Computer Security
 » 
Penetration Testing

Re: Encryption - Kerberos

View: New views
2 Messages — Rating Filter:   Alert me  

Parent Message unknown Re: Encryption - Kerberos

by Radmilo Racic :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Encryption only provides a confidentiality so even a human would not
know if the text has been properly decrypted without an integrity
check. In other words, a human or a service can check a
hash/MAC/digital signature to ensure that the integrity of the text.

Kerberos does indeed offer integrity service (optionally) through a
one-way hash that is sent along the plaintext.

Hopefully this answers your question.

Cheers,
-- Radmilo

On Mon, Oct 26, 2009 at 9:46 AM, Radmilo Racic <rracic@...> wrote:

>
> Encryption only provides a confidentiality so even a human would not know if the text has been properly decrypted without an integrity check. In other words, a human or a service can check a hash/MAC/digital signature to ensure that the integrity of the text.
> Kerberos does indeed offer integrity service (optionally) through a one-way hash that is sent along the plaintext.
> Hopefully this answers your question.
> Cheers,
> -- Radmilo
> On Sat, Oct 24, 2009 at 2:23 AM, M.D.Mufambisi <mufambisi@...> wrote:
>>
>> Hi people.
>>
>> I have a question on encryption. When say a sentence such as "my name
>> is bruno" is encrypted, to say ciphertext "sakjkg6*672khkhkjhs
>> jhkhaskh" and sent to my friend stan....who then decrypts it....back
>> to "my name is bruno". Stan will be able to tell that he has
>> succesfully decrypted the ciphertext because he is human and the
>> resultant decrypted text makes sense to him right?
>> Now in the instance of kerberos, where there are no humans but
>> computers or services.....how does a service know that it has
>> succesfully decrypted ciphertext? I have seen that PGP can tell that a
>> text is succesfully decrypted. How does it do this? I hope my question
>> is clear.
>>
>> Regards
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>> ------------------------------------------------------------------------
>>
>

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


Re: Encryption - Kerberos

by Edd Burgess :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

It might also be worth noting that Kerberos is not itself an encryption
method. Kerberos is an identity authentication protocol defined by a
series of messages, it is built upon hash and cipher function primitives.

When a ciphertext is passed over a network or a key exchange of some kind
occurs, the network stack ensures end to end integrity in a variety of
ways, so the decryption which happens high up the stack in the
presentation layer can assume the values it is working with are what were
sent to it - whether or not they are correct is not the business of the
encryption layer, if you see what I mean.

-Edd

On Mon, October 26, 2009 16:46, Radmilo Racic wrote:

> Encryption only provides a confidentiality so even a human would not
> know if the text has been properly decrypted without an integrity check. In
> other words, a human or a service can check a hash/MAC/digital signature
> to ensure that the integrity of the text.
>
> Kerberos does indeed offer integrity service (optionally) through a
> one-way hash that is sent along the plaintext.
>
> Hopefully this answers your question.
>
>
> Cheers,
> -- Radmilo
>
>
> On Mon, Oct 26, 2009 at 9:46 AM, Radmilo Racic <rracic@...> wrote:
>
>>
>> Encryption only provides a confidentiality so even a human would not
>> know if the text has been properly decrypted without an integrity
>> check. In other words, a human or a service can check a
>> hash/MAC/digital signature to ensure that the integrity of the text.
>> Kerberos does indeed offer integrity service (optionally) through a
>> one-way hash that is sent along the plaintext. Hopefully this answers
>> your question. Cheers,
>> -- Radmilo
>> On Sat, Oct 24, 2009 at 2:23 AM, M.D.Mufambisi <mufambisi@...>
>> wrote:
>>
>>>
>>> Hi people.
>>>
>>>
>>> I have a question on encryption. When say a sentence such as "my name
>>>  is bruno" is encrypted, to say ciphertext "sakjkg6*672khkhkjhs
>>> jhkhaskh" and sent to my friend stan....who then decrypts it....back
>>> to "my name is bruno". Stan will be able to tell that he has
>>> succesfully decrypted the ciphertext because he is human and the
>>> resultant decrypted text makes sense to him right? Now in the instance
>>> of kerberos, where there are no humans but computers or
>>> services.....how does a service know that it has succesfully decrypted
>>> ciphertext? I have seen that PGP can tell that a text is succesfully
>>> decrypted. How does it do this? I hope my question is clear.
>>>
>>> Regards
>>>
>>>
>>> ---------------------------------------------------------------------
>>> ---
>>> Securing Apache Web Server with thawte Digital Certificate
>>> In this guide we examine the importance of Apache-SSL and who needs an
>>> SSL certificate.  We look at how SSL works, how it benefits your
>>> company and how your customers can tell if a site is secure. You will
>>> find out how to test, purchase, install and use a thawte Digital
>>> Certificate on your Apache web server. Throughout, best practices for
>>> set-up are highlighted to help you ensure efficient ongoing
>>> management of your encryption keys and digital certificates.
>>>
>>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>>> 442f727d1
>>> ----------------------------------------------------------------------
>>> --
>>>
>>>
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted
> to help you ensure efficient ongoing management of your encryption keys
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f
> 727d1
> ------------------------------------------------------------------------
>
>
>


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Free embeddable forum powered by Nabble Forum Help