pgp and me

[GMT]

No you've still got me lost here. If I send you a public key, and you use it to encrypt a message to me, then that encryption (to my mind) can be decrypted with the same public key I sent you. As it is only encrypted with the one key at that point that I sent to you. Anyone who is watching the traffic between us, would clearly also have a copy of me sending you my public key, (or in your case copy it from your homepage here) and could then use it to decrypt any messages that you return to me using that key. I'm afraid I'm still lost as to the purpose of the second key. Ok someone stumbling across the traffic may have a hard time decoding it, but even then it's just time and repetition to crack. Also it wouldn't hide the fact that you were surfing certain sites. What aspect of this don't I understand?

 

[GMT]

In the olden days theere was a similar but better system. I want to send you a message with a messenger that I dont want the messenger to read. I put it in a box and lock it. I cant send the key with the messenger as he'd open the box with it. I can't send it with a second messenger in case he meets up with the first on route. So I dont bother. The recipient then , rather than unlocking the box, adds a second lock of his own and returns the box. I then take my lock off the box and send it back with his lock on it. He then takes off his lock and reads it. This seems far more secure to me than this PGP invention, although there is a risk of the messenger just smashing the box to bits of course.

 

[Underground Man]

The public key can't decrypt anything, it is a one way operation. Hence the word asymettric.

Having the public key and the message will get you nowhere. You need the message and the private key that is associate with the public key used to encrypt the message.

The point pf public key encryption is that you can exchange public keys over a watched/insecure medium, the same medium that you send your encrypted mesages through.

With your example (symettric "encryption") the channel over which you send the key must be secure.

 

[Underground Man]

If you want to send me a message, you need my public key (because only i posess the private key that will descrypt messages encoded with my public key.)

If I want to send you a message you must give me your public key.

It doen't matter if other people have my public key because the only thing they can use it for is encrypting messages which only I would be able to decrypt.

to use the lockbox analogy, giving you my public key is like giving you a box that automatically locks and only I can open.

 

[GMT]

Lets make this really simple for me please. Lets say that the message ( we'll make it mathematical as all letters/symbols comp. related are jsut numbers), is "10". My private key is 3 and my public key is 4. Everyone knows my public key is 4. You encrypt the message "10" by multiplying it by 4. The message you send me is "40". Where does my 3 come in? And if everyone knows my public key is 4, what is to stop them working out the message is 10. If no one knew the public key was 4, there could be various messages that could be encrypted within the message 40. But when the message represents words, surely you could guess at 1,2,3,4 before decoding it. Now looking at your public key, it would take a while, but I still can't see anything to prevent it.

 

[Underground Man]

Sorry I can't really explain it because I don't really understand the math, only how to use it .

I do know that it's not as easy as picking two random numbers for your keys.

There are a ton of pages out there explaining it though. I too would like to see a demo with very small numbers.

http://primes.utm.edu/glossary/page.php?sort=RSA
http://primes.utm.edu/glossary/page.php?sort=RSAExample

To use this system we first find two large primes p and q and form their product n = pq. Next we choose a random integer e which is relatively prime to (p-1)( q-1) (this is phi). The pair (n,e) is made public (it is the public key), but the prime factors p and q are kept secret. Using this public key anyone can encrypt a message to send to us, a message which presumably only we can decrypt.

Suppose John wishes to send us an encrypted message. John would convert his message to numbers (using, for example, a=01, b=02, . . . , z = 26, blank=27) and break this message into blocks smaller than the number n. For each block B John computes an encrypted block C as follows.

C = Be (mod n)

John then can send the blocks C to us.

We can decrypt this message using Euler’s theorem. To decrypt any message we first calculate an integer d such that ed = 1 (mod (p-1)( q-1)). (This is easily done using the extended Euclidean algorithm.) The pair (n,d) is the private key, and once it is found all records of the prime factors p and q of n should be destroyed.

Now for each encrypted block C we just calculate

B = Cd (mod n).

 

[Underground Man]

here's a good one.
http://www.iusmentis.com/technology/encryption/pgp/pgpattackfaq/asymmetric/

 

[GMT]

Thaks mate, I'm going to do some calculations now, I may be gone for some time, lol

 

[GMT]

Working that out was a real
Here we go:
Primes P=3, Q=5 Both are kept secret and are discarded once N, phi and E are calculated.

