keeping secrets
I've recently started working as a subcontractor on a new (incredibly boring) project, and it's requiring that I spend a fair number of days in a cube farm at the prime's office in Crystal City. Worse, the people here actually have some technical savvy, forcing me to worry about my internet traffic (and vigorous daily blog regimen) being observed by folks for whom I'd prefer to maintain the illusion that I'm an industrious and conscientious worker 100% of the time.
As a result, I've set things up so that all of my personal internet traffic goes through an encrypted tunnel, back to our apartment, and then out to the internet over our DSL connection. Office snoops will see traffic going out, but have no idea what it is. And from Verizon's perspective I might as well be sitting on our couch right now.
All of this has gotten me thinking and reading up on encryption and security, as you might have noticed from the post I put up over at BTD this morning. But since it's been a while since I did something really techy over here, I figured I might as well write a bit more about it. And since it's a pretty meaty subject, I figured I might as well split it up across a number of posts.
So first things first: let's talk about how modern encryption systems work. And let's do it in few enough words that it isn't confusing, or too terribly boring. Movie and Xbox references behind the cut, I promise.
First things first: cryptography works by turning messages into numbers. It can be as simple as A=1, B=2, C=3, etc.
Second: the simplest and most unbreakable system of cryptography is what's called a one-time pad. It's a long string of random numbers that are applied to your message. This can be done using a relatively simple operation -- for example, adding the two numbers, then subtracting 26 from any that are equal to 27 or more. If someone else has the same one-time pad they can decrypt the message. This works great, and if you implement it right is a truly unbreakable system. Unfortunately it also doesn't really solve the original problem: how to distribute a message without having to worry about it falling into the wrong hands. You've just replaced messages — now the original is safe, but if the one-time pad falls into the wrong hands your secret will be revealed.
An easier to use system arrived with the development of key-based cryptography. This doesn't solve the problem of keeping the key secret, but it at least makes the one-time pads easier to distribute by shortening them to a brief message — they're usually a little longer than a paragraph of random garbage) — without making the code easy to break.
The next advance was the big one. In the seventies two guys named Diffie and Hellman invented public key cryptography, an idea that's just impossibly neat. Metaphor time: imagine you've got two magic keys. Both can be used to lock any door, but it still matters which key you use, because only the other key can then unlock it. Key A can unlock doors that have been sealed with Key B, and vice versa. Neither key can open doors that it has locked.
That's the situation here. The Diffie-Hellman method can be used to generate mathematical keys that can each unlock messages encrypted by the other. A user generates a key pair -- a public key and a private key. There isn't really a difference except that one is kept secret. The other — the public key — is made available to anyone, obviously enough.
Now if you want to send a secure message to somebody you simply have to take his well-known public key, encrypt a message, and send it to him. He then uses his private key to decrypt it. If he needs to send a message back, he uses your own public key to encode the reply.
The only way to beat this method is to figure out a way to very quickly factor extremely large numbers, which nobody has done (at least not without getting killed by the NSA prior to announcing their discovery). Anyone besides me remember Sneakers? Well, factoring is what the magic black box in the movie did. In fact, the irritating Eurotrash professor guy even namechecked a real technique (the Number Sieve, if I remember correctly) during his character-establishing session of incomprehensible gibberish. Notwithstanding movie magic, public key cryptography systems are commonly set up such that doing the factoring necessary to break them would take all of the planet's computers working in unison for several millennia.
Another handy feature of public key cryptography is that it can be used to guarantee who's sending a message, in a process called "signing". A sender encrypts a message using his private key, then puts it out for public consumption. Anyone who cares to can decrypt it because the sender's public key is well-known — but if they can decrypt it, they can rest assured that the encrypter was the person to whom the public key corresponds.
This is used in a lot of ways, but the one that's most familiar to me is the Xbox. By default, the machine comes with Microsoft's public key built into it, which it uses to decode every game disc inserted into the machine. In this way only Microsoft can produce programs that run on the Xbox. What a modchip does isn't to break the encryption system -- it's to bypass it, letting you run code on the machine that hasn't been signed with Microsoft's private key.
Finally, it's worth pointing out that the biggest vulnerability of this system is in how the public keys get handed out. A man-in-the-middle attack involves someone distributing a fake public key while pretending to be someone else. There are some elaborate ways of avoiding this that aren't really worth going into, but it basically boils down to somebody in the system having a public key that you can trust. For example, your web browser comes with a handful of digital certificates from trusted sources -- when you connect to a secure website, those certificate authorities, which can be trusted, handle the verification of the remote website's identity.
Make sense? Well, just try to remember the magic key bit. The next time I pick up this topic I'll start talking about actual pieces of software that let you do cool things from work.
Comments
What finally helped me "get" public key cryptography was the realization that when I send a message to someone, I encrypt it with *his* password (so to speak), not my own.
Is there a program for email that I can use to ensure customers that emails sent to us with their credit card numbers will be secure? I have done some reading up on encryption programs and so far they all appear to need a key (?) at both ends of the email?
Confused!
Lori
Sorry Lori, but unless both parties are using cryptography, email is very insecure (so is instant messaging, btw). It's possible to set up email-securing programs (google "PGP email"), but your clients probably won't want to use them just to communicate with you, or will use them improperly.
The accepted solution to this is to set up an SSL (https://) website where users enter their email into a form. You could then have it either properly encrypt and email you the data, or store it in a database that you'd access through a similarly secure web connection. Neither of these things are too difficult to do, but you'll probably have to hire someone or purchase a turnkey online store service to make sure they're done right.
I would strongly encourage you not to let customers email you their credit card numbers. It's asking for trouble. If setting up a website isn't possible, then having them call you and tell you them over the phone would be a better option.
Post A Comment