[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [Re:] Interesting but vulnerable scheme for
From: Chris <info () delsec ! net>
Date: 2006-04-27 3:06:39
Message-ID: 20060426200639.1b1507a04a440dbbe6ab6eabc5c58a9e.97b0daf42f.wbe () email ! secureserver ! net
[Download RAW message or body]
Glenn,
There are a few parts of this I am confused on.
>In the cert is a private key. If the system were required to contact a
>"backend" server first, passing it perhaps a cipher containing its
>serial number encrypted with its private key and its identity, the
When you say pass a 'cipher' do you mean pass a message? And if you mean
pass a message then a public/private crypto system would encrypt this
message using the backend servers public key, not its own private key.
Or perhaps I have misread your posting.
>server could send back a (hopefully unique to that cert) decryption key
>that would decrypt the private key, allowing its use; the code at the PC
>would need to erase the cleartext private key when done. The server
Sending of any keys over the air like this is dangerous, thats what
makes public/private crypto systems good. The only drawback is you need
a good PKI to support those users and be the CA. The CA is the only
authority the system should 'trust' when it comes to certificate
validation and revocation. Which means a second 'backend' server may
not fit well into this picture.
>could check the serial number matched the "identity" (it would have the
>public key) to prevent a simple search of the server for these
>encrypting keys.
I am not sure I understand this last part, please elaborate.
----------------------------------------
Chris
Key ID: 7E8DE44E
info@delsec.net
----------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic