tait
/
site
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c055e94b85'
${ noResults }
site/2020/04/02/rsa3/index.html

194 lines
9.5 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>How Asymetric Encryption Works | tait.tech</title>
<link rel="stylesheet" href="/assets/css/style.css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="author" content="Tait Hoyem">
<meta name="keywords" content="">
<meta name="description" content="">
</head>
<body>
<div id="wrapper">
<header>
<h1>tait.tech</h1>
<nav>
<a href="/" class="nav-link" >Home</a>
<a href="/blog/" class="nav-link" >Blog</a>
<a href="/ideas/" class="nav-link" >Ideas</a>
<a href="/links/" class="nav-link" >Links</a>
<a href="https://github.com/TTWNO/" class="nav-link" target="_blank" rel="noopener noreferrer" >Github</a>
</nav>
</header>
<main>
<article>
<header>
<h1 class="post-title">How Asymetric Encryption Works</h1>
<time datetime="20-04-02" class="post-date">Thursday, April 02 2020</time>
</header>
<hr>
<p>In a few previous articles I have explained <a href="/2020/01/26/rsa1/">why encryption may be important to you</a> and <a href="/2020/02/19/rsa2/">how the theory behind encryption works</a>. I did not yet explain the system of asymetric cryptography, however. That is what this article is for.</p>
<p>Previously, we talked about how <em>symetric</em> encryption works. This is by having a shared key that both parties use to simultaniously encrypt, and decrypt the data. (See Ceasar Cipher for example).</p>
<h2 id="public-key-or-asymetric-encryption">Public-key, or Asymetric Encryption</h2>
<p>Asymetric encryption is based on the idea of having multiple keys instead of only one shared key.
For example: instead of encrypting with one key, and decrypting with that same key (like our ROT ciphers we talked about previously), we can use one key to <em>encrypt</em> the information, and a different key to <em>decrypt</em> the information.</p>
<figure>
<img src="/assets/img/alice-to-bob.png" alt="Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key." />
<figcaption>
Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key.
</figcaption>
</figure>
<p>In the picture above, see how Alice uses Bobs public key to encrypt some data,
then sends it to Bob for him to decrypt with his private key?
That is the essense of public-key encryption.</p>
<p>The great thing about public-key encryption is that your public key is <em>public</em>! There is no need to be afraid of sending this everywhere!
You can attach it at the end of all your emails, the end of your forum posts, <a href="/public-key.asc">a link to it on your low-power webserver</a> (wink).
There are even things called <a href="http://keys.gnupg.net/">keyservers</a> that will save your public key on them for retrival in case somebody wants to verify your public key.</p>
<p>Anything encrypted with your public key can only be decrypted with your private key.
Provided you never, <em>NEVER</em> share your private key with anyone ever, we can assume that all messages sent to you encrypted with your public key will never be read by anyone else.</p>
<p>Asymetric encryption, however, often contains four keys instead of two. Why is this?</p>
<h4 id="verification-of-author">Verification of Author</h4>
<p>One interesting thing about keys pairs is that not only can the private key decrypt anything the public key encrypts,
but the public key can decrypt anything the private key encrypts.</p>
<p>Now why would one want to encrypt a message that can be decrypted by anyone?</p>
<figure>
<img src="/assets/img/alice-sign-to-bob.png" alt="Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!" />
<figcaption>
Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!
<br />
<br />
Note: Although the picture shows otherwise, the text is not sent in the plain. It is encrypted with Alice's private key.
</figcaption>
</figure>
<p>This is how you can verify that the person who says they wrote the message really did indeed write the message!
If their private key was never shared with anyone else, then the message must have come from them!</p>
<p>For maximum security, these methods are often layered.
First, signing with the senders private key,
ensuring only they could have sent it—
then encrypted with the recipients pulbic key,
making sure only the reciever can read it.</p>
<p>Note that both sides must first have eachothers public keys to do this.
This is easy if they communicate often, but when first contacting somebody,
people will generally send their encrypted message along with the their own pulbic key attached in a seperate file.</p>
<h3 id="what-this-means">What This Means</h3>
<p>Notice neither Alice nor Bob had to share any comprimsing information over the network?
This is why public-key encryption is so powerful!</p>
<p>Alice and Bob can both safely send their public keys in the open.
They can even send them over the insecure HTTP, or FTP protocols.</p>
<p>Whilst not sending any encryption-breaking messages,
Alice and Bob now have a way to communicate securely.
