|Newer page:||version 9||Last edited on Friday, July 7, 2006 6:39:18 am||by AristotlePagaltzis|
|Older page:||version 2||Last edited on Sunday, August 10, 2003 9:35:29 pm||by zcat(1)||Revert|
@@ -1,18 +1,14 @@
authentication works like this: I create a 'keypair'
, a public and a private key. Anything
that is encrypted with my public key can
only be decrypted with my private key
+ authentication, that only [ ] .
, I keep my private
and give everyone my
public key. Then
, for example
, if you want to email me in
private, you encrypt your email to me with my
public key ; that way only I
can decode it
+ , key and public key. , , private , public key can .
Every time I
send my password
network , I open myself to risk that I'm going to have it stolen
Instead of this you generate a key pair on
your own computer, and you copy the public key
to the server. Then, when the server wants
you to prove who you are
, it sends you a block of random data and asks you to sign it . Then
it checks that you generated a valid signature. The server had
your public key, and knows what it sent you
. Only a
person with the matching private key could correctly sign
the data, and any future logins will
be given a different chunk
of data to sign
usually get the server to validate
itself the same way.
is hacked or spoofed
, the attacker does
your private key or password; they only gain a few signed blocks of random data
never be used again
+ send over network. Instead your to the you to , it sends you a block of random data and asks you to sign it it checks your . person with the matching the be of . usually itself the same way. the is , not your private key which never .
 Don't ask why at this point
, its about large prime numbers
] ; just take it
as read that it
is in fact
+ , [ ] as is the .
 Actually it's about "one way trapdoor" functions.
There's a lot
of situations in maths where going one way is easy (like multiplying together two large prime numbers a x b = c) but going the other way is much harder (finding the two prime factors of the number we just generated.)
Then there's another class of functions; there's a formula that involves a number based on 'c' that people can use to mangle data. These functions also appear to be 'one way' and you can't get back the original data even if you know what 'c' was, unless you happen to know what 'a' and 'b' were, in which case there's another formula you can use to figure out what the original data was.
The maths involved is still pretty complicated, cpu intensive, and not as secure as conventional cryptography so in the real world these functions are mostly used to transfer conventional cypher keys, which are then used to protect the actual data being sent.