Can someone please explain to me how encryption works? I don't really understand how you can encrypt something with a "public" key. Doesn't everyone have that public key?
Thanks!
baum
Public Key Cryptography: Public-key cryptography - Wikipedia
OK. So if I want to send you my Swiss bank account number ;), you would send me your public key. I would then encrypt the data using your public key, and you could decode it w/ your private key. But can't anyone see your public key? That's what I don't understand.
But can't anyone see your public key? That's what I don't understand.
That's because the encryption is done using a 3rd key which is the product of the sender's private key and your public key. Having just your public key will not decode the encoded message.
Lefty
I just saw a good analogy:
[from wikipedia]
Alice and Bob want to send secret messages.
If Alice wants to send Bob a message:
-Bob sends Alice an unlocked padlock to which only he has the key.
-Alice puts the message inside a box and locks it.
-She sends it back to Bob who opens the box.
Is it similar with computers?
I still don't understand this:
I want to send you a secret, so send me a key. I encrypt my data with the key and send it back to you. But can't someone intercept the data and reverse the public key?
Public key cryptography is based upon very large prime numbers and modulo arithmic. With Public Key Encryption everyone has a public key that is public for everyone and a private key that is private (not shared). Mathematically these can be written as function with the following property
private(public(message)) ==> message AND public(private(message)) ==> message. So both key's can be used for encryption and decryption
scenario1: encrypted message
If you want to send a message to me you fetch my public key and encrypt your message M.
M' = publicRob(M); M' is send to me and only someone with my private key can decrypt it. That's me
When I receive M' I decrypt it by PrivateRob(M') ==> M and I can read the message
Scenario 2: encrypted message with signature
I want to send a reply to you. but I do a special trick.
M' = privateRob(M);
M'' = publicBaum(M');
Now I send it to you
you decrypt
M' = privateBaum(M'');
and now you decrypt it with my public key
M = publicRob(M');
What is scenario 2 doing? By encrypting with my private key first (what only I can do) the message is guaranteed to come from me as the only way to decrypt it is using MY public key. To prevent everyone reading th message it is also encrypted with your public key so only you can open it.
get it?
Rob
I still don't understand this:
I want to send you a secret, so send me a key. I encrypt my data with the key and send it back to you. But can't someone intercept the data and reverse the public key?
I still don't understand this:
I want to send you a secret, so send me a key. I encrypt my data with the combination of your 'public' key and my private key and send it back to you.
But can't someone intercept the data and reverse the public key?
Not with just the public key, needs to have the combination of the private key and public key used to encode the message.
So in essence the message is lock in paddock that requires two keys to unlock, one public and one private
OK. but now what if our key is letter + 2, so A = C, B = D and so on. Can't someone sniffing out of cipher text figure out to subtract 2? And how can you encrypt and decrypt data with public(private(message)) if the person on the other end doesn't have the private key?
baum:
OK. but now what if our key is letter + 2, so A = C, B = D and so on. Can't someone sniffing out of cipher text figure out to subtract 2? And how can you encrypt and decrypt data with public(private(message)) if the person on the other end doesn't have the private key?
You need to study public key reference explanations to get the hang better hang of it. There are FOUR keys involved, two private keys and two public keys. A message sent in one direction is encoded with the combination of one of the public keys and one of the private keys depending on which direction the message is going between the two parties involved.
Lefty
That is not a Public Key Encryption in terms of encryption. That's a ceasarian encryption (also known under other names)
Read - http://www.amazon.com/Cryptography-Demystified-John-Hershey/dp/0071406387
But if I encode my message with my private key and your public key, how can you decode it w/ out my private key?
But if I encode my message with my private key and your public key, how can you decode it w/ out my private key?
a
I can decode your private key with your public key (I don't need your private key!) and my public key can (only) be decrypted with my private key ! Both I have at hand.
Read - http://www.amazon.com/Cryptography-Demystified-John-Hershey/dp/0071406387
small demo code => http://content.hccfl.edu/pollock/AUnixSec/RSAsrc.htm
baum:
I still don't understand this:
I want to send you a secret, so send me a key. I encrypt my data with the key and send it back to you. But can't someone intercept the data and reverse the public key?
You are being confused by the word "key". Try the analogy this way:
Bob has box that takes two different keys: one public 'locking key' to lock it and one private 'unlocking key' to unlock it.
He unlocks the box with his private unlocking key and sends the empty box and public locking key to Alice.
Alice puts the message in and locks the box with the public locking key.
She then sends the box back to Bob.
Bob uses the private unlocking key to unlock the box and read the message.
Alice can keep Bob's public locking key or throw it away. Doesn't matter if some enemy gets it: it won't open the box.
Only Bob can read the message once it has been locked in the box as long as he keeps his private unlocking key secret.
Bob can send copies of his public locking key to all his friends or leave them in a public place for people to take.
