bit at a time (stream ciphers) or in a block of bits, often 64 bits, and encrypt them all (block ciphers). With public-key encryption, Jane must first receive Chris’ open padlock through the mail, with Chris keeping his key. She then writes the message and locks it in the box with Chris’ padlock, which he can open with his own key. Similarly, for Chris to reply, he must have Jane’s open padlock with which he can secure the message. This system prevents a third party intercepting the key whilst in transit between Chris and Jane, which is a risk in symmetrical- key encryption. Also, if Chris allows someone else to copy his key, the messages between Jane and Chris would be unsecure, but Jane’s messages to other people would still be secure as other people would have different padlocks for Jane to use. In the digital world, a private key and a public key are both used in this system. One is used for encryption and the other for decryption. The public key is distributed freely to message senders and this encrypts the message. This ‘locks the box.’ The recipient’s private key can then decrypt the message and ‘open the box’. With this message, there is no need to send anything secret over an insecure channel. The public key is accessible to everyone, whereas the private key can stay in your computer. A good example of public key encryption would be the RSA cryptosystem, with one of its designers hailing from the Weizmann Institute, where Dulwich has had many successes in the safecracking competition. Without going into too much mathematical depth, the basic process of the RSA system relies on the difficulty of factoring the product of two large prime numbers. The public key is based on the product of the two primes and if it is large enough, only those with access to the two prime factors can decrypt the encrypted message in reasonable time. However, RSA is a relatively slow algorithm and so is not used for encrypting data directly, but rather encrypting keys themselves for
transfer in symmetric-key encryption. Recently, the messaging service Whatsapp notified me that all of my messages were now ‘secured with end-to-end encryption’, meaning that the messaging software applied the encryption algorithm directly to the message, which is also decrypted by the software at the other end. As a result, any hackers cannot see the message before it has been scrambled at either end of a conversation. However, despite tech companies reassuring the public of their secure networks, there are still weaknesses with this type of encryption. The security breach occurs at the endpoints of the communication stream, a weakness in the mailbox itself. In 2013, Edward Snowden demonstrated that Skype had introduced a back door in their system through which messages could be handed over to the US National Security Agency, despite them being end-to-end encrypted. This highlights the fact that we are never truly secure in the digital world, as long as companies continue to introduce back doors to their systems. The promises of secure communications channels, then, even with their armoury of codes and algorithms, are akin to the promises made by politicians: they are merely attempts to assure the public that an Orwellian level of surveillance is not in effect. The truth is less certain. But without the likes of Edward Snowden, the concern for internet security and encryption would never have been in the public eye to the extent it is now. Big Brother may be watching us, but some of us are watching Big Brother.
25
Made with FlippingBook - Online Brochure Maker