Ryan's Currently Unnamed Blog

Post details: Pretty Good Privacy, Pt. 2

08/01/06

03:57:43 pm, Categories: Computer Stuff, In Real Life, 900 words

Pretty Good Privacy, Pt. 2

So yeah.. I ended last time talking about how you can securely send something when you don't know te recipient well to have a prearranged encryption scheme or trust the transportation involved. Thanks for all the answers that were submitted, but it was Lilith who got the answer right! Some of the answers were very creative and I hadn't heard some of those approaches before, and that's the first time anyone has ever figured that out!

Anyway, you may be wondering, when am I ever going to send something to someone I don't know? The answer is that you do it all the time! Everytime you go to a secure website or use a cell phone you are using this form of encryption and you don't even know it! The 3 roundtrips happens quickly in the 'handshaking' that happens when setting up the secure communication.

But what are these locks and keys? Well, it all hinges on the fact that there's no easy way to factor two REALLY big numbers. For instance... quick! figure out what two numbers can be multiplied together to get 12,835,384,025,881,369? That's actually a tiny number in terms of modern encryption, and there are some shortcuts, but its still a daunting task. Its compounded by the fact that its the product of two prime numbers. So, there are only 4 factors: 2 two prime factors, 1, and the number itself. There's a lot of REALLY smart people who are searching for a way to factor numbers efficently. There are some ways, but it doesn't scale well to large numbers. If you manage to come up with a way, there's a nobel prize in it for you and you will have effectively rendedered all modern encryption meaningless. (Conspiracy thoerists already think our governments have a method to do this, which is why they allow such strong encryption.)

There's more math magic that happens, but essentially, a public/private key is a pair of large prime numbers and through some mathematical conjuring, they are paired so one of the primes can be used to encrypt a message, and then it can only be decrypted with the other one. You can highly publicize one of the numbers, but the other is kept secret. Like wise, your secret key can be used to generate a signature that can be verified with your public key.

So, with this technology, its possible to send a message that can only be decrypted and read by the intended recipient. Of course, what he does with the decrypted message is up to him. So, if you send him your credit card number there's nothing keeping him from posting it to the internet, but at least you can be sure it got to him safely. Also, anyone can verify that a message was truely sent by you, and wasn't modified in anyway.

The only missing piece is... how does one verify that a key truely belongs to who they say it does? Enter the "Web of Trust"! I'm sure you've heard of the Kevin Bacon game. Where supposedly everyone in Hollywood is connected to Kevin Bacon by people they have worked with with no more then 6 steps. The same principle applies to PGP keys. I can meet someone who has a key, verify their identity, and then sign their key. Essentially, I am attesting that they are who they say that they are, and this allows people who trust me, to also trust this new person. The idea being that I can create a key that says I am Bill Gates, but without having people sign my key I won't be able to fool many people. Needless to say, the signing process needs to be taken seriously, as with some effort, you can poison the web of trust with false data. But as these incidents are exposed, they can easily be handled by revoking signatures.

A report on my key shows that there are currently over 32,000 people that I can have some level of trust of who they are. There's 1 person that I can get to in 15 'hops' but the average is about 5.8 hops. And there's over 20,000 people that I can get to within the 6 hops that Kevin Bacon uses. Like that there's a few 7 step paths to get to Wil Wheaton. There's tons more I can say, but this is already getting long.

So.. why am I writing about all of this? Well, signing keys is crucial to expanding the web of trust and shortening the paths within it. So, I'm planning on hosting my own Key Signing Parties, once a month, at a local Starbucks. So, any fellow geeks who are around Lake County, IL... The first tuesday of the month (today), I'll be hanging out at the new starbucks on Route 60 between Butterfield and Aspen road (click for google maps).

All you need is a print out of your key fingerprint, along with the ID and email adress so you key can be located, and a form of ID. You can read more about key parties and how they work, but this is going to be small and informal for now. If you show up... I'll be the guy with the long brown hair in the grey EFF shirt. I doubt there will be many people that fit that description! lol

Yes yes... I'm a big nerd.. I think I'm done rambling about this... for now at least..

26 comments • Trackback (0)

Trackback address for this post:

http://blog.rkware.com/htsrv/trackback.php/89

Comments, Trackbacks:

Comment from: Tiff [Visitor] · http://clonesightings.com

All the sudden I feel like I'm at a wedding and everyone is doing the chicken dance and... enjoying it.

Oh my lord.

08/01/06 @ 18:29

Comment from: RyanK [Member]

LOL... ok ok...

I promise to go easy on the nerd tech stuff...

good to see you're alive though! =)

08/01/06 @ 18:54

Comment from: maryannville [Member] · http://www.maryannville.com/forum

Ok, so these are not prime numbers, but please note that an alternative choice (2 non-prime numbers) would mean that:

38,506,152.11615025911615025911615
x 333,333,333
-----------------------------------12,835,384,025,881,369

I did that in my head... close enough.... HAHA

08/02/06 @ 20:58

Comment from: RyanK [Member]

hmmm.. they kinda have to be integers... whole numbers. Otherwise, there's an infinate number of factors and that doesn't really do anyone a whole lot of good.

Plus, that introduces floating point math and raises all kinds of problems due to limited precision and makes for non-portable code. (meaning that on different platforms, the math may work out slightly different.)

Anyway, I promised to get away from the geek content.. soooo... i think i've said enough.. lol

08/02/06 @ 21:37

Comment from: maryannville [Member] · http://www.maryannville.com/forum

Ok, I'll stick to integers next time. Keep the geek content coming... people seem to like it! :) Give us another puzzle!!

08/03/06 @ 13:40

Comment from: Tiff [Visitor] · http://clonesightings.com

^^^

Hes made a promise... DAMN YOU!

