tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Power-Netz \(Schwarz\)" <schw...@power-netz.de>
Subject AW: Security problem?
Date Fri, 07 Jun 2002 09:33:07 GMT
>
> This is one way, there are probably others. By using encryption
> you can make
> such a transaction secure.
> If site X is where they buy the thing and site Y is your site:
>
> You could get site X to pass two things:
> - the amount of money the user is to pay in clear text
> - the amount of money the user is to pay encrypted with the private key of
> site X as a digest.

IMHO, the first step of a cracked key. If you send the encrypted message as
plain text,
you give anyone who tries to crack that key a major hint.

@Laura:

just send the encrypted data, nothing else. Keeps your secret key a secret.
If anyone
tries to change the amount of money , the decrypter can tell you that.

And i suggest to send more encrypted data as you need to send. With this an
attacker can't guess
which of the "cracked" decrypted data is correct, which makes it harder to a
brute force attack
to get throu, even if the key get cracked by random tries :-)

M.Schwarz


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message