Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is this scenario secure?

Tags:

security

rsa

encryption

I'm using RSA to encrypt communication between a server and a client. Lets say we have 2 Asymetric keys, key 1 and key2.

The server has key1 (Private) from the start and the client has the key1(public)

So here is the scenario:

  1. the client generates key2
  2. client connects to the server
  3. sending key2(public) encrypted with key1(public)
  4. from now on the server will send all data encrypted with the key2(public)
  5. the client sends some random data to the server
  6. the server sends back the same data hashed
  7. the client verifies that the data is right

As far as I can see this should prevent a man-in-the-middle attack, or am I missing something? At point 7 the client should know if someone is trying to give the server the wrong key to encrypt with, as no one else but the server can decrypt key2(public).

If there is anything that can be done to improve the security please tell me.

like image 781
Peter Avatar asked Mar 04 '09 18:03

Peter

People also ask

What is security scenario?

1 a policy of temporary secrecy by police or those in charge of security, in order to protect a person, place, etc., threatened with danger, from further risk.

Which of the following ways can you secure your password from disclosure?

Using passwords that can't be easily guessed, and protecting your passwords by not sharing them or writing them down can help to prevent this. Passwords should be at least 8 characters in length and use a mixture of upper and lower case letters, numbers, and symbols.

2 Answers

The best thing you can do to improve the security is to use an existing design and not try to reinvent the wheel. I'm not saying that what you've done is necessarily wrong, but just that many people much smarter than you and me have spent a lot of time thinking about this problem. Use TLS instead.

like image 120
Greg Hewgill Avatar answered Sep 21 '22 11:09

Greg Hewgill

As long as key1 (private) has not been intercepted somehow by a third-party, your scenario looks secure.

I think I saw this somewhere in a paper actually. In it, Alice gave Bob an unlocked box (key 1 public), then Bob put a bunch of his own boxes (key 2 public) in it, locks it and sends it back to Alice. Alice then opens the box(key 1 private), and now she can securely seal the boxes that Bob just gave her.

Despite the box analogy, that's essentially what you're doing, so I'd say its secure.

like image 37
samoz Avatar answered Sep 22 '22 11:09

samoz
Sign in to Comment

Related questions

Should the function or the caller be responsible for input validation?
PHP secure user variable
What is the point of Code signing "Debug" or "Release" in XCode?
Generate secure random number uniformly over a range in Java
Why does Chrome hate self-signed certificates so much?
Your Connection is not private just in my websites (privacy Error) - Page Gets Stuck in Security Page [closed]
Spring Boot Security redirect after successful login - undefined
How to make php script delete itself (and includes dir) [duplicate]
Are these two functions overkill for sanitization?
What's the point of the Anti-Cross-Domain policy?
Secure ConnectionString in WinForm Applications
Can iOS really support AES 256?
Forcing app to use Apple Keyboard in iOS 8
Can I identify a hash algorithm based on the initial key and output hash?
What are all the resources that can be associated with a security group in AWS?
PHP - Security what is best way?
What is the simplest license key generator I can develop myself in 1 day? [closed]
Is it possible to identify a hash type?
WARNING: Your version of git is 1.9.3. has serious security vulnerabilities
How secure is laravel 5.1? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!