08/03/06 @ 20:26

Comment from: RyanK [Member]

LOL... i just can't keep everyone happy!

I'm just a man! I'm not a MACHINE!!!

08/03/06 @ 20:33

Comment from: maryannville [Member] · http://www.maryannville.com/forum

Sorry Tiff... but I like the puzzle thing, even though I did not figure it out. I will figure out the next one I hope! Maybe make it easier this time! LOL :)

08/03/06 @ 21:06

Comment from: Tiff [Visitor] · http://clonesightings.com

I think I won this though. :-D

dorks.

08/03/06 @ 21:11

Comment from: air max shoes [Visitor] · http://www.allhotshoes.com/

As soon as uses the air cushion technology the athletic shoes to pass through promotes greatly is welcome.

http://www.allhotshoes.com/

07/08/10 @ 22:04

Comment from: diana [Visitor] · http://www.rosetta-stone-shop.org

i like this article very much. in my memory it played very important roles

09/06/10 @ 02:48

Comment from: fake rolex watches [Visitor] · http://www.erowatch.com

As the business grows, rolex replicas has also jumped into an international brand. It is worth mentioning that,replica rolex watches is the ancestor of today's brand-oriented, in order to protect the quality and brand name will be printed on their products, the history of fashion in the world, is the first one first.rolex replica watches, fake rolex, fake rolex watches .http://www.erowatch.com

08/15/11 @ 01:15

Comment from: cheap nike shoes [Visitor] · http://www.more-nike.com

This is an article is worth reading articles
http://www.moe-nike.com

08/30/11 @ 21:28

Comment from: cheap nike shoes [Visitor] · http://www.more-nike.com

This is an article is worth reading articles
http://www.moe-nike.com

08/30/11 @ 21:30

Comment from: celine bags [Visitor] · http://www.discountcelinebags.com

From 1968,since the establishment of The North Face,the high quality feather winter jackets in The outdoor sports lovers enjoy great popularity,especially SIERRA PARKA by the love of the climbers down.SIERRA PARKA of winter coats series products originate in the 1970 s,so far SIERRA PARKA series winter clothes products are still in down and sales.

09/06/11 @ 03:38

Comment from: celinddsfdsfe bags [Visitor] · http://www.discountcelinebags.com

[url=http://www.discountcelinebags.com/][b]Celine bags[/url] and the new arrivals of [url=http://www.discountcelinebags.com/][b]celine handbags[/b][/url] are always designed by its creative director Phoebe Philo who wishes to express a contemporary minimalist style through these [url=http://www.discountcelinebags.com/][b]celine luggage[/b][/url] series.Here is the [url=http://www.discountcelinebags.com/][b]celine 2011[/b][/url] bags for you.

09/06/11 @ 03:39

Comment from: ugg boots [Visitor] · http://www.uggs-stores.com

Discount UGG Boots on sale!The Best ugg boots online. from here you can find the UGG Boots 5498 Adirondack Tall,UGG Boots 5819 Classic Cardy,UGG Boots 5854 Classic Mini.

Buy UGG Boots on sale!The Best ugg boots online. from here you can find the UGG Boots 5498 Adirondack Tall,UGG Boots 5819 Classic Cardy,UGG Boots 5854 Classic Mini.

09/15/11 @ 01:33

Comment from: ugg boots [Visitor] · http://www.cauggboot.com

Excellently written article, if only all bloggers offered the same content as you, the internet would be a much better place. Please keep it up! Cheers.

10/10/11 @ 02:36

Comment from: Dr Dre Beats Specail headphone [Visitor] · http://www.drdre.eu/hot-sale-monster-beats-headphone-special-edition-overear-headpho-c-68_74.html

very good
http://www.drdre.eu/ Dr Dre Beats Headphone
http://www.drdre.eu/artisseries-c-3.html Dr Dre Beats Artisseries Headphone

10/11/11 @ 03:26

Comment from: Coach Outlet Online [Visitor] · http://www.mycoachoutletstoreonline.com

I read your article with great interest.Thank you for you sharing.

11/19/11 @ 01:53

Comment from: Monster beats studio ferrari headphone [Visitor] · http://www.themonsterbeats.net/monster-beats-studio-ferrari-headphones-p-188.html

good

11/29/11 @ 00:44

Comment from: Coach Outlet Store Online [Visitor] · http://www.mycoachoutletstoreonline.com

I was very pleased to find this site.I wanted to thank you for this great read!

12/06/11 @ 02:01

Comment from: Coach Factory Outlet [Visitor] · http://www.buycoachfactoryoutlets.net

The Coach Factory Outlet are also accessible for vibrant colours and vogue style. They reflect the cheerful and lively disposition in the owner.

12/07/11 @ 01:26

Comment from: Beats by dre diamond studio red headphone [Visitor] · http://www.beatscable.com/dr-dre-beats-diamond-studio-red-headphone-p-188.html

Christmas is coming!Do you want to buy something to your relatives or friends?The headphone is on sale!you can do shopping by youself !I think it will be your best choose!

12/09/11 @ 21:59

Comment from: Beats by dre studio diamond headphone [Visitor] · http://www.drdreheadphone.biz/monster-beats-by-drdre-studio-diamond-red-p-4.html

it is very good !

12/19/11 @ 20:41

Comment from: Lady gaga heartbeats headphone [Visitor] · http://www.themonsterbeats.net/heartbeats-by-lady-gaga-inear-headphones-p-185.html

Lady gaga heartbeats headphone

12/28/11 @ 05:19

Post details: Pretty Good Privacy, Pt. 2

08/01/06

Pretty Good Privacy, Pt. 2

Trackback address for this post:

Comments, Trackbacks: