WebFund 2016W Lecture 18
Jump to navigation
Jump to search
Video
The video for the lecture given on March 17, 2016 is now available.
Notes
In Class
(This is lecture 18, not 17!)
Lecture 18
----------
Symmetric cryptography
- everyone uses the same key
- think secret decoder rings
- or, file encrypted with AES
- secret has to be shared between sender and receiver
Public-key cryptography
- but what if we don't have a shared secret?
- your password isn't good enough, and
- websites don't remember your password
- and how would you send them your password in
the first place
- instead, we split the key into two parts
- a public key
- a private key
- whatever one does, the other can undo
- if you encrypt with a public key and decrypt with a
private key
- private one-way communication
- e.g., you download Anil's public key and send
Anil a secret message
- if you encrypt with a private key and decrypt with
the public key
- that's a digital signature
First rule of cryptography
- friends don't let friends implement their own crypto
- algorithms OR code!
Why? You'll miss protections against attacks.
Example: timing attacks
- can extract secrets by watching execution time
- exploits the fact that some numbers take longer to
multiply & other operations
Everyone else messes up too
- so be prepared to update/replace all crypto-related
code