#define private public - Claus Brod on stuff (30 Jul 2013)

topic end
<!--
   * Set TOPICTITLE = #define private public - Claus Brod on stuff (30 Jul 2013)
-->

<style type="text/css">
pre {background-color:#ffeecc;}
</style>

%STARTINCLUDE%
<a name="30"></a>

---+++ [[DefinePrivatePublic20130730Https][HTTPS]] (30 Jul 2013)

<summary>
Now we know for sure that way too many countries mistook "1984" for a training manual, including Germany. 
It is about time to teach myself about security and cryptography.
</summary>

Hartley Brody's [[http://blog.hartleybrody.com/https-certificates/]["How HTTPS Secures Connections: What Every Web Dev Should Know"]] happened to float by on Hacker News (IIRC) the other day. For me, it was a great start to
start exploring this wide field.

Key learnings:
   * Certificates are required to authenticate communication partners. In other words, make
     sure you are really talking to your bank and not to someone who enjoys spending
     spare time on building web sites which look surprisingly like your bank's :-D
   * Following authentication, a "common secret" is established which is henceforth used
     to encrypt communication contents. The magic sauce is the 
     [[http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange][Diffie-Hellman-Merkle algorithm]].
     Algorithms like this make it possible to exchange enough information _in the open_
     to establish this common secret.
   * For performance reasons, subsequent encrypted communication is [[http://en.wikipedia.org/wiki/Symmetric-key_cryptography][symmetric]].

Which pushes the following items on my reading/viewing list:
   * [[http://www.youtube.com/watch?v=YEBfamv-_do][Diffie-Hellman key exchange]] (video)
   * Other key exchange algorithms: [[http://en.wikipedia.org/wiki/Pre-shared_key][PSK (pre-shared key)]],
     [[http://en.wikipedia.org/wiki/Elliptic_Curve_Diffie-Hellman][elliptic-curve Diffie-Hellman]],
     [[http://en.wikipedia.org/wiki/RSA_(algorithm)][RSA]], [[http://en.wikipedia.org/wiki/Secure_remote_password_protocol][SRP]]
   * [[https://www.rsa.com/rsalabs/node.asp?id=2248][ What is Diffie-Hellman?]] (RSA Labs)
   * [[https://www.youtube.com/watch?v=bjWOG50PfdI][Discrete Logarithm Problem]] (video)
   * Simon Singh: [[http://de.m.wikipedia.org/wiki/Geheime_Botschaften][Geheime Botschaften]]
   * https://www.boxcryptor.com
   * [[http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html?repost!][The First Few Milliseconds of an HTTPS Connection]]
   * https://konklone.com/post/switch-to-https-now-for-free

---

%STOPINCLUDE%

%COMMENT{type="below" nonotify="on"}%

---
to top
End of topic
Skip to action links | Back to top
You are here: Blog > DefinePrivatePublic20130730Https

r1.8 - 26 Sep 2013 - 16:09 - ClausBrod to top
Blog