob: Bob's RSA public key n_Alice = Alice's RSA modulus) n_Bob = Bob's RSA modulus) Alice wishes to sign --> S = M ^ (d_Alice) mod n_Alice and then encrypt a message for Bob --> C = S ^ (e_Bob) mod n_Bob > The signature is encrypted with Alice's private key, but > the plaintext message is not. Then, is the message + > the encrypted signature encrypted with Bob's public > key? I believe this to be the case. > Your interpretation of the question is incorrect. Pls see the above math expression. When Alice encrypts a message using RSA, it means she encrypts the message with the recipient's public key, not her private key. This is the basics of any public key cryptosystems. If Alice uses her private key to encrypt sth, the recipient cannot decrypt the ciphertext. However, when Alice signs sth, then she uses her private key, so that all recipients of the signed message can verify using her public key. > Now I'm not sure if this is a trick question, but the > only way that the message cannot be recovered is if a > hacker finds B_d because n is small enough to factor, > then compromises the message. > Am I on the right track, or is this too obvious. > I apologize if I divulge too much information here for > the mailing list. > The problem assumes that all private keys are safely stored by each individual. As I have broadcasted in previous email, the hint is the SIZE of RSA modulus. Ho Return-Path: hochung@usc.edu Delivery-Date: Wed Feb 11 19:31:50 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i1C3VocM020821 for ; Wed, 11 Feb 2004 19:31:50 -0800 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HSY00IPTCJBZ9@postal.usc.edu> for cs530@merlot.usc.edu; Wed, 11 Feb 2004 19:33:11 -0800 (PST) Received: from [128.125.52.69] by postal.usc.edu (mshttpd); Wed, 11 Feb 2004 19:33:11 -0800 Date: Wed, 11 Feb 2004 19:33:11 -0800 From: ho chung Subject: Re: Regarding HW2 Problem 3.2 To: cs530@merlot.usc.edu Message-id: <74425a73e55c.73e55c74425a@usc.edu> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.21 (built Sep 8 2003) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal Alice uses Bob's public key to encrypt "the SIGNED MESSAGE". I am not sure what you mean by the whole message and signature. It's the signed message (or i can call it as her signature) that Alice is trying to encrypt. Please come to my office hours if you are still not clear. Ho > Hi > when Alice encrypts the message with Bob's public key, does she encrypt > the > whole message or just her signature. I guess it is the whole message but > just > want to confirm. > > thanks > > ----- Original Message ----- > From: ho chung > Date: Wednesday, February 11, 2004 10:03 am > Subject: Re: Regarding HW2 Problem 3.2 > > > > > > > > > > Accepted that the problem in recovering is related to the modulus > size, > > > but I > > > didn't get the question though. The first sentence says something like > > > '...then encrypt the resulting signature' while the third sentence > says > > > '...encrypt a message for Bob'. So does it mean, that both the message > > and > > > the > > > signature are encrypted (the former by Bob's public key & the later by > > > Alice's > > > private key) ? > > > > No. "Alice signs the message and encrypts the signed message for Bob > > (using > > RSA)" means that > > Alice signs the message with her private key, and encrypts the signed > > message > > with Bob's public key. > > > > > > > > > > > > > > > ==================================================== > > > > > > > > > ----- Original Message ----- > > > From: ho chung > > > Date: Tuesday, February 10, 2004 7:21 pm > > > Subject: Re: Regarding HW2 Problem 3.2 > > > > > > > Hello, > > > > > > > > Actually, the hint is stated in the question. Note the size of modulus. > > > > I hope this helps. > > > > > > > > Ho > > > > > > > > > > > > > > > > > Professor, > > > > > > > > > > I was thinking about question 3.2 and wasn't quite sure about the > > > domain > > > > > of > > > > > the problem. > > > > > > > > > > RSA part is pretty straightforward :- > > > > > 1.> Get the public key of the recipient > > > > > 2.> Encrypt the message with that public key and send it to recipient. > > > > > 3.