Rodrigo Garcia <str...@riseup.net> writes: >> But if everyone knows how to decrypt all the tokens they are not really >> secret; so it basically becomes the same as a signature, no? Except if >> it's *not* signed you may be able to spoof other values by changing the >> ciphertext of a valid token you already own (not sure how susceptible >> public crypto is to this)... >> > > Yes, but a node does not have the private key, so it can't create *new* > encrypted tokens by its own.
Not necessarily. In general, even if you don't know the private key, changing the ciphertext can still change the plaintext after decryption. Especially, since in your scheme an attacker only needs to change a single byte (holding the random number attached to a prefix) to get a new valid token for that prefix. For RSA in particular, don't encrypt things with the private key; see https://stackoverflow.com/questions/44261028/modification-of-rsa-encrypted-cipher-text and this answer linked from there: https://crypto.stackexchange.com/questions/15997/is-rsa-encryption-of-a-cryptographic-hash-with-a-private-key-the-same-as-signatu -Toke _______________________________________________ Babel-users mailing list Babel-users@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
