Ryan's Currently Unnamed Blog

So yeah.. I ended last time talking about how you can securely send something when you don't know te recipient well to have a prearranged encryption scheme or trust the transportation involved. Thanks for all the answers that were submitted, but it was Lilith who got the answer right! Some of the answers were very creative and I hadn't heard some of those approaches before, and that's the first time anyone has ever figured that out!

Anyway, you may be wondering, when am I ever going to send something to someone I don't know? The answer is that you do it all the time! Everytime you go to a secure website or use a cell phone you are using this form of encryption and you don't even know it! The 3 roundtrips happens quickly in the 'handshaking' that happens when setting up the secure communication.

But what are these locks and keys? Well, it all hinges on the fact that there's no easy way to factor two REALLY big numbers. For instance... quick! figure out what two numbers can be multiplied together to get 12,835,384,025,881,369? That's actually a tiny number in terms of modern encryption, and there are some shortcuts, but its still a daunting task. Its compounded by the fact that its the product of two prime numbers. So, there are only 4 factors: 2 two prime factors, 1, and the number itself. There's a lot of REALLY smart people who are searching for a way to factor numbers efficently. There are some ways, but it doesn't scale well to large numbers. If you manage to come up with a way, there's a nobel prize in it for you and you will have effectively rendedered all modern encryption meaningless. (Conspiracy thoerists already think our governments have a method to do this, which is why they allow such strong encryption.)

There's more math magic that happens, but essentially, a public/private key is a pair of large prime numbers and through some mathematical conjuring, they are paired so one of the primes can be used to encrypt a message, and then it can only be decrypted with the other one. You can highly publicize one of the numbers, but the other is kept secret. Like wise, your secret key can be used to generate a signature that can be verified with your public key.

So, with this technology, its possible to send a message that can only be decrypted and read by the intended recipient. Of course, what he does with the decrypted message is up to him. So, if you send him your credit card number there's nothing keeping him from posting it to the internet, but at least you can be sure it got to him safely. Also, anyone can verify that a message was truely sent by you, and wasn't modified in anyway.

The only missing piece is... how does one verify that a key truely belongs to who they say it does? Enter the "Web of Trust"! I'm sure you've heard of the Kevin Bacon game. Where supposedly everyone in Hollywood is connected to Kevin Bacon by people they have worked with with no more then 6 steps. The same principle applies to PGP keys. I can meet someone who has a key, verify their identity, and then sign their key. Essentially, I am attesting that they are who they say that they are, and this allows people who trust me, to also trust this new person. The idea being that I can create a key that says I am Bill Gates, but without having people sign my key I won't be able to fool many people. Needless to say, the signing process needs to be taken seriously, as with some effort, you can poison the web of trust with false data. But as these incidents are exposed, they can easily be handled by revoking signatures.

A report on my key shows that there are currently over 32,000 people that I can have some level of trust of who they are. There's 1 person that I can get to in 15 'hops' but the average is about 5.8 hops. And there's over 20,000 people that I can get to within the 6 hops that Kevin Bacon uses. Like that there's a few 7 step paths to get to Wil Wheaton. There's tons more I can say, but this is already getting long.

So.. why am I writing about all of this? Well, signing keys is crucial to expanding the web of trust and shortening the paths within it. So, I'm planning on hosting my own Key Signing Parties, once a month, at a local Starbucks. So, any fellow geeks who are around Lake County, IL... The first tuesday of the month (today), I'll be hanging out at the new starbucks on Route 60 between Butterfield and Aspen road (click for google maps).

All you need is a print out of your key fingerprint, along with the ID and email adress so you key can be located, and a form of ID. You can read more about key parties and how they work, but this is going to be small and informal for now. If you show up... I'll be the guy with the long brown hair in the grey EFF shirt. I doubt there will be many people that fit that description! lol

Yes yes... I'm a big nerd.. I think I'm done rambling about this... for now at least..