Confused about the logic of public key encryption

[JKyleOKC]

That still doesn't solve the question of a man-in-the-middle attack.

I believe that this is the whole purpose of having CAs; the "web of trust" starts from a top-level certification authority whose address is built into your operating system and thus cannot be faked by a man in the middle. The identity of any subsidiary CA is vouched for by a top-level CA, much as the DNS system delegates the translation of a URL into an IP address starting from the root servers. Eventually, you reach a CA that vouches for the identity of the person or firm you're trying to reach.

That assurance of identity, rather than a huge encryption key, is what's in the second box locked with a CA's public key.

As the DigiNoTar incident(s) have demonstrated, the system does NOT prevent MITM attacks if a top-level CA is breached. However, so far the number of such detected breaches has remained quite small; small enough that the system still is believed to be viable. That can always change, of course.

So long as greedy humans exist, they will find ways to prey on others. Members of our species, history tells us, are predators by nature, and prey on their fellows as well as other species. A perfect system is impossible to achieve; we have to work with the best we can do even if it's not as good as we would like.

EDIT: Yes, CAs are a bit costly. I've never used one for exactly that reason. However they do work for firms that I do business with, such as my bank or the utility companies that I pay through their web sites. Few of us are really concerned about such matters when it comes to visiting forums, or casual Email contacts...

[Paddy Landau]

As I recall the events, the CA, DigiNoTar, issued a certificate...

The real loss of trust was not that they were hacked (everyone is susceptible), but that they covered it up for a significant time instead of telling everyone immediately.

If they had told everyone, patches would have been implemented worldwide within hours.

There is a thread giving more specific information.

[Chronon]

This is true, provided that the technology continues to increase at its current accelerated rate. However, should there be a quantum leap -- either a new relevant mathematical discovery regarding prime number fractionation, or a new computing technology -- then you are at risk.

There is only one foolproof encryption method so far discovered, and it uses the esoteric properties of quantum mechanics. In this method, an encrypted message can be transmitted exactly once and has a 50% chance (as I recall) of arriving uncorrupted. If it arrives corrupted, the message needs to be re-encrypted and sent again. The message cannot be decrypted by anyone other than the recipient, not even theoretically. Furthermore, the message reveals when a man-in-the-middle attack has taken place. But this technology is all very new and as-yet unavailable outside the laboratory. I confess I do not understand how it works.

That's not quite how it works. Quantum key distribution uses transmission of quantum bits to establish a shared set of random, classical bits (a one-time pad). One time pad is unbreakable by any algorithm, it only requires a random process to generate a sequence of bits that can be shared by two people. This sequence of bits can be used to encrypt a message by simple bitwise addition. The original message is recovered by bitwise addition of the same one-time pad. Security comes from the randomness of the pad. A cracker may as well run a random number generator and simply hope to get lucky.

The quantum part of quantum key distribution relies on the no-cloning theorem. An attacker cannot measure the quantum state of a qubit and exactly reproduce the quantum state. This lack of fidelity will show up as an error rate for qubits that were generated and measured in the same basis (by sender and receiver, respectively).

The way it works is that Alice (the sender) prepares and sends a stream of qubits to Bob, randomly changing the logical state as well as the basis (polarization of a single photon, for example). After enough bits have been transmitted, they get on a public, classical channel and Bob reports which basis he used for each measurement. Alice and Bob keep only the logical values where their choice of basis coincides. According to theory, there should be perfect correlation between their sets of logical values. To check for the presence of an attacker they simply sacrifice a small portion of their key (say 100 bits) and announce the logical values over the public channel. If the error rate is above a certain rate then they know that the channel is compromised and they abort the operation. If the error rate is below threshold then they know that no attacker is listening and they can use the remaining set of bits as a one-time pad. Once Alice and Bob share a one-time pad they can use it to securely send any message of equal length. It's important to recognize that no sensitive data is sent until Alice and Bob are sure that they alone share a specific sequence of random bits.

There are other variations -- for example, by using a source of entangled qubits, Alice and Bob can perform a procedure called entanglement purification to reduce the amount of information possessed by an attacker (Eve), provided the error rate is below a certain level.

[Paddy Landau]

That's not quite how it works...

Thanks for the clarification. It seems really complicated. I had read that research had developed a totally unbreakable method, but you're saying that it can (in theory) be cracked. OK, I'm not an expert in this!

[Chronon]

Thanks for the clarification. It seems really complicated. I had read that research had developed a totally unbreakable method, but you're saying that it can (in theory) be cracked. OK, I'm not an expert in this!

I'm saying that the technique of quantum key distribution can assure you when the bits you have shared with someone else are secret (because quantum bits cannot be duplicated perfectly). Once you are confident of this, you can use this one-time pad to encrypt arbitrary data. This encryption cannot be broken by any algorithm. There is an infinitesimal probability that an attacker could guess the random bit sequence contained in the one-time pad, but this doesn't represent a tangible security risk and it is absolutely the most secure encryption protocol since it is not subject to attack by any algorithm.

