Practice Cryptography!

Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.

Friday, January 18, 2008

 

Identity

If you receive a message encrypted with a certain public key that you've seen before, you can safely assume that the same private key was used to encrypt that message as was used before.  If we can assume 'proper' key management procedures, we can assume that the same person used the same private key to encrypt that message.

This provides for referential continuity.

If we know that we're dealing with the same entity (key) as before... why do we need to know who that entity is?  Should we need to?  If so, why?

(Imagine a site that provides relatively static content with updates from time to time.  Why should that site need to know that Joe Bloe from Elgin IL is accessing it?  Instead, why not reduce that knowledge to 'a key which has been approved to access the site until X date was used to access the site'?  Combine that with the IP address, and you have a means of making sure that the key isn't improperly distributed.)

posted by Kyle H  # 1:12 PM
Comments: Post a Comment



<< Home

Archives

2006-02-12   2006-02-19   2006-02-26   2006-03-05   2006-03-12   2006-03-19   2006-03-26   2006-04-02   2006-04-09   2006-04-16   2006-04-23   2006-07-23   2008-01-13   2008-01-20   2008-02-03   2008-02-17   2008-03-16   2008-04-06   2008-05-11  

This page is powered by Blogger. Isn't yours?