Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m currently writing an examen about \'Lessons Learned in the IT-Security\'. I

ID: 657015 • Letter: I

Question

I'm currently writing an examen about 'Lessons Learned in the IT-Security'. I already found some thing, which shouldn't be done. But right now I'm in trouble finding the reasons why not to do so. Maybe you could explain me why or even better know about any citable source, which describes the following:

Why don't I use the same key for encryption in both ways?
Why don't I use the same key for encryption and authentication?

It would also be helpful, if anyone could tell me about known attacks, that exploit the mistakes above.

By the way I used this site: Lessons learned and misconceptions regarding encryption and cryptology as the starting point for my research.

Thanks a Lot!!

Explanation / Answer

The reason is that there can exist weaknesses in the cryptosystems allowing they to be circumvented, since the keys have a mathimatical relationship with each other.

For example, lets say I eavesdrop a encrypted message from A to B. Then I take the encrypted message, and "blind" this message with a blinding factor. Then I send this encrypted+blinded message to B, and ask him to sign it. Lets say he have a reason to sign things from me too.

Since signing is effectively decryption, the message that is returned, is the blinded, unencrypted message, that you return to me. I unblind the message with the secret blinding factor, and then I have the message, unencrypted. and you know nothing that I have access to that message.

This can also apply to schemes where a symmetric key is used, since I could just send you the encrypted symmetric key, blinded. And blind signing requires that a hashing scheme is NOT used during signing, so a software must be able to detect a blind message to be signed, and sign it directly.

Thats why you should not use same key for encryption and signing.

Related Questions

I\'m currently finishing my last year of highschool in Australia and got really
Question #2172
I\'m currently following a tutorial to create a PHP website using GoogleApp Engi
Question #662589
I\'m currently going through a course on software security. I\'ve recently been
Question #661151
I\'m currently in Bosnia, which has been hit with the worst flood in its history
Question #660645
I\'m currently in a high-performance computing class taught in C++. Usually, I d
Question #655074
I\'m currently in a position where there are two of us, and neither of us should
Question #657282
I\'m currently in a statistics class and I have very poor math skills. I don\'t
Question #2957324
I\'m currently in the planning phase of an authentication and storage-ish servic
Question #649418
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m currently writing an RTOS for microcontrollers. The whole thing is written
Next
I\'m dealing with a time series that consists of one year\'s data of the result

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.