To bootstrap a secure connection, the most simple and efficient solution
is to use a pseudorandom generator as is done with SSL and TLS. With
this approach all party need simply to send one half of the random seed
to the other party. Each party can then combine so that they both get
the same random number generator seed. The weekest random seed will be
compensated by the strength of the other.
A thrid party couldn't go very far if he managed to "guess" the random
number generated by one party.
I plan to use the following algorithm to setup the secure connection.
Its benefit is that it needs only one message exchange. The drawback is
that invalid setup will only be detected with the first subsequent
message received.
Each party generate the same message structure. It encrypts the random
numbers (i.e.40) with its private key, add an id of itself and the
encrypt the whole message with the remote host public key.
Encryption with the public key ensures that only the owner of the
private key can decrypt the message. Encryption with the private key
provides the mean for authentication. The id is used by the server to
locate the corresponding public key. The client (initiator of the
connection) must already know the public key of the remote host. So the
id the server returns is just for checking.
dreijer a écrit :
Wei Dai wrote:
Usually the first method is used, because RSA encryption is much slower
than symmetric encryption.
Yeah, I agree, but I'm only using RSA to bootstrap a secure connection
and to do a DH to generate a shared session key. Basically, I have only
around four messages going back and forth and I think the overhead by
just doing multiple RSA encryptions is negligible (since this is not
real-time communication but instead during initialization).
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Crypto++
Users" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cryptopp-users?hl=en
-~----------~----~----~----~------~----~------~--~---
