Hi Cleament,<br>thanks for the reply.<br><br>On this base - would you say that symmentric crypto provides authentication as one of its security services (with the exception of non-repudiation) ?<br><br>Thanks,<br>Andrea<br>
<br><div class="gmail_quote">On Sat, Oct 10, 2009 at 7:19 PM, Clement Dupuis <span dir="ltr"><<a href="mailto:clement.dupuis@cccure.com">clement.dupuis@cccure.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Good day,<br><br>IPSEC, SSL, TLS, all comes to mind.<br><br>Diffie Hellman hiding within those protocol does it for you in the background.<br><br>Take care<br><br>Clement<br><br clear="all">Clément Dupuis, CD<br>CISSP, GCFW, GCIA, QEH, QSA, Security+, CEH, ECSA, LPT, CCSA, CCSE, MBNS, MBIS, MBHS, ACE<br>
----------------------------------------------------------------------------------------------<br>In real life:<br>Senior Security Specialist and Instructor<br>Security University<br>>> Call me to get the best CISSP training <<<br>
----------------------------------------------------------------------------------------------<br>In Cyberspace:<br>President/Security Evangelist/Chief Learning Officer (CLO)<br>The CCCure Family of Portals<br>----------------------------------------------------------------------------------------------<br>
Business: 407 479 3903<br>Fax: 407 264 8396 <br><br>Maintainer of :<br>The CISSP and SSCP Open Study Guides Web Site<br><a href="http://www.cccure.org" target="_blank">http://www.cccure.org</a> <br><br>The Professional Security Testers Warehouse<br>
<a href="http://www.professionalsecuritytesters.org" target="_blank">http://www.professionalsecuritytesters.org</a> <br><br>Knowledge sharing and giving back to the community<br>
<br><br><div class="gmail_quote"><div><div></div><div class="h5">On Sat, Oct 10, 2009 at 14:00, Andrea Gatta <span dir="ltr"><<a href="mailto:andrea.gatta@gmail.com" target="_blank">andrea.gatta@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="h5">
Hi,<br>several sources include authentication - or better system or message authentication - as one of the symmetric criptography security services (the other is clearly confidentiality).<br><br>Clearly the authentication provided by symmetric key crypto cannot provide non-repudiation since it uses one single key to encrypt/decrypt and which is not tied to a uniquely identifiiable user.<br>
<br>As for the implementation of the above concept, I can think at the way Kerberos authenticate principals - possession of the session key (other than authenticator information).<br><br>Other than that an example of this could be CBC-MAC.<br>
<br>Can someone provide other explamples or better some place in which symmetric key crypto and authentication are treated more systematically ? <br><br>Thanks <br><font color="#888888">Andrea<br>
</font><br></div></div>_______________________________________________<br>
cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org" target="_blank">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br></blockquote></div><br>
<br>_______________________________________________<br>
cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br>
<br></blockquote></div><br>