r*****e
发帖数: 30 | 1 解釋一下以下2個有什麼不同, 那個安全一些? 有何trade off?
1.Signing before Encryption
2.Signing after Encryption? |
a*********0
发帖数: 2727 | |
u******g
发帖数: 89 | 3 我猜第一个没办法剥离签名部分第二个可以剥离?
能说下啥公司么? |
p*****2
发帖数: 21240 | |
r*****e
发帖数: 30 | |
a**********t
发帖数: 631 | 6 Not a security expert but here's my thought.
Signing guarantees the integrity of the source data. If encryption is done
after signing, then you have to always perform decryption before knowing
whether the data is reliable or not. In such case if the encryption
algorithm is not strong enough it will be more susceptible to brute force
attack. |
p*****2
发帖数: 21240 | 7
很容易被DDOS攻击
【在 r*****e 的大作中提到】
: 求詳解啊
|
p*****2
发帖数: 21240 | 8
done
没看明白。如果加密算法弱,两种方法没什么区别吧?
【在 a**********t 的大作中提到】
: Not a security expert but here's my thought.
: Signing guarantees the integrity of the source data. If encryption is done
: after signing, then you have to always perform decryption before knowing
: whether the data is reliable or not. In such case if the encryption
: algorithm is not strong enough it will be more susceptible to brute force
: attack.
|
j******f
发帖数: 825 | 9 sign before encryption, you know what you are signing, it's a secret who
signed it, but you can only verify signature after decryption.
sign after encryption, you don't know what you signing, it's not a secret
who signed it, but you can verify signature without decryption. |
a**********t
发帖数: 631 | 10 Let me try it one more time.
Both schemes have their pros and cons.
In the real word Signing is usually implemented with asymmetric key and
encryption (of large data) usually uses symmetric key.
The reason is that signing is usually performed on the hash of the message
only thus it can afford the low efficiency of asymmetric algorithm, while
encryption is performed on the entire message and symmetric algorithm is
much faster.
Signing after encryption
pro: the receiver of the message doesn't have to decrypt message from
untrusted source. As peking2 mentioned this might reduce the load on the
receiver side and minimize DDOS attack surface.
con: if there are 2 legitimate users on the same network and user B can
intercept user A's encrypted message and replace user A's signature with
user B's then send it out to impersonate user A.
The pros and cons of signing before encryption are just the opposite of
above.
My concern is that if there's any plain text (like signer's identity)
contained in the signature besides the encrypted hash value itself, then the
receiver now has both plain text and cipher text of part of the message.
This could be a welcome note to hackers.
But again I'm not an expert, looking forward to comments.
【在 p*****2 的大作中提到】
:
: done
: 没看明白。如果加密算法弱,两种方法没什么区别吧?
|
|
|
p*****2
发帖数: 21240 | 11 con: if there are 2 legitimate users on the same network and user B can
intercept user A's encrypted message and replace user A's signature with
user B's then send it out to impersonate user A.
我认为B和server之间的secret A不会得到
如果server得到date tampered by A。server会用A的secret去decrpyt。这样就得不到
原文。貌似没什么security issue呀?况且,A的身份已经报漏了。 |
p*****2
发帖数: 21240 | 12 My concern is that if there's any plain text (like signer's identity)
contained in the signature besides the encrypted hash value itself, then the
receiver now has both plain text and cipher text of part of the message.
This could be a welcome note to hackers.
这个能具体说说吗?貌似现在是不是都这么干的? |
r*****e
发帖数: 30 | 13 Not quite understand what is going on here.. please help --
你說
con: if there are 2 legitimate users on the same network and user B can
intercept user A's encrypted message and replace user A's signature with
user B's then send it out to impersonate user A.
但如果
Let say the 2 legitimate users in communication are A and C. A is sending
MAC(encrypted package) and the encrypted package to C. B received it and
took off A's signature. Replacing by B's own signature.
How can B impersonate user A ? B only can sign the encypted package by his(
B) signature.
So when C receive it.. C knows this is signed by B but not A, so C wil
reject the package..
Please correct me, I know I miss something.. Thanks!
【在 a**********t 的大作中提到】
: Let me try it one more time.
: Both schemes have their pros and cons.
: In the real word Signing is usually implemented with asymmetric key and
: encryption (of large data) usually uses symmetric key.
: The reason is that signing is usually performed on the hash of the message
: only thus it can afford the low efficiency of asymmetric algorithm, while
: encryption is performed on the entire message and symmetric algorithm is
: much faster.
: Signing after encryption
: pro: the receiver of the message doesn't have to decrypt message from
|
a**********t
发帖数: 631 | 14 I don't think in the real world it will be a problem as long as both schemes
are implemented properly.
But there could be chance in the bad implementation that the encryption key
is connection based thus the receiver still decrypts the message but is made
believe that the message is from B instead of A.
【在 p*****2 的大作中提到】
: con: if there are 2 legitimate users on the same network and user B can
: intercept user A's encrypted message and replace user A's signature with
: user B's then send it out to impersonate user A.
: 我认为B和server之间的secret A不会得到
: 如果server得到date tampered by A。server会用A的secret去decrpyt。这样就得不到
: 原文。貌似没什么security issue呀?况且,A的身份已经报漏了。
|
a**********t
发帖数: 631 | 15 My personal take is that it's best practice in cryptology world not to
encrypt any plain text everyone already knows especially in case of
symmetric key encryption.
http://en.wikipedia.org/wiki/Known-plaintext_attack
However such concern might be moot for modern ciphers.
the
【在 p*****2 的大作中提到】
: My concern is that if there's any plain text (like signer's identity)
: contained in the signature besides the encrypted hash value itself, then the
: receiver now has both plain text and cipher text of part of the message.
: This could be a welcome note to hackers.
: 这个能具体说说吗?貌似现在是不是都这么干的?
|
r*****e
发帖数: 30 | |
a**********t
发帖数: 631 | 17 Not DaNiu, don't take my words too seriously :)
I think you are all right, but again it falls into detail of implementation.
A conversation is usually encrypted with a session key which is exchanged
during hand shaking period. In this case C should always validate if the
signature is generated by the initial user (A) instead of assuming the
message is from B. Yet still there's no chance for B to tamper the message
body.
his(
【在 r*****e 的大作中提到】
: Not quite understand what is going on here.. please help --
: 你說
: con: if there are 2 legitimate users on the same network and user B can
: intercept user A's encrypted message and replace user A's signature with
: user B's then send it out to impersonate user A.
: 但如果
: Let say the 2 legitimate users in communication are A and C. A is sending
: MAC(encrypted package) and the encrypted package to C. B received it and
: took off A's signature. Replacing by B's own signature.
: How can B impersonate user A ? B only can sign the encypted package by his(
|