Product = N = 3*5 = 15 and will be made public

Phi = p-1 * q-1 = 2*4 = 8

E = relative prime of Phi = a number that has common dividors with Phi other than 1 and itself relatively = 7 (one possible E for a Phi of 8)

Private Key = D where D*7=1(mod(2)(4)

( I would have worked this value out but excel interprets the command mod as you want to know the remainder of a division . Unfortunately I can't find my scientif calculator either to work it out on)

The Public Key = 15, 7

B= the original message you want to send
C= the encrypted message

The formula for encryption is C=BE(modN)
Therefore the short message "I want" becomes the result of (remembering I'll have to write the formula for each value as I can't find my calculator, nor can I do it in my head) C=9*7(mod15), C=27*7(mod15), C=23*7(mod15), C=1*7(mod15), C=14*7(mod15), C=20*7(mod15).

To Decrypt the message follows the formula B=CD(mod15)
Or your message is the encrypted message multiplied by your private key(mod15).

Now the 7 part of your public key is safe as 7 is only 1 of a number of possabilities but the 15 part is the hackable part
It needs to be pretty big ( and will be if multiplying very large numbers) in order to make the number of prime numbers that are divisable into it numerous


To be continued to prevent me losing what I've typed so far if I get disconnected now.

 

[GMT]

However by trial and error, checking the results of each against whether the decrypted message is coherant, is perfectly possible however time consuming. The faster the processors used, the quicker the operation will be. This means that it is difficult to crack but not impossible.
In order to make it harder to crack, you could have your mates encode the message before encrypting it so that when the correct keys are used, the message will be incoherant making the correct key seem incorrect. Messages that consist purely of numbers would be far more difficult to crack as it would be difficult to know when you have the correct sequence of numbers. A message in english would be far easier to recognise once cracked accuratley.

However it is only of use when sending PMs and I see that is what you are using it for.
But anyone watching this, would then pick you out as a prime target as peeps sending encrypted data accross a monitored network would surely be deemed to be sending data that is more sensative than others. And what is worse, it doesn't hide where you are sending it from. Which personally would be the main benefit. Also when sending in your details by PM to DG for a delivery, as DG doesn't use this PGP, you aren't covered.
In addition, I now realise that the 128 bit encryption used by everyone including my bank, is really slack, giving access to my account to anyone with the hard / software necessary to crack it, which by common concensus, doesn't seem to be all that much by the standards of intelligence agancies, meaning that everyone's personal data is up for grabs.

 

[Underground Man]

Wow! RSA implented in excell! haha what would be really great and pointless is to do it with google calulator.

would surely be deemed to be sending data that is more sensative than others

maybe so, more people need to use encryption then I am happy to encrypt totally in-sensitive data though. Why not!?

I now realise that the 128 bit encryption used by everyone including my bank, is really slack,

128 bits is a HUGE number still. 2^128 values is a ton.
I think you missed the part in my previous post about it taking at minimum10,000 gigawatt years just to represent all the values that can fit in 128 bits and that is only with peak theoretical effeciency.

hmm unless you are talking about SSL which is public key (? i think?). so not all the values are possible keys.

I don't know anything about SSL but maybe it just uses public key to send a 128 bit symettric session key.

 

[GMT]

but how many of those possabilities are prime numbers? By pre calculating all the prime numbers, (well ya know what i mean), you can cut out a lot of the computational requirements, and reduce the times significantly.

 

[Scottish Research]

Bump.




R.Fortune

 

[supermanlives]

I shouldn't smoke so much and try to learn this shit

 

[420somewhere]

I was very stoned in the 80's and 90's .......

I was very stoned in the 80's and 90's .......

When I programmed for the Defense Dept.

To start SuperMan, get yourself a 64 gigabyte USB stick.

Install TOR and PGP - and you are halfway there.

Then you will need someone you trust to start using PGP

You can use TOR to access a PGP forum to get advice.

I would also smoke lot's of weed while you are learning, that way you will be able to do it when stoned.

Works for me.