Comments on: An Introduction to Cryptography
http://www.metafilter.com/116479/An-Introduction-to-Cryptography/
Comments on MetaFilter post An Introduction to CryptographyWed, 30 May 2012 22:10:39 -0800Wed, 30 May 2012 22:10:39 -0800en-ushttp://blogs.law.harvard.edu/tech/rss60An Introduction to Cryptography
http://www.metafilter.com/116479/An-Introduction-to-Cryptography
<a href="http://www.khanacademy.org/science/brit-cruise/cryptography">Journey into Cryptography</a> is a multipart video introduction to the subject for beginners, created by <a href="http://britcruise.wordpress.com/">Brit Cruise</a> and hosted by Khan Academy. There are several <a href="http://www.khanacademy.org/labs/explorations">interactive tools</a> to help explain some key concepts. Also, a recent lecture entitled "<a href="http://www.youtube.com/watch?v=zKuFu19LgZA&list=UUTHcgWOTU6gPje1g_U29tfQ&index=7&feature=plcp">Principles of Security</a>" was given by <a href="http://www.crockford.com/">noted</a> <a href="http://www.youtube.com/watch?v=hQVTIJBZook">Javascript</a> curmudgeon Douglas Crockford</a>, focusing on security and the web, with a detour into <a href="http://en.wikipedia.org/wiki/Volap%C3%BCk">Volapük</a>.post:www.metafilter.com,2012:site.116479Wed, 30 May 2012 21:40:14 -0800gwintcryptographyBy: migurski
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372017
Simon Singh's <a href="http://simonsingh.net/books/the-code-book/">The Code Book</a> is another worthwhile overview, for those who prefer to read.comment:www.metafilter.com,2012:site.116479-4372017Wed, 30 May 2012 22:10:39 -0800migurskiBy: twoleftfeet
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372047
NYY PBZZRAGF VA GUVF GUERNQ FUBHYQ OR RAPBQRQ VA EBG 13, ORPNHFR ABG RIRA GUR AFN XABJF UBJ GB PENPX GUNG PBQR.comment:www.metafilter.com,2012:site.116479-4372047Wed, 30 May 2012 22:56:57 -0800twoleftfeetBy: benito.strauss
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372064
Bxnl, ohg jr'yy nccyl vg gjvpr, whfg gb or fnsr.comment:www.metafilter.com,2012:site.116479-4372064Wed, 30 May 2012 23:18:07 -0800benito.straussBy: twoleftfeet
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372068
GUNG WHFG TVIRF LBH EBG 0, JUVPU VF ABG N ERYVNOYR PVCUREcomment:www.metafilter.com,2012:site.116479-4372068Wed, 30 May 2012 23:20:40 -0800twoleftfeetBy: hot_monster
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372086
<em>Fvzba Fvatu'f <a href="http://simonsingh.net/books/the-code-book/"><em>Gur Pbqr Obbx</em></a> vf nabgure jbegujuvyr bireivrj, sbe gubfr jub cersre gb ernq.</em>
sgsl, zvthefxv :)comment:www.metafilter.com,2012:site.116479-4372086Thu, 31 May 2012 00:05:14 -0800hot_monsterBy: twoleftfeet
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372094
V QBA'G XABJ NOBHG LBH, OHG ZL FCRYY PURPXRE VF TBVAT PENMLcomment:www.metafilter.com,2012:site.116479-4372094Thu, 31 May 2012 00:23:13 -0800twoleftfeetBy: Rhomboid
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372139
It's a shame that they stop with DH key exchange. A similar but much more commonly used algorithm is RSA. It forms the basis for things like code signing that allows Apple to enforce what applications may run on an iPhone, as well as TLS which is used to implement "https:" URLs that secure web traffic from eavesdropping, such as when you do online banking. And it's not that hard to grasp, at least in principle.
For example, here's a 309 digit number, split into three lines so as not to cause your browser to horizontally scroll:<blockquote><sub>1414003220445505168651733717730245848798996096446189276423753426333490573009604000372323349247010467812
9876507706177038315164623421917999077204720004583781782158248353254979130458806462408304053853419030157
1832597441704620988055765289140138246856927863523873759538652326729606982847841094220861282830980236711</sub></blockquote>I like to write it in decimal (base 10) just so that it feels tangible since that's what we're intuitively used to dealing with, but normally it's written in base 16 (hexadecimal) where it has 256 digits. One hexadecimal digit represents four binary digits, so if written in base 2 (binary) this number would have 1024 digits.
This 309 digit number (let's call it "n") is the result of multiplying two 155 digit prime factors which we'll call "p" and "q". And it's not just any number, it's the modulus of one of the Verisign root certificates. It was issued on 1996-01-28, and will expire on 2028-08-01. From this extremely long lifetime we can infer that this is a very important certificate, because generally the lifetime corresponds with how much pain will result when it expires or needs to be replaced. This is a root certificate because it's at the top of the chain: it is used to sign or vouch for other certificates, but nothing vouches for this one; its authenticity must be taken on faith. It therefore must be bundled or included with all software that speaks TLS (nee SSL), which explains why changing it would generally be painful.