If you trust nothing and no one, this is your perfered method of security.</p>
<p>Check out this <a href="https://www.youtube.com/watch?v=GSIDS_lvRv4">Computerphile video</a> if you want the simplified explaination.</p>
<h3 id="the-algorithms">The Algorithms</h3>
<p>The two biggest “implementations” of public-key cryptography vary only in the mathamatical equations used to generate the numbers,
and how the numbers are <a href="https://en.wikipedia.org/wiki/Trapdoor_function">“trapdoored”</a> to decrypt if you have the correct key.</p>
<p>I will discuss the differences in approach here.
If you want to skip to the next article where I show you how to encrypt your own documents using RSA, see <a href="/2020/04/06/rsa4/">this link</a>.</p>
<h3 id="rsa">RSA</h3>
<p>The mathamatic center of the RSA system was developed over the course of a year or so.
Three men were involved. Ron Rivest, Adi Shamir, and Leonard Aldeman.
They worked as a kind of “team”: Each idea by Rivest and Shamir were critisized by the mathamatician on their team: Mr. Aldeman.</p>
<p>One night, after consuming
<a href="https://www.math.uchicago.edu/~may/VIGRE/VIGRE2007/REUPapers/FINALAPP/Calderbank.pdf">“liberal quantities of Manischewitz wine”</a>
Rivest had trouble sleeping.
After taking long gazes into the abyss of his math textbook, he came up with an idea which would change cryptography forever.
By the next morning, an academic mathamatical paper was nearly finished.
He named it after himself and the two others that had been helping him along this whole time. <em>Rivest, Shamir, Aldeman</em>.</p>
<p>Key sizes of RSA range from 1024-bit to 4096-bit.
1024-bit keys are considered somewhat insecure.
However,
it should be noted that every bit doubles the complexity of the key,
so 2048 is <a href="https://www.wolframalpha.com/input/?i=2%5E1024">2^1024</a> times more complex than 1024.</p>
<h3 id="eliptic-curve-ec">Eliptic-Curve (EC)</h3>
<p>Eliptic-Curve (EC) is a family of algorithms that use the <a href="https://en.wikipedia.org/wiki/Elliptic_curve">Eliptic curve</a> mathamatical structure to generate the numbers for the keys.
EC can effectivly provide the security of an RSA key <a href="https://www.youtube.com/watch?v=NF1pwjL9-DE">one order of magnitude larger</a> than an RSA key.</p>
<figure>
<img src="/assets/img/ec.png" alt="A picture of an eliptic curve." class="small-image" />
<figcaption>
An eliptic curve structure.
</figcaption>
</figure>
<p>Its fast; its secure! Perfect right?</p>
<p>Of course not!</p>
<p>One problem is that due to the smaller key size,
it can more easily be broken by brute-force.
This is why EC is mostly used for temporary communication (like HTTPS), not permenant communication (like having an encrypted email conversation with a journalist).</p>
<p>The other problem is that a certain EC algrorithm called P-256 is suspected to be introduced with malice to National Institute of Standards and Technology (NIST)
<a href="https://www.schneier.com/essays/archives/2007/11/did_nsa_put_a_secret.html">by the NSA</a>.
Supposedly, the NSA is able to crack anything encrypted with this algorithm.
I will let the experts argure about that.</p>
<p>Other well-known EC algorithms that are more-or-less trusted as secure do exist though.
The premeire one being Curve25519.
The reference implementation of <a href="https://cr.yp.to/ecdh.html">this algrorithm</a> is also <a href="https://fairuse.stanford.edu/overview/public-domain/welcome/">public-domain</a>,
so it is easy for devlopers to work into their own applications without worrying about copywrite.</p>
<h2 id="conslusion">Conslusion</h2>
<p>In this article we went over some basic points:</p>
<ol>
<li>Public-key encryption enables secure communication over insecure networks.</li>
<li>RSA is considered the standard for extra-seure communication.</li>
<li>EC is a newer, faster, more transient encryption method.</li>
</ol>
<p>To learn how to use RSA keys to encrypt your own communications, check out <a href="/2020/04/06/rsa4/">this other aritcle I wrote</a>.</p>
</article>
</main>
<hr>
<footer>
This page will be mirrored on <a href="https://beta.tait.tech/2020/04/02/rsa3/">beta.tait.tech</a>.
</footer>
</div>
</body>
</html>
Reference in new issue View Git Blame Copy Permalink