0

Lets assume there is a guy called Ben, he contacts some server for a ticket number and the server returns a random number to him. Ben then signs that number and sends it back to the server, which checks if its valid or not and accepts Ben's connection if it is. Assuming Ben then signs and sends emails on this server using his private key.

Pretend he uses the same private key to log in to a server and sign his emails. How could Ben's emails be forged. Assuming that the authentication mechanism signs the bare challenge without hashing, while for emails Ben signs the hash of the message body.

Only idea that come to mind at this point is it could be more or less an attack such as a Kerberos attack, where a malicious entity pretends to be the server and gives false positives to Ben. It could also be a chosen message attack or possibly having used the onetime of ElGamal signature again. What other things could it be and if one were to run into such a thing, what could be done to prevent it happening?

Anan
  • 65
  • 7
  • @MaartenBodewes sounds a lot like kerberos where an attacker pretends to be the authentication system. – Anan Oct 21 '19 at 15:31
  • This seems to be an assignment. Although your issue is now well defined, we require effort on your part for it to be considered on topic for our side. Please indicate what your ideas are for solving it. Including Kerberos in the mix is probably not helpful if this is an assignment. – Maarten Bodewes Oct 21 '19 at 15:56
  • huh that is indeed similar – Anan Oct 21 '19 at 23:52
  • Well, if there is anything that is not similar then please do ask. Finding a dupe generally also means finding answers, and that is the purpose of the site. I only found the dupe after another users drew my attention to the fact that there should be a dupe, finding one can be tricky. – Maarten Bodewes Oct 22 '19 at 00:14
  • Did the other Q/A not answer your question? If so, please comment below what is missing so we can possibly reopen. This is not sufficiently clear from the edit you made. – Maarten Bodewes Oct 25 '19 at 01:49
  • not directly, but it lead me to some other things which helped me – Anan Oct 25 '19 at 14:20
  • If you can answer yourself then I can also reopen if you wish. Self-answering is really appreciated, especially if it helps other persons with the same problem. – Maarten Bodewes Oct 25 '19 at 14:39

0 Answers0