Bob can even tie a copy of his public locking key to the box so anyone can lock the box.
Once the box is locked (message encrypted with the public key) only Bob can see the message (by using the private key).
The two keys are different and you can't learn anything about the private key by looking at the public key.
Does that make it clearer?
But can't you do the reverse of the public key to unlock the box? Isn't it like algebra?
Assume this is our code:
y is our ciphertext, x is our plaintext.
y=2x+x^2
can't you solve for x and "unlock the box"?
It is algebra, it uses large prime number (hundreds or thousands of digits), and it is really different from "simple" polynomic functions.
Read the book, please ...
I'll look at it. And to answer my own question:
A key could be something like
if x is even, multiply by 2.5
if x is odd, multiply by 2
and if x was 4, result would be 10.
but if x was 5, result would also be 10
and a hacker would have no idea if it was 4 or 5.
Thanks for all the help everyone!
Hi baum
You are asking the same questions that I asked to all my teachers.
No one could convince me that thing is 100% secure.
1- Reversible Encryption
You want to send me a encrypted message "Hi":
So, You contact me, I send you a public key, one how everyone knows, you can even call it "general key". And I generate a random key, store it, and send it to you too.
Ok, know you have 2 keys, private and public.
In my "DB" it could be like this:
id key
baum jasd912jqaisdji1293ajsdias9123812sad
know you could send me a message using those keys.
criptMessage = cript(cript("Hi", privateKey), publicKey);
I would receive the message, and would the reverse cript.
message = decript(decript(criptMessage, publicKey), privateKey);
Because I stored the privateKey and have my publicKey I can do this process.
this is called reversible encryption.
As you can see, we have a "security issue" in this method.
If a hacker / cracker to listen to the transaction since the beginning, he could somehow see the private key.
There's no escaping it.
The cell phone used this system (I can not remember if it's even the GSM). What happened, yourcell phone was cloned when you made ??"roaming". Is in this process that the keys were exchanged, and if somebody understand the "handshake protocol" and "exchanging key " could clone you and use your cell phone illegally.
2- One-way Algorithm
Another method using One-way encryption. like MD (md4 - md5 ...) , SHA (SHA-1, SHA-2, ...).
Once encrypted, you can not come back.
For example: You want to login on my website.
Could you send me the username without cript and password with MD5.
pass = md5(1234);
user=baum&pass=81dc9bdb52d04dc20036dbd8313ed055
But, how can I authenticate you then?
Quite simply, I have saved in my database your password in md5, not your real pass.
id pass
baul 81dc9bdb52d04dc20036dbd8313ed055
the benefit of that.
If the site was hacked, the password of your users would be "safe".
the problem ...
if the hacker were listening, he could use md5 password to authenticate, it does not need to know your real password, just md5.
You can minimize this problems using a mixture of both methods.
3- Password Exchange
In fact, is an authentication method. But I find it interesting because are used in some car keys and electronic gates.
It basically works by requisting the key every time a message is sent.
When you press the button to open the gate, for example, the control sends a message "I want to open the gate", the gate then requests authentication by sending a number back to the control. The control then responds with the password corresponding to the number.
Control code could be like this:
short[] n = new short[] {312,32,2154,367,65,56,4,5623,45,56234,3456,78,8,5,54,4,23423};
private short response(short key) {
return n[key];
}
And the gate code:
short[] n = new short[] {312,32,2154,367,65,56,4,5623,45,56234,3456,78,8,5,54,4,23423};
private boolean valid(short response) {
return n[stored_key] == response;
}
you're not wrong, mathematically are possible to break reversible encryptions.
one-way encryptions not that easy.
For one-way encryption are only possible by using "brute force". In other words, using all possible passwords, with encryption method (md5, sha1, ...) and comparing the encrypted password.
But of course, it could take hundreds of years.
Hope I help
Xano
OK. Thank you for clearing this up.
Cheers
baum
No one could convince me that thing is 100% secure.
No encryption is 100% secure, the question is only is it secure enough.
The most sophisticated encryption method today I know of is quantum encoding. The message is encrypted in the quantum states of photons. These little fellows have the property that state will change when read. Measuring a quantum system is interacting with it is changing it. So an eavesdropper can capture the message but the receiver will know that itis captured! - Quantum cryptography - Wikipedia
With PKE, the private key is NEVER sent over the line and is therefor private and unknown to an eavesdropper. Unless (s)he uses social engineering or other tactics to get the private key. Public keys may be sent over the network. Note PKE's are often used to exchange (one time) encryption keys that are not so computational intensive as PKE.
- You can encrypt a message with the recipients public key so that she can decrypt it with her private key.
- You can sign a message with your private key to be proven by the fact it can only be decrypted by your public key.
A good site for more information and horror stories - http://www.schneier.com/ - Bruce Schneider has also written a number of very good books about encryption. He is also the author of encryption programs.