<a href="068">068</a>    [ 069 ]    <a href="070">070</a>Someone who man-in-the-middles your communications can trick you in any of a thousand ways. Of course, there's a great way to get around the man-in-the-middle attack: use crypto. With crypto, it doesn't matter if the enemy can see your messages, because he can't decipher them, change them, and re-send them. That's one of the main reasons to use crypto. But remember: for crypto to work, you need to have keys for the people you want to talk to. You and your partner need to share a secret or two, some keys that you can use to encrypt and decrypt your messages so that men-in-the-middle get locked out. That's where the idea of public keys comes in. This is a little hairy, but it's so unbelievably elegant too. In public key crypto, each user gets two keys. They're long strings of mathematical gibberish, and they have an almost magic property. Whatever you scramble with one key, the other will unlock, and vice-versa. What's more, they're the *only* keys that can do this -- if you can unscramble a message with one key, you *know* it was scrambled with the other (and vice-versa). So you take either one of these keys (it doesn't matter which one) and you just *publish* it. You make it a total *non-secret*. You want anyone in the world to know what it is. For obvious reasons, they call this your "public key." The other key, you hide in the darkest reaches of your mind. You protect it with your life. You never let anyone ever know what it is. That's called your "private key." (Duh.) Now say you're a spy and you want to talk with your bosses. Their public key is known by everyone. Your public key is known by everyone. No one knows your private key but you. No one knows their private key but them. You want to send them a message. First, you encrypt it with your private key. You could just send that message along, and it would work pretty well, since they would know when the message arrived that it came from you. How? Because if they can decrypt it with your public key, it can *only* have been encrypted with your private key. This is the equivalent of putting your seal or signature on the bottom of a message. It says, "I wrote this, and no one else. No one could have tampered with it or changed it." Unfortunately, this won't actually keep your message a *secret*. That's because your public key is really well known (it has to be, or you'll be limited to sending messages to those few people who have your public key). Anyone who intercepts the message can read it. They can't change it and make it seem like it came from you, but if you don't want people to know what you're saying, you need a better solution. So instead of just encrypting the message with your private key, you *also* encrypt it with your boss's public key. Now it's been locked twice. The first lock -- the boss's public key -- only comes off when combined with your boss's private key. The second lock -- your private key -- only comes off with your public key. When your bosses receive the message, they unlock it with both keys and now they know for sure that: a) you wrote it and b) that only they can read it. It's very cool. The day I discovered it, Darryl and I immediately exchanged keys and spent months cackling and rubbing our hands as we exchanged our military-grade secret messages about where to meet after school and whether Van would ever notice him. But if you want to understand security, you need to consider the most paranoid possibilities. Like, what if I tricked you into thinking that *my* public key was your boss's public key? You'd encrypt the message with your private key and my public key. I'd decrypt it, read it, re-encrypt it with your boss's *real* public key and send it on. As far as your boss knows, no one but you could have written the message and no one but him could have read it. And I get to sit in the middle, like a fat spider in a web, and all your secrets
belong
<a href="068">068</a>    [ 069 ]    <a href="070">070</a>