tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Power-Netz \(Schwarz\)" <>
Subject AW: Security problem?
Date Fri, 07 Jun 2002 09:33:07 GMT
> This is one way, there are probably others. By using encryption
> you can make
> such a transaction secure.
> If site X is where they buy the thing and site Y is your site:
> You could get site X to pass two things:
> - the amount of money the user is to pay in clear text
> - the amount of money the user is to pay encrypted with the private key of
> site X as a digest.

IMHO, the first step of a cracked key. If you send the encrypted message as
plain text,
you give anyone who tries to crack that key a major hint.


just send the encrypted data, nothing else. Keeps your secret key a secret.
If anyone
tries to change the amount of money , the decrypter can tell you that.

And i suggest to send more encrypted data as you need to send. With this an
attacker can't guess
which of the "cracked" decrypted data is correct, which makes it harder to a
brute force attack
to get throu, even if the key get cracked by random tries :-)


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message