At 07:36 AM 3/7/00 -0800, you wrote:
>Karl Denninger <[EMAIL PROTECTED]> writes:
> > Well, confidentiality implies integrity, in that a tampered data stream
> > won't decode. Public key crypto with a known certification on the public
> > key provides non-repudiation (assuming the private key has not been
> > compromised)
>This is absolutely not true.
>
>Consider a data stream enciphered with RC4. It's perfectly
>easy to undetectably flip any plaintext bit by
>flipping the corresponding ciphertext bit. If you know the
>plaintext, you can modify it predictably.
Perhaps... but isn't this impractical? The key phrase here is "If you know the
plaintext...". How would one know if a random, encrypted stream is a
recipe, a love letter, or a secret message to religious extremists? It all
just looks like encrypted packets.
Jon
-----------------------------------------------------------------
Jon Earle (613) 612-0946 (Cell)
HUB Computer Consulting Inc. (613) 830-1499 (Office)
http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
"God does not subtract from one's alloted time on Earth,
those hours spent flying." --Unknown
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
