WebFund 2016W Lecture 18

From Soma-notes
Revision as of 02:01, 18 March 2016 by Soma (talk | contribs) (Created page with "==Video== The video for the lecture given on March 17, 2016 [http://homeostasis.scs.carleton.ca/~soma/webfund-2016w/lectures/comp2406-2016w-lec18-17Mar2016.mp4 is now availab...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Video

The video for the lecture given on March 17, 2016 is now available.


Notes

In Class

(This is lecture 18, not 17!) 

Lecture 18
----------

Symmetric cryptography
 - everyone uses the same key
 - think secret decoder rings
 - or, file encrypted with AES
 - secret has to be shared between sender and receiver
 

Public-key cryptography
 - but what if we don't have a shared secret?
   - your password isn't good enough, and
   - websites don't remember your password
   - and how would you send them your password in
     the first place
 - instead, we split the key into two parts
   - a public key
   - a private key
 - whatever one does, the other can undo

 - if you encrypt with a public key and decrypt with a
   private key
     - private one-way communication
     - e.g., you download Anil's public key and send
       Anil a secret message
 - if you encrypt with a private key and decrypt with 
   the public key
     - that's a digital signature

First rule of cryptography
 - friends don't let friends implement their own crypto
 - algorithms OR code!

Why?  You'll miss protections against attacks.
Example: timing attacks
 - can extract secrets by watching execution time
 - exploits the fact that some numbers take longer to
   multiply & other operations

Everyone else messes up too
 - so be prepared to update/replace all crypto-related
   code

Code

analyzeLogs-ssl-template.zip

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=WebFund_2016W_Lecture_18&oldid=20845"