If you could find either p or q (the 155 digit factors of that number), you would have vast power. You could generate and sign certificates for any website, which means you could interpose yourself between a user and that site and read their traffic or censor their content, and there would be no way for them to tell. I'm sure repressive regimes would kill for such power -- it's like a master key, and it's deceptively simple: here's a number, now just figure out the two numbers that were multiplied together to produce it. Actually doing this is quite another matter. By the <a href="http://en.wikipedia.org/wiki/Prime_number_theorem">prime number theorem</a>, we have about 2<sup>512</sup> / log(2<sup>512</sup>) ≈ 3.8 × 10<sup>151</sup> prime divisors to test. Suppose we had a computer that can perform such a test division in a single clock cycle, and say that it runs at 100 GHz. Say that we have 100 billion such computers on the planet, and heck, say we have 100 billion such planets. You're still looking at ≈ 6 × 10<sup>110</sup> years on average to find the answer; not even close to realistic. Of course, there are probably much more sophisticated ways of factoring that number, but it's still going to be computationally futile, and that's the point. Some root certificates use 2048 bit keys (such as Apple), or even 4096 bit keys. The time required to brute-force one of those is so large it's not even worth calculating.
As a side note, if you were lucky enough to factor the number and you decided to become evil, eventually someone would probably spot the forgery, and the appropriate certificate authorities would be contacted. There is a protocol for revoking certificates which would be followed. In theory, software that speaks TLS is supposed to regularly consult these revocation lists before trusting a certificate to ensure that it has not been revoked. But this requires an online lookup, which means it will fail if access to the revocation servers is blocked by that same repressive regime that is intercepting its users' traffic. Browsers have a bad track record of simply ignoring revocation check failures, since even normal network gremlins can cause a failure that makes it seem like the destination site is unreachable when really it's the revocation servers that are unreachable. (Here's <a href="http://www.pcworld.com/article/249525/google_chrome_will_no_longer_check_for_revoked_ssl_certificates_online.html">Chrome developers announcing</a> that they're removing online revocation checks entirely and instead using a cached list of revoked certs regularly updated from the mothership.) In general, since certificate revocations happen so infrequently, a real revocation is not often tested, and software has been historically poor in dealing with this circumstance.
The <a href="http://en.wikipedia.org/wiki/RSA_%28algorithm%29">Wikipedia article on RSA</a> gives a reasonable summary of how the algorithm actually works. I've intentionally used the same names for n, p, and q. The exponent e is 65537 by definition. If we know p and q we can easily calculate d, the private key, which is probably stored in some vault deep in the bowels of Verisign. (They likely use these root certificates only on special occasions to sign sub-certificates that are actually used for everyday signing.) Note that in the case of code signing and TLS, RSA is not actually used for encryption but rather signing. To create a digital signature, take the hash of the certificate or executable (call it "s") and compute s<sup>d</sup> mod n. To verify the signature, calculate s<sup>e</sup> mod n. If equal, the signature is valid, and this check for authenticity only needed the signature s, the exponent e, and the public modulus n.comment:www.metafilter.com,2012:site.116479-4372139Thu, 31 May 2012 02:02:54 -0800RhomboidBy: twoleftfeet
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372146
That's a great comment, Rhomboid, and I'm very glad you didn't encode it in Rot 13!comment:www.metafilter.com,2012:site.116479-4372146Thu, 31 May 2012 02:24:56 -0800twoleftfeetBy: gwint
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4372339
Ah, I should have noted in the post that it appears the series is ongoing, so hopefully there will be additional topics added in the near future.comment:www.metafilter.com,2012:site.116479-4372339Thu, 31 May 2012 06:36:16 -0800gwintBy: dylanjames
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4374608
The company I work for, <a href="http://corp.galois.com/">Galois</a>, has developed a domain-specific language for cryptography called <a href="http://corp.galois.com/cryptol">Cryptol</a>. It's been <a href="http://corp.galois.com/blog/2009/8/24/substitution-ciphers-in-cryptol.html">used in education</a> (you can use it to <a href="<">solve Sudoku puzzles</a>), as well as for <a href="http://corp.galois.com/blog/2009/7/8/verifying-legatos-multiplier-in-cryptol.html">verifying</a> <a href="http://corp.galois.com/blog/2009/1/23/a-cryptol-implementation-of-skein.html">implementations</a> <a href="http://corp.galois.com/blog/2009/1/23/md6-in-cryptol.html">of cryptographic algorithms</a>.comment:www.metafilter.com,2012:site.116479-4374608Fri, 01 Jun 2012 08:28:07 -0800dylanjamesBy: jeffburdges
http://www.metafilter.com/116479/An-Introduction-to-Cryptography#4400985
<a href="http://science.slashdot.org/story/12/06/15/176240/move-over-quantum-cryptography-classical-physics-can-be-unbreakable-too">Move Over, Quantum Cryptography: Classical Physics Can Be Unbreakable Too</a>
<small>I must read this one more carefully to believe it since random number generation is often the biggest security hole anyways.</small>comment:www.metafilter.com,2012:site.116479-4400985Sat, 16 Jun 2012 09:49:29 -0800jeffburdges