Re: Digital signature in muLinux - tests wanted

From: Lars.Nordstrom@abc.se
Date: Thu Nov 09 2000 - 13:24:58 CET


Hello all.

On 2000-11-08 mulinux@sunsite.auc.dk said:

 mu>You can use PGP to decrypt, using the passphrase "mulinux".
 mu>Is is true: this is my first real usage of the IDEA cryptography.
 mu>(Ok, in this case this is not true "cryptography", but a sort
 mu>of "steganography", or "cryptography against the baby" :-) )

 Yes, it works.
 And it is true encryption but with no public key. It uses a
 secret key, the passphrase. But now that key isn't secret
 anymore. :-)
 
 mu>I would like to ask to Lars Nordstrom, own crypto-guy on the list,
 mu>if there is a simple way to generate a key for the address
 mu>mulinux@sunsite.auc.dk
 mu>so every subscriber can read/send PGP encrypted message. How
 mu>to handle a such mechanism? What kind of hand-shake is required
 mu>beetween us, the subscribers?

 AFAIK, this will be complicated and clumsy. I've seen
 discussions on this subject in comp.security.pgp.discuss and
 decided not to try it. :-)

 PGP isn't designed to do this but can be used in several ways:

 Each member of the list have the same secret key to decrypt the
 messages which means it's not secret at all.

 Each member has the public key of every other member and
 encrypts all messages to everybody. Each message can be
 encrypted with several keys so only one message needs to be
 sent to the list.

 Each member uses mulinux public key to encrypt and send a
 message to the list. The list server has the public keys of
 every list member. The server decrypts messages and encrypts
 them again to each member with his/her public key and sends
 them.

 To decrypt a message on my own computer takes several seconds
 and I have to write the passphrase for each one. For the
 relatively low volume on this list it could be done for a few
 days before I get tired of it. On a high volume list, well...

 And then we have the problem of authenticating keys...

 I can't see the benefit of an encrypted list but I've been
 wrong before. Please tell.

 What I have seen in other places is that the list moderator
 signs each cleartext message. Then the readers can verify that
 a message isn't forged.

 Regards,
 Lars

"Computers are like air conditioners
- they stop working properly when you open Windows"

Net-Tamer V 1.10.1 - Registered

---------------------------------------------------------------------
To unsubscribe, e-mail: mulinux-unsubscribe@sunsite.auc.dk
For additional commands, e-mail: mulinux-help@sunsite.auc.dk



This archive was generated by hypermail 2.1.6 : Sat Feb 08 2003 - 15:27:16 CET