Differences between version 2 and predecessor to the previous major change of PublicKeyAuthentication.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 2 | Last edited on Sunday, August 10, 2003 9:35:29 pm | by zcat(1) | Revert |
Older page: | version 1 | Last edited on Sunday, August 10, 2003 7:37:33 pm | by WikiAdmin | Revert |
@@ -1,7 +1,18 @@
Public key authentication works like this: I create a 'keypair', a public and a private key. Anything that is encrypted with my public key can only be decrypted with my private key [1].
So, I keep my private key private and give everyone my public key. Then, for example, if you want to email me in private, you encrypt your email to me with my public key; that way only I can decode it.
-Every time I send my password over the network, I open myself to risk that I'm going to have it stolen. Instead of this you generate a key pair on your own computer, and you copy the public key to the server. Then, when the server asks
you to prove who you are, you generate
a signature, using your private key
. The server can verify that signature (since it has
your public key)
and allow
you to log in
. Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain one signature. And signatures cannot
be re-
used, so they have gained nothing
.
+Every time I send my password over the network, I open myself to risk that I'm going to have it stolen. Instead of this you generate a key pair on your own computer, and you copy the public key to the server. Then, when the server wants
you to prove who you are, it sends
you a block of random data and asks you to sign it. Then it checks that you generated a valid
signature. The server had
your public key,
and knows what it sent
you. Only a person with the matching private key could correctly sign the data, and any future logins will be given a different chunk of data
to sign. You'll usually get the server to validate itself the same way
.
+
Now if the server is hacked or spoofed, the attacker does not gain your private key or password; they only gain a few signed blocks of random data which will never
be used again
.
-[1] Don't ask why at this point, its about large prime numbers; just take it as read that it is in fact the case.
+
+
+
[1] Don't ask why at this point, its about large prime numbers[2]
; just take it as read that it is in fact the case.
+
+[2] Actually it's about "one way trapdoor" functions.
+
+There's a lot of situations in maths where going one way is easy (like multiplying together two large prime numbers a x b = c) but going the other way is much harder (finding the two prime factors of the number we just generated.)
+
+Then there's another class of functions; there's a formula that involves a number based on 'c' that people can use to mangle data. These functions also appear to be 'one way' and you can't get back the original data even if you know what 'c' was, unless you happen to know what 'a' and 'b' were, in which case there's another formula you can use to figure out what the original data was.
+
+The maths involved is still pretty complicated, cpu intensive, and not as secure as conventional cryptography so in the real world these functions are mostly used to transfer conventional cypher keys, which are then used to protect the actual data being sent
.