WebFund 2016W Lecture 18: Difference between revisions
Created page with "==Video== The video for the lecture given on March 17, 2016 [http://homeostasis.scs.carleton.ca/~soma/webfund-2016w/lectures/comp2406-2016w-lec18-17Mar2016.mp4 is now availab..." |
(No difference)
|
Revision as of 02:01, 18 March 2016
Video
The video for the lecture given on March 17, 2016 is now available.
Notes
In Class
(This is lecture 18, not 17!)
Lecture 18
----------
Symmetric cryptography
- everyone uses the same key
- think secret decoder rings
- or, file encrypted with AES
- secret has to be shared between sender and receiver
Public-key cryptography
- but what if we don't have a shared secret?
- your password isn't good enough, and
- websites don't remember your password
- and how would you send them your password in
the first place
- instead, we split the key into two parts
- a public key
- a private key
- whatever one does, the other can undo
- if you encrypt with a public key and decrypt with a
private key
- private one-way communication
- e.g., you download Anil's public key and send
Anil a secret message
- if you encrypt with a private key and decrypt with
the public key
- that's a digital signature
First rule of cryptography
- friends don't let friends implement their own crypto
- algorithms OR code!
Why? You'll miss protections against attacks.
Example: timing attacks
- can extract secrets by watching execution time
- exploits the fact that some numbers take longer to
multiply & other operations
Everyone else messes up too
- so be prepared to update/replace all crypto-related
code