Prior to the course mentioned two types of encryption, that highlighted the key, and this is from the rest of the way encryption, public-key to begin with:
Security Public/Private Key - Secure Sockets
First in a lesson, we put forward two concepts: security and reliability, we have talked about some simple and practical way to ensure the confidentiality of such things like Caesar cipher, such as the use of a digital signature based on shared achieve integrity. But in the Internet world, this is difficult, because you can not always gather first user to a location, and then share this signature with them, let them go back to their lives using him.
Public key encryption is considered to solve this problem in a very elegant solution. It is composed of Diffie and Hellman proposed in 1976. It relies on two keys, it is asymmetrical, which means that we are no longer to encrypt and decrypt using the same key, without any protection of a public key and a private key to save himself. Send your public key, the public key is used to encrypt and decrypt using the private key. They are related mathematically, in a manner well understood, but they are difficult to calculate the length of the key, because both of which are sufficiently long.
But "difficult" does not mean "impossible", as previous lessons say, absolute security does not exist when the computer is not fast enough, we can lift the public key by brute force, of course, with the to accelerate the speed of the computer, the length of the public key will be correspondingly longer, the corresponding calculation will also increase. So at least for now, is still relatively safe public protection.
If you are using a public key encryption, you must generate a pair of keys. First select two sufficiently large random number, multiplying them, digital public key is obtained, but the two random numbers compared to the beginning of the private key. From here you should be able to see it, if only know the public key to crack the private key of the difficulty of how much is simply seeking a certain number of factors, but if the number is large enough, the amount of computation is very scary. However, in other words, if you can master one of the private key, so natural to find one that is very easy.
In life, assuming you are shopping on Amazon.com, you will enter the bank card information into the website. Amazon itself will have a public key and a key, they will be sent to you via the Internet public key, you use the public key to encrypt your credit card information, and then send it out, and this time, there is an eavesdropper to steal bank card information after you encrypt, it is true that they can use a supercomputer running a few months around the clock to crack this password string, but for the Amazon, the lifting of this encrypted information as long as a few seconds.
After the password has such a mechanism, engineers can make to the original network level some changes, adding a new concept between the application layer and the transport layer: TLS (Transport Layer Security, Transport Layer Security), also information is called SSL (Secure Sockets layer, Secure Sockets layer protocol) or the HTTPS, which is responsible for encryption and decryption application layer pass over, to ensure reliable transmission of information, while others maintain the original level of the handling work. Because the price of reasons, there have been many companies try to carry out some activities does not apply in the case of security protocols for our consumers, do not type a sensitive information is not HTTPS in the URL. While there would still be a virus or phishing sites threaten the security of your information, but at least this basic level of security awareness or should have, right?
Security - Integrity and Certificate Authorities
SSL to achieve the confidentiality of information transfer, the remaining issue is the reliability. Things like digital signatures in the network, you also need someone like mentioned before, to prove it was sent by the other side, we need a reliable third party as a middleman, this is the CA (Certificate Authority, Certificate Authority) it can prove identity and public key belongs to everyone and generate the certificate, the organization set up in which both international organizations and governments, but also to profit by the service provider certification organization. For example, we visited this course platform, Coursera, the certificate was not obtained from the Coursra, but that come from GoDaddy, GoDaddy with its private key to the public key encryption Coursera generate a digital signature, public key and then and digital signatures as well as the original server information integration together, back to the site so that we can achieve a high degree of confidentiality.
取得证书其实是一件很昂贵的事,它可以便宜到几百美元,也可能要花费数千美元。但因为它们的可靠新,很多人都乐意去支出这笔开销。而CA也会认真对待这些请求,在颁发证书的时候也会非常慎重,确保证书能够送到公司真正的持有人,而不是一个坏人手上。同时,我们的浏览器和操作系统,也会预先安装认证,来验证加载的证书是不是属于CA的。
这次的内容又是用很真实的例子来讲解安全,不过后半段课程稍微有点绕,对于最后一部分的公钥认证还是有些不理解,英语水平的提高得再加油了。