With the second technique involving entangled qubits, Alice and Bob can, additionally, perform entanglement purification until they share a pure state. I.e., they reduce the amount of information held by Eve to zero.

[Cu Rua]

This stuff is giving me the giggles.
Still haven't gotten an answer to one question, though: what sorts of people are distributing both keys and certificates? All I've gathered so far is a few big corporate names and a vague impression of government involvement.
Is any of this similar to the Wikileaks security that prevents anyone from tracing the source of the info sent to their servers? I remember reading something about a world-wide network of computers that the messages randomly bounce around before arriving at the main servers, something akin to money laundering through banks.
Also, I think it's always been a foregone conclusion that anything one person builds, another can break, so nothing is absolutely airtight--- but it's still fun to see all the ways people try to get around human nature. On that note, wouldn't malicious parties simply monitor everyone who's ever used encryption, find the physical location of their computers, and manually attach a tracking device that relays all activity straight to the bad guys without all the song and dance of cracking quantum algorithms?
How hard would it be to build a back door into a key program and just use that? How would we know if somebody had done that?

[JKyleOKC]

Still haven't gotten an answer to one question, though: what sorts of people are distributing both keys and certificates? All I've gathered so far is a few big corporate names and a vague impression of government involvement.

When you access a "secure site" in your browser, using "https" instead of simply "http" (or just see the padlock icon or a warning message) there's at least one certificate involved. These are usually issued by some corporation such as Network Solutions Inc. or Thawte, but it's possible to create your own certificate although there's no reason for anyone else to trust a "self-signed" version. The answer to your question, then, is "any sort of person or firm, both honest and dishonest."

Is any of this similar to the Wikileaks security that prevents anyone from tracing the source of the info sent to their servers? I remember reading something about a world-wide network of computers that the messages randomly bounce around before arriving at the main servers, something akin to money laundering through banks.

The only similarity is that both involve the word "security" and that can mean anything from "use armed guards" to "keep it hidden in plain sight." As for the analogy to money laundering, that "random" bounce is in fact how the internet works; it's not at all random, though. each of its component networks connects to others, so that eventually there's a possible route from you to most anywhere else on the planet -- unless one of the interconnections gets blocked for some reason. That's why security is needed -- at any point along the way, the operators of the current network can copy off any traffic they want to.

wouldn't malicious parties simply monitor everyone who's ever used encryption, find the physical location of their computers, and manually attach a tracking device that relays all activity straight to the bad guys without all the song and dance of cracking quantum algorithms?

That can be and has been done; the hard parts are finding the location, and gaining physical access. The location is usually found by asking the service provider, and the tracking device isn't needed. Just install malware such as a key logger that does the capture. That's easy enough to do over the net with a drive-by download from an infected web site.

The authorities can simply confiscate the computers and in some countries torture the suspect into a confession. In less severe situations, the malicious parties just trick you into giving them the information they want, such as your security passwords.

How hard would it be to build a back door into a key program and just use that? How would we know if somebody had done that?

Search Google for Dennis Ritchie's remarks on being awarded the Turing Prize for lifetime achievement. He, along with Ken Thompson, created the original Unix system on which Linux is based and the C programming language with which to do so, and in his acceptance speech, told of doing just that to the original C compiler. He made it create a back door that gave him full access to any program built using that tool. Many folk suspect that some or all of the current "security" solutions have such back doors inserted at the demand of national governments, but none have been outed to public view.

Security is a process, not a bandage. Walls, locks, keys, and encryption don't make things secure; a careful approach and suspicious mind must be added into the mix -- and even then, absolute security isn't achievable. We have to settle for "good enough" which means that my bank account access only needs to stay secret for so long as I still hold that account...

[Cu Rua]

Many folk suspect that some or all of the current "security" solutions have such back doors inserted at the demand of national governments, but none have been outed to public view.

To the trained eye, how visible are back doors? Would a hacker be able to take apart whatever bits and pieces they receive to take a look?
Also, google failed, I can't find any comments on back doors Ritchie put into C.

[mastablasta]

Here is some good explanation abotu public key security...http://wald.intevation.org/frs/downl....0.0-beta1.pdf

well truecrypt for example uses this public key/šrivate key i believe and you can check on wiki how teams ofg experts tried to break the encription and had to give it up in the end after a couple of months work....

http://en.wikipedia.org/wiki/TrueCrypt

Operation Satyagraha
In July 2008, several TrueCrypt-secured hard drives were seized from a Brazilian banker Daniel Dantas, who was suspected of financial crimes. The Brazilian National Institute of Criminology (INC) tried unsuccessfully for five months to obtain access to TrueCrypt-protected disks owned by the banker, after which they enlisted the help of the FBI. The FBI used dictionary attacks against Dantas' disks for over 12 months, but were still unable to decrypt them.[34]

you can also check how it is possible to break the encryptions under certain very specific circumstances.

[Paddy Landau]

Also, install WOT (Web Of Trust) in your Firefox or Chromium browser. WOT is a community-driven system. Although it is far from perfect, it has occasionally given me a heads-up when visiting a website.