Listen Now:

Download | Podcast Feed

Encryption has been in the news. We talk about why it’s important, what it is, how it works and what you should know.


  • Why is this important today?
    • Security of communication and transactions
    • Verification
    • A Senator said that technology companies need to “get on with it” and create a version of back-doored encryption or they will impose their will on them.
    • The bad guys: Terrorists and child predators
  • The history of encryption
    • Secret messages are an old idea
    • Caesar cypher - used in the time of Julius Caesar
    • Code words and numeric substitutions
  • Modern encryption
    • Security through obscurity vs publicly known methods
    • One Time Pads
    • Digital methods
      • Everything is a number
      • All numbers can be written in binary
      • XOR - reversible encoding: One time pads
    • Symmetric encryption
    • Hashes
    • CSPRNG - Getting real random numbers
    • Public Key encryption (asymmetric)
      • Public key - Encryption
      • Private key - Decryption and Signatures
      • Prime number relationship
        • What’s a prime number? What’s a composite?
        • Prime factorization
      • RSA was first but there are others
    • Diffie-Hellman (Merkle) Key exchange
      • Allow two parties to come up with a shared secret when someone is listening in
      • Based on doing some math based on remainders
      • There are other key exchanges that do a similar job
      • You can use a signature with a known public key to ensure that you’re talking to the right person
      • Re-do the process whenever you want: Perfect Forward Security
  • Strength of Encryption
    • 56b keys vs 128b keys vs 256b keys
    • How do we know? Each bit doubles
    • “Broken” encryption
  • The math is designed with two parties in mind. We don’t have good multi-party math. Options:
    • When encrypting/signing, generate a new key then encrypt that with multiple keys
    • Multi-user keys
    • SSSS - Shamir’s Secret Sharing Scheme
  • Keeping keys safe
    • Fire and elevator keys
    • Often specified in building codes
    • Easily obtainable
    • Require you to be on-site, limited to what is there
  • Digital version of those keys
    • Small, easy to replicate
    • Will need to be specified in code
    • Can be used from anywhere
    • Extremely high value
    • Even the NSA has leaks and mistakes
  • We don’t have a safe way to limit this
    • This technology is well known and is not difficult to implement for someone who can follow some instructions
    • The keys will leak
    • Dragnet surveillance gets harder but normal police work remains the same

References

Article on Congress wanting back doors

Most of the content of this episode came from memory. I didn’t have many specific references outside of Wikipedia.

Intro music provided by Purple Planet

Follow along at https://brighterevening.com