this post was submitted on 08 Apr 2024
76 points (98.7% liked)

No Stupid Questions

35807 readers
1685 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

I've been trying to get my head around this and I've watched a few videos but they don't seem to specifically answer my question.

According to what I've found online, messages encrypted with a public key can only be decrypted with a private key. But in practice, how is that possible?

Surely a public key contains a set of instructions, and anyone could just run those instructions in reverse to decrypt a message? If everything you need to encrypt a message is stored within a public key, then how is it a one-way process?

It's likely that I'm misunderstanding a core element of this!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 7 months ago* (last edited 7 months ago) (1 children)

It think the common analogy is a padlock and a key. One party gets the padlock and the other one the key. Now with the padlock you can just lock the box but not open it. And with the key you can just unlock and open the box. That's assymetric. You hand out padlocks (your public key) to everyone, but keep the key (your private key).

The maths behind that is a bit difficult to explain but not that difficult. I think it's about one-way functions that are easy to calculate in one direction and impossible to solve the other way around. There are several ways to do it. Like the old approaches with prime numbers. It's easy to multiply two prime numbers. But given an arbitrary large number, it's difficult to tell which prime numbers it consists of.

https://www.baeldung.com/cs/prime-numbers-cryptography

[–] [email protected] 3 points 7 months ago (2 children)

So using the formula in that guide, you get a numerical value for O. But surely someone else could follow the same process and also get the same answer? Unless the primes change each time? But then how would the sender and receiver know the way in which the values change?

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago) (1 children)

I'm not sure I get your question... Sure other people can also follow the same process and encrypt stuff to you. They can also do the calculations with your private key and arrive at the same result, sure. But the calculation involves your private key. Your secret. If that's known to someone, they can do the calculations. In the example you need to keep the "53" a secret and give the "221" to other people. Everyone with the "53" can decrypt. Everyone with the "221" can encrypt. It's just with the "221" you can't decrypt. That part of the calculation needs people to put in the other number.

[–] [email protected] 3 points 7 months ago (2 children)

I explained it poorly - what I mean to say is, two people trying to send the message 'Hello' for example both using the same public key would get the same output. So if you had a simple message like that, someone could work out by checking every word in the dictionary what your message was by checking if the output matched.

But I guess it's a bit of a moot point - it's unlikely that an encrypted message would ever be so simple. It could just as easily be much longer, and therefore basically impossible to guess the plaintext.

[–] [email protected] 4 points 7 months ago* (last edited 7 months ago) (1 children)

Ah, that is a really good question. These things happen. People have entire harddisks filled with "rainbow tables" which do these kind of attacks against hash-functions which are supposed to be one-way functions. This way they have terabytes worth of pre-computed hashes for the most common passwords and can immediately tell if one of those passwords is in a database leak.

For this it needs additional measures. Passwords are augmented with additional random data so people can't pre-compute the hashes. So it wouldn't be just 'Hello', but 'Hello' plus an additional (random) "salt" that gets fed into the one-way function so it can't be brute forced.

PGP for example uses both symmetric cryptography and asymmetric cryptography. The actual message is encrypted with symmetric encryption and the key to that is encrypted with asymmetric encryption. Unfortunately it's been a while since I last read a book on cryptography. I think they did that because symmetric cryptography is way faster. But things like that could also prevent such attacks. If you use the asymmetric encryption just for decrypting the other randomly chosen key which encrypts the actual message... There is no way to guess that. You'd have to check not just a small dictionary or know the plaintext, but check every random number in existence.

It's not always obvious to the layman what kinds of attacks are possible with the crypto algorithms. They definitely need to protect against such scenarios or they're worthless for that kind of use. There are "known plaintext attacks". Usually people don't want anyone even able to prove that you sent a certain message. And an algorithm also isn't good if you can learn something about the secret key if you have access to both a ciphertext and plaintext (the other variables in the equation). I think this was part of how they cracked the supposedly secure enigma machines of the Nazis. A proper modern cryptography algorithm protects against any of that. Sometimes by combining several things.

Edit: Sure and I forgot padding which @mumblerfish said. And appending data additionally helps if you don't want someone to know the exact length of a message. Or an algorithm sometimes can't encrypt arbitrary amounts of plaintext but does it in fixed block lengths...

[–] [email protected] 4 points 7 months ago (1 children)

Ah thanks for the useful links! Those articles are all quite fascinating. In the plaintext attacks article, I love the tactic mentioned here:

At Bletchley Park in World War II, strenuous efforts were made to use (and even force the Germans to produce) messages with known plaintext. For example, when cribs were lacking, Bletchley Park would sometimes ask the Royal Air Force to "seed" a particular area in the North Sea with mines (a process that came to be known as gardening, by obvious reference). The Enigma messages that were soon sent out would most likely contain the name of the area or the harbour threatened by the mines

[–] [email protected] 4 points 7 months ago* (last edited 7 months ago)

Both cryptography and that part of history are fascinating topics. I can also recommend watching "The Imitation Game" with Benedict Cumberbatch starring as Alan Turing... I mean it's just a movie and skips lots of the interesting stuff and details. YMMV.

It's the beginning of computers. And I think especially that time has some interesting stories, discoveries/inventions and personas. There is also the history and role of women in computing which I think is something more people should know about and it's related to that. After that we needed secrecy in the cold war. I think public key cryptography hasn't been around until the 1970s. There had been export regulations on cryptography until after I was born. And modern encryption algorithms like AES are from the 1990s. Nowadays everyone and their grandma relies on the availability of secure communications.

I think I spent some nights jumping from Wikipedia article to Wikipedia article and reading all of that.

[–] [email protected] 5 points 7 months ago

No, it can be very important. As I answered in another comment, its called padding https://en.m.wikipedia.org/wiki/Padding_(cryptography). And to see that it is imortant say you encrypt your easy to remember password in an encrypted file. Now if your attack was possible, having your public key, you could just generate the passwords and encrypt them to figure out your password. Much easier than trying to find your key. Using forms of padding, that does not work.

[–] [email protected] 5 points 7 months ago

This post on Stack Overflow does a good job of explaining the issue.