I see, however the project has already been accepted so i will have to do it anyway :(
Maybe i can think not to use random numbers but something to make it more difficult that a false ciphertext be accepted by other nodes. Thanks, i will use the references to point out the vulnerabilities. El 10/09/17 a las 13:13, Toke Høiland-Jørgensen escribió: >> Yes, but a node does not have the private key, so it can't create *new* >> encrypted tokens by its own. > > Not necessarily. In general, even if you don't know the private key, > changing the ciphertext can still change the plaintext after decryption. > Especially, since in your scheme an attacker only needs to change a > single byte (holding the random number attached to a prefix) to get a > new valid token for that prefix. > > For RSA in particular, don't encrypt things with the private key; see > https://stackoverflow.com/questions/44261028/modification-of-rsa-encrypted-cipher-text > and this answer linked from there: > https://crypto.stackexchange.com/questions/15997/is-rsa-encryption-of-a-cryptographic-hash-with-a-private-key-the-same-as-signatu _______________________________________________ Babel-users mailing list Babel-users@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users