In which I talk about how to solve the problem of communication between two entities (I talk about the archetypal Alice and Bob) so that no one else (notably, Eve) can listen in, and no one (especially Mallory) can monkey around pretending to be Alice to Bob or vice versa. (For those not in the know why these names were chosen, Alice and Bob just designate A and B, Eve is the eavesdropper and Mallory the man-in-the-middle.)
I start off with DES (Data Encryption Standard), an old fashioned encryption standard and the biggest problem that Alice and Bob must surmount in using it: agreeing on the secret encryption key. Alice can’t send it to Bob unencrypted (and can’t send it encrypted – which key would they use?), because Eve could snag it on its way and then have a field day unencrypting everything. Mallory on the other hand could intercept it and send on a different key and position himself as the true man in the middle. So, Alice and Bob would have to meet and exchange a key. Then, boom, Eve got a powerful computer and cracked the key anyway.
But even if A and B moved to a stronger encryption algorithm, the whole thing is limited anyway. Imagine if you were A and your bank were B: how on earth would you agree a common key and how on earth would the bank maintain a list of keys for every single one of its customers. Securely. Brrr.
I then talk about public key cryptography, or asymmetric cryptography, where a message is encrypted with one key but decrypted with a different, yet mathematically related, key. One of the keys is known as the public key and is published somewhere; the other is the private key that you keep under lock and key. From this scenario, I move onto digital certificates which solve the “publication” problem – how do you know that my public key that’s published over there is actually mine and not something put there by Mallory?
Finally we get to the SSL (or to be strict, TLS) algorithm that wraps it all up and allows you to securely connect to your bank without Eve jumping all over your accounts and Mallory pretending to be the bank.
All in all, a pretty nice summarization of the problems of encrypted communications and how they’re solved in this e-commerce internet era.
This article first appeared in issue 315, December 2011.
You can read the PDF here.
(I used to write a monthly column for PCPlus, a computer news-views-n-reviews magazine in the UK, which sadly is no longer published. The column was called Theory Workshop and appeared in the Make It section of the magazine. When I signed up, my editor and the magazine were gracious enough to allow me to reprint the articles here after say a year or so.)