Encrypting a File
Previous Efforts Back in February, I decided it was time to demystify the black box of secure Internet communications. I have been a professional programmer too long to continue carrying a hazy understanding of how web browsers and servers communicate securely. I wanted to remove HTTPS / SSL / TLS from the realm of magic and place it in the realm of the known and understood– a computer algorithm implemented in C# code. So I researched the topic, learned the underlying mathematics, wrote code to prove the theory actually works in practice, then wrote three blog posts explaining what I […]
AES, A Stronger Cipher Than XOR
The Problem In a previous post, Encrypting and Decrypting Text, I discussed how the shared key derived from a Diffie-Hellman Key Exchange can be used with a simple cipher (XOR) to encrypt and decrypt text. I wrote a demonstration program that sends encrypted messages between a client and server, with the server knowing how to respond to funny lines from the classic comedy, Airplane! I concluded with a mysterious statement, “There’s a weakness in our simple XOR cipher that’s exposed by sending a message not recognized as a line from Airplane!” Let’s pick up there by sending a simple phrase […]
Encrypting and Decrypting Text
In a previous post, The Math That Enables Asymmetric Key Cryptography, I discussed how your web browser and a web server can establish an encrypted communication channel without requiring you and the web administrator to meet beforehand to exchange secret keys. I explained how your web browser and a web server exchange public keys, then perform math operations on their private keys and the exchanged public keys to derive the same shared key. And I emphasized the security of this technique (Diffie-Hellman Key Exchange) is guaranteed by the computational difficulty of determining the shared key from the partial information transmitted […]
The Math That Enables Asymmetric Key Cryptography
The Problem Let’s examine how it’s possible for your web browser to establish an encrypted communication channel with your bank’s website. Obviously you don’t want a malicious party to intercept your personal information (such as your password, account number, social security number, etc) as it’s transmitted to and from your web browser and the bank’s web server. When you opened an account the bank did not provide you with a secret decoder ring. So how does your web browser know how to decrypt data transmitted by the bank’s web server? And how does the bank’s web server know how to […]