[Cisspstudy] Symmetric cryptography - Authentication

Andrea Gatta andrea.gatta at gmail.com
Sat Oct 10 14:37:18 EDT 2009 

Hi Cleament,
thanks for the reply.

On this base - would you say that symmentric crypto provides authentication
as one of its security services (with the exception of non-repudiation) ?

Thanks,
Andrea

On Sat, Oct 10, 2009 at 7:19 PM, Clement Dupuis
<clement.dupuis at cccure.com>wrote:

> Good day,
>
> IPSEC, SSL, TLS, all comes to mind.
>
> Diffie Hellman hiding within those protocol does it for you in the
> background.
>
> Take care
>
> Clement
>
> Clément Dupuis, CD
> CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS,
> MBIS, MBHS,  ACE
>
> ----------------------------------------------------------------------------------------------
> In real life:
> Senior Security Specialist and Instructor
> Security University
> >>  Call me to get the best CISSP training  <<
>
> ----------------------------------------------------------------------------------------------
> In Cyberspace:
> President/Security Evangelist/Chief Learning Officer (CLO)
> The CCCure Family of Portals
>
> ----------------------------------------------------------------------------------------------
> Business:  407 479 3903
> Fax:          407 264 8396
>
> Maintainer of :
> The CISSP and SSCP Open Study Guides Web Site
> http://www.cccure.org
>
> The Professional Security Testers Warehouse
> http://www.professionalsecuritytesters.org
>
> Knowledge sharing and giving back to the community
>
>
> On Sat, Oct 10, 2009 at 14:00, Andrea Gatta <andrea.gatta at gmail.com>wrote:
>
>> Hi,
>> several sources include authentication - or better system or message
>> authentication - as one of the symmetric criptography security services (the
>> other is clearly confidentiality).
>>
>> Clearly the authentication provided by symmetric key crypto cannot provide
>> non-repudiation since it uses one single key to encrypt/decrypt and which is
>> not tied to a uniquely identifiiable user.
>>
>> As for the implementation of the above concept, I can think at the way
>> Kerberos authenticate principals - possession of the session key (other than
>> authenticator information).
>>
>> Other than that an example of this could be CBC-MAC.
>>
>> Can someone provide other explamples or better some place in which
>> symmetric key crypto and authentication are treated more systematically ?
>>
>> Thanks
>> Andrea
>>
>> _______________________________________________
>> cisspstudy mailing list
>> cisspstudy at cccure.org
>> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>>
>>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20091010/b9a04409/attachment.html>

More information about the cisspstudy mailing list