Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!convex!eugene!swarren
From: swarren@eugene.uucp (Steve Warren)
Newsgroups: comp.sys.amiga
Subject: Re: WB 1.3.2
Keywords: encrypt workbench release
Message-ID: <1928@convex.UUCP>
Date: 2 Oct 89 15:00:42 GMT
References: <14203@polyslo.CalPoly.EDU> <7825@cbmvax.UUCP> <6068@tekigm2.MEN.TEK.COM> <7850@cbmvax.UUCP> <6097@tekigm2.MEN.TEK.COM> <226@estinc.UUCP> <193@teslab.lab.OZ> <188@grape3.UUCP>
Sender: usenet@convex.UUCP
Reply-To: swarren@eugene.UUCP (Steve Warren)
Organization: Convex Computer Corporation, Richardson, Tx.
Lines: 47

In article <188@grape3.UUCP> king@grape3.UUCP (Steven King) writes:
>In article <193@teslab.lab.OZ> andrew@teslab.lab.OZ writes:
>>Using a public-key encryption system could ensure that any release you
>>got was the real thing.  Commodore would encrypt the software using their
>>secret key.  If you can decrypt it correctly using their public key then
>>you can be certain that it hasn't been tampered with.
>
>I'm not sure I understand the usefulness of this; maybe I just don't know all
>the ins and outs of encryption.  Wouldn't it be possible for the industrious
>virus-producer to decrypt the software, infect it, and then encrypt it again
>in such a way that the public key will still retrieve it?

That is the feature of public-key encryption.  It utilizes the fact that
factorizing numbers with large prime factors (hundreds of digits) would
require a machine like the CRAY Y/MP to calculate for a period of time
longer than the age of the universe.

Technically it is possible, but the number of calculations required is so
large that it is literally unfathomable.

The technique involves the use of very large prime numbers, one of which
is chosen for the encode key, and one of which is chosen for the decode
key.  Only the decode key is published.  The encoded message is a large
number which has as one of its factors the encoding key.  The decode
algorithm only requires the decode key, however.  It is a "trap door"
algorithm, that is, the encode key only works to encode messages, and
the decode key only works to decode messages, and since both numbers
are very large prime numbers, knowing one of them tells you nothing
about the other.

So, to answer your question, no, it wouldn't be possible for an industrious
virus-producer to encrypt anything in such a way that the public key
will still retrieve it.  In order to do that he would have to obtain
a copy of the encoding key, which (believe it or not :-) is unrelated
to the decoding key.  Unless he has access to another dimension where
time flows much faster (so he can place a computer there to calculate
continuously for billions of years), he will never be able to figure
out what the encode key is.

There was an article published in Scientific American about seven or
eight years ago which gives the mathematical justification for this
seemingly impossible technique.  I don't remember the date, but if
people are interested I will go back and find it.

--Steve
-------------------------------------------------------------------------
	  {uunet,sun}!convex!swarren; swarren@convex.COM