[Babel-users] About an authentication extension

Toke Høiland-Jørgensen toke at toke.dk
Sun Sep 10 17:13:54 UTC 2017


Rodrigo Garcia <strysg at riseup.net> writes:

>> But if everyone knows how to decrypt all the tokens they are not really
>> secret; so it basically becomes the same as a signature, no? Except if
>> it's *not* signed you may be able to spoof other values by changing the
>> ciphertext of a valid token you already own (not sure how susceptible
>> public crypto is to this)...
>> 
>
> Yes, but a node does not have the private key, so it can't create *new*
> encrypted tokens by its own.

Not necessarily. In general, even if you don't know the private key,
changing the ciphertext can still change the plaintext after decryption.
Especially, since in your scheme an attacker only needs to change a
single byte (holding the random number attached to a prefix) to get a
new valid token for that prefix.

For RSA in particular, don't encrypt things with the private key; see
https://stackoverflow.com/questions/44261028/modification-of-rsa-encrypted-cipher-text
and this answer linked from there:
https://crypto.stackexchange.com/questions/15997/is-rsa-encryption-of-a-cryptographic-hash-with-a-private-key-the-same-as-signatu

-Toke



More information about the Babel-users mailing list