Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!uunet!convex!eugene!swarren From: swarren@eugene.uucp (Steve Warren) Newsgroups: comp.sys.amiga Subject: Re: WB 1.3.2 Keywords: encrypt workbench release Message-ID: <1928@convex.UUCP> Date: 2 Oct 89 15:00:42 GMT References: <14203@polyslo.CalPoly.EDU> <7825@cbmvax.UUCP> <6068@tekigm2.MEN.TEK.COM> <7850@cbmvax.UUCP> <6097@tekigm2.MEN.TEK.COM> <226@estinc.UUCP> <193@teslab.lab.OZ> <188@grape3.UUCP> Sender: usenet@convex.UUCP Reply-To: swarren@eugene.UUCP (Steve Warren) Organization: Convex Computer Corporation, Richardson, Tx. Lines: 47 In article <188@grape3.UUCP> king@grape3.UUCP (Steven King) writes: >In article <193@teslab.lab.OZ> andrew@teslab.lab.OZ writes: >>Using a public-key encryption system could ensure that any release you >>got was the real thing. Commodore would encrypt the software using their >>secret key. If you can decrypt it correctly using their public key then >>you can be certain that it hasn't been tampered with. > >I'm not sure I understand the usefulness of this; maybe I just don't know all >the ins and outs of encryption. Wouldn't it be possible for the industrious >virus-producer to decrypt the software, infect it, and then encrypt it again >in such a way that the public key will still retrieve it? That is the feature of public-key encryption. It utilizes the fact that factorizing numbers with large prime factors (hundreds of digits) would require a machine like the CRAY Y/MP to calculate for a period of time longer than the age of the universe. Technically it is possible, but the number of calculations required is so large that it is literally unfathomable. The technique involves the use of very large prime numbers, one of which is chosen for the encode key, and one of which is chosen for the decode key. Only the decode key is published. The encoded message is a large number which has as one of its factors the encoding key. The decode algorithm only requires the decode key, however. It is a "trap door" algorithm, that is, the encode key only works to encode messages, and the decode key only works to decode messages, and since both numbers are very large prime numbers, knowing one of them tells you nothing about the other. So, to answer your question, no, it wouldn't be possible for an industrious virus-producer to encrypt anything in such a way that the public key will still retrieve it. In order to do that he would have to obtain a copy of the encoding key, which (believe it or not :-) is unrelated to the decoding key. Unless he has access to another dimension where time flows much faster (so he can place a computer there to calculate continuously for billions of years), he will never be able to figure out what the encode key is. There was an article published in Scientific American about seven or eight years ago which gives the mathematical justification for this seemingly impossible technique. I don't remember the date, but if people are interested I will go back and find it. --Steve ------------------------------------------------------------------------- {uunet,sun}!convex!swarren; swarren@convex.COM