> Testbed Support for GridPP member institutes
> > [mailto:[log in to unmask]] On Behalf Of Jensen, J (Jens)
said:
> > You probably know this but Dave Kant implemented encryption stuff
> > for APEL. It takes the DN, adds random stuff which includes
> > timestamp IIRC, and encrypts it with an RSA public key and sends
> > it off to the central db where it's decrypted. The random
> > stuff prevents the same user from being sent as the same
> > encrypted message every time...
>
> Is it that hard to crack though? You have a fairly small pool of
> possible DNs, and most of the timestamp is predictable.
It does not use the timestamp IIRC. It uses a cryptographically strong
PRNG which complies with various FIPS standards -you are more than
welcome to review the APEL document detailing the implementation.
|