> Recipient decrypts message with the recipient's private key. > > > > > > > > > > Signing part is straightforward as well as long as the key is > known > > on > > > > > both > > > > > ends. > > > > > > > > > > Maybe i need to think some more or maybe i am just not thinking in > > the > > > > > right direction. Was wondering if you could perhaps give me some > > hint > > > in > > > > > terms which domain/direction the problem of not being able to > > recover > > > > the > > > > > message lies in. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Return-Path: hochung@usc.edu Delivery-Date: Wed Feb 11 10:02:20 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i1BI2KcM009729 for ; Wed, 11 Feb 2004 10:02:20 -0800 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HSX00IE9M68YO@postal.usc.edu> for cs530@merlot.usc.edu; Wed, 11 Feb 2004 10:03:44 -0800 (PST) Received: from [128.125.52.181] by postal.usc.edu (mshttpd); Wed, 11 Feb 2004 10:03:44 -0800 Date: Wed, 11 Feb 2004 10:03:44 -0800 From: ho chung Subject: Re: Regarding HW2 Problem 3.2 To: cs530@merlot.usc.edu Message-id: <50c51950a7fe.50a7fe50c519@usc.edu> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.21 (built Sep 8 2003) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal > Accepted that the problem in recovering is related to the modulus size, > but I > didn't get the question though. The first sentence says something like > '...then encrypt the resulting signature' while the third sentence says > '...encrypt a message for Bob'. So does it mean, that both the message and > the > signature are encrypted (the former by Bob's public key & the later by > Alice's > private key) ? No. "Alice signs the message and encrypts the signed message for Bob (using RSA)" means that Alice signs the message with her private key, and encrypts the signed message with Bob's public key. > ==================================================== > > > ----- Original Message ----- > From: ho chung > Date: Tuesday, February 10, 2004 7:21 pm > Subject: Re: Regarding HW2 Problem 3.2 > > > Hello, > > > > Actually, the hint is stated in the question. Note the size of modulus. > > I hope this helps. > > > > Ho > > > > > > > > > Professor, > > > > > > I was thinking about question 3.2 and wasn't quite sure about the > domain > > > of > > > the problem. > > > > > > RSA part is pretty straightforward :- > > > 1.> Get the public key of the recipient > > > 2.> Encrypt the message with that public key and send it to recipient. > > > 3.> Recipient decrypts message with the recipient's private key. > > > > > > Signing part is straightforward as well as long as the key is known on > > > both > > > ends. > > > > > > Maybe i need to think some more or maybe i am just not thinking in the > > > right direction. Was wondering if you could perhaps give me some hint > in > > > terms which domain/direction the problem of not being able to recover > > the > > > message lies in. > > > > > > > > > > > Return-Path: hochung@usc.edu Delivery-Date: Tue Feb 10 19:20:21 2004 Received: from postal.usc.edu (postal.usc.edu [128.125.253.6]) by merlot.usc.edu (8.12.8/8.12.8) with ESMTP id i1B3KLcM025720 for ; Tue, 10 Feb 2004 19:20:21 -0800 Received: from usc.edu (localhost.usc.edu [127.0.0.1]) by postal.usc.edu (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HSW00A3VHC77A@postal.usc.edu> for cs530@merlot.usc.edu; Tue, 10 Feb 2004 19:21:43 -0800 (PST) Received: from [128.125.53.159] by postal.usc.edu (mshttpd); Tue, 10 Feb 2004 19:21:43 -0800 Date: Tue, 10 Feb 2004 19:21:43 -0800 From: ho chung Subject: Re: Regarding HW2 Problem 3.2 To: cs530@merlot.usc.edu Message-id: <39b4b339c52e.39c52e39b4b3@usc.edu> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.21 (built Sep 8 2003) Content-type: text/plain; charset=us-ascii Content-language: ko Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: ko Priority: normal Hello, Actually, the hint is stated in the question. Note the size of modulus. I hope this helps. Ho > Professor, > > I was thinking about question 3.2 and wasn't quite sure about the domain > of > the problem. > > RSA part is pretty straightforward :- > 1.> Get the public key of the recipient > 2.> Encrypt the message with that public key and send it to recipient. > 3.> Recipient decrypts message with the recipient's private key. > > Signing part is straightforward as well as long as the key is known on > both > ends. > > Maybe i need to think some more or maybe i am just not thinking in the > right direction. Was wondering if you could perhaps give me some hint in > terms which domain/direction the problem of not being able to recover the > message lies in. >