Share & grow the world's knowledge!

- BaldBear_13 on Why is sunlight warmer than light from bulbs?
- newytag on What is the actual purpose of the bots on social media?
- wknight8111 on How are software engineers objectively measured when problems span such large difficulty ranges and there are multiple ways to implement solutions?
- knit-flix-and-chill on How are software engineers objectively measured when problems span such large difficulty ranges and there are multiple ways to implement solutions?
- audigex on How are software engineers objectively measured when problems span such large difficulty ranges and there are multiple ways to implement solutions?

Copyright © 2022 AnswerCult

ROCA is a method for defeating public key infrastructure.

Public key encryption is most often used to sign data. The data is hashed using public method (summarized in a fixed length, like a phone number). Then, a private key encrypts this hash into a “signature” only the private key holder could have made. The reciprocal public key lets other people decrypt the signature and compare the result with the hash of the “signed” data they can figure out on their own. If they’re the same, it’s mathematically impossible the private key holder didn’t “sign” the data.

The attack basically tries to find a pattern to deduce the private key. A poor forward encryption method that takes the data hash and private key can give hints. For example, if the hash is always just multiplied by 2 and the forward encryption function multiplies the hash by the private key you know the private key is 2. Its way more complicated irl but that’s the gist. Once they have the private key they can “sign” fake data maliciously, like making an e-transfer look legit.