Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
Is there a relationship between the content of a private RSA key (private exponent, modulus and primes) and a AES-128-cbs key and iv?
I know that you can encrypt your private key using AES in which case
the AES-iv is supplied in the pem file and the AES-key is
calculated using MD5 over secret-password and the first 8 bytes
of the AES-iv.
However I have AES encrypted data and a private RSA key that I can read.
Is there a standard on how to derive the AES-key and AES-iv from the
RSA key content, maybe from the prime numbers inside. Is
there some standard that is normally used?
No, it makes no sense to have your symmetric key depending on your asymmetric.
Usually you also don't just encrypt one particular AES key with one RSA keypair. Instead what you usually want to do is to use for example someone's public key to encrypt a randomly generated AES key and send the RSA encrypted key along with the AES encrypted data to the recipient.
This way you can use a different symmetric key for every data package.
This is just one use case, but it illustrates why there is no reason for such a dependency.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I've a server setup which is accessed via SSH by pulling a key from an external secure server. The SSH key is not password protected however asks for a password when I try to access the server:
Enter passphrase for key 'my-key'
When I view the key using vi, it has a noeol message at the end of the file
-----BEGIN OPENSSH PRIVATE KEY-----
...
...
-----END OPENSSH PRIVATE KEY-----
~
~
~
~
~
~
~
~/.ssh/my-key" [noeol] 27L, 1798C
This is rectified when I append \n when copying the key. Why does a lack of EOL cause the key to look for a password?
It can be because of the (proprietary) OPENSSH private key format, described here, which includes:
A format ID prefix
Encryption headers
An unused number for number of keys in the block
An rfc4253-style ssh public key
An private key somewhat modeled after the rfc4253 style
A comment
Padding for aligning private key to the blocksize
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a plain text and its cypher text. I know that the algorithm used was MD5. I want to break all cypher texts that are produced using the same algorithm.
Is there any way to do so?
Kerckhoffs's Principle applies here. Knowing the mathematics, and the interaction between the plaintext and ciphertext, will not let you break the MD5 hashing algorithm.
This is due to Shannon's principles of cryptography, outlined in 1945, "Confusion and Diffusion". In simple terms, this means that any even reasonably good encryption algorithm does not show a clear relationship between the cleartext and the ciphertext.
The short answer to your question is no, there is no way to break MD5 purely by knowing a cleartext and a ciphertext. There's no key, so you can't reverse engineer it like a simple XOR cipher.
However, **as MD5 is a very quick, processor-light algorithm, it has been (and is still) possible to simply bruteforce a vast array of cleartext strings, then compare your target ciphertext to the resulting **rainbow table.
This site can help you do this: MD5 Decryptor
I will mention, however, that it's generally rare that there is a use for this outside of computer misuse, which I will strongly caution you against.
I hope this was helpful.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
Out of curiosity, I just want to know the full form of "S/KEY" authentication method.
What does 'S' stand for ? and why is it written like S/KEY ?
According to RFC1760 and the original paper, it would stand for "secret key". More specifically, S would stand for the initial secret used in the hash chain.
A sequence of one-time passwords is produced by applying the secure
hash function multiple times to the output of the preparatory step
(called S). That is, the first one-time password is produced by
passing S through the secure hash function a number of times (N)
specified by the user. The next one-time password is generated by
passing S though the secure hash function N-1 times.
I've always heard/been told that S/KEY just means Secure Key or Security Key. As for why it's written that way, I have no idea, but I would assume it's just short-hand to not have to type the whole thing.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I am using RSA asymmetric encryption, encrypting the data using the public key and decrypting the data using the private key.
The public key will be shared in clients machines.
My question is if the user get the public key is there any way to get the private key using the public one?
The keys are mathematically linked, but it is not possible to get the private key from the public key (at least no one knows or admits to knowing how to do so). However, you can obtain the public key from the private key.
If you don't have a good understanding of Public-key cryptography, you might wonder about things and ask questions. And that's OK, it's confusing when you first think about it. Here's a great book Cryptography Decrypted that I recommend to friends who wish to learn more about cryptography in general. It has a very good section on Public-key cryptography and presents it in such a way that anyone can understand.
No. That is the very definition of public key cryptography.
Sure. Some currently-known methods for obtaining a private key, when the public key is already known, include:
1) Brute force. Should take about a million years or so to complete, depending on hardware. Suggestion---expire the public keys once every 500,000 years or so.
2) The user is the NSA, in which case it's entirely possible that they've introduced subtle, top-secret vulnerabilities into the hardware or software you're using to generate the keypair.
3) The user has a quantum computer. They'd have to invent it first, though. Probably worth a Nobel prize right there.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Diffie–Hellman offers secure key exchange only if sides are authenticated. for authentication, sides are using public/private key. so if side A knows the public key of the side B, then A can simply use that key to encrypt the message (or the new session key). why bother to use separate key exchange algorithm?
Diffie Hellman is designed to exchange a shared key. So the question could be rephrased as: Why would I want to use a shared key, when public/private key pairs offers encrpytion and ease of sharing public keys?
The benefits of a shared key over public/private keys are:
Shared keys have faster algorithms compared to public/private key algorithms and thus require less processing power.
It is possible for attackers to impersonate when using public/private key encrption, if a certificate authority is compromised: See the DigiNotar case.