The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo








Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

The Ultimate Business Machine - Archives

List of Categories : Database * Technology * Commentary * Singapore * Travel *

Sat 25 Jun 2005

Alice and Bob Go Public

Category : Commentary/PKI.txt

I was reading Simon Singh's "The Code Book - The Science of Secrecy from Ancient Egypt to Quantum Cryptography" and this is the first time I really understand this concept called the Public Key Infrastructure (PKI) which we use in mail and web servers when we "turn on SSL".

If you start with Simon Singh, then move on to Steven Levy's "Crypto", and then reach David Kahn's "The Codebreakers", you should be able to get a very good grounding as to why having an understanding of this dismal science is really so important to running a business in our Internet age.

This is the first time I've found someone who could draw a meaningful picture around PKI - i.e., the problem it was meant to solve, how it solved it, and why that's significant. And so I'll quote that part of the book that created that Eureka moment and encourage you to read it, too. If you're concerned about running a business on the 'Net, this will be a meaningful journey :

"The whole problem of key distribution is a classic catch-22. If two people want to exchange a secret message over the phone, the sender must encrypt it. To encrypt the secret message the sender must use a key, which is itself a secret, so then there is the problem of transmitting the secret key to the receiver in order to transmit the secret message. In short, before two people can exchange a secret (an encrypted message) they must already share a secret (the key)."

"When thinking about the problem of key distribution, it is helpful to consider Alice, Bob and Eve, three fictional characters who have become the industry standard for discussions about cryptography. In a typical situation, Alice wants to send a message to Bob, or vice versa, and Eve is trying to eavesdrop. If Alice is sending private messages to Bob she will encrypt each one before sending it, using a separate key each time. Alice is continually faced with the problem of key distribution because she has to convey the keys to Bob securely, otherwise he cannot decrypt the messages. One way to solve the problem is for Alice and Bob to meet up once a week and exchange enough keys to cover the messages that might be sent during the next seven days. Exchanging keys in person is certainly secure, but it is inconvenient, and if either Alice or Bob is taken ill the system breaks down. Alternatively, Alice and Bob could hire couriers, which would be less secure and more expensive, but at least they will have delegated some of the work. Either way, it seems that the distribution of keys is unavoidable. For two thousand years this was considered an axiom of cryptography - an indisputable truth. However, there is a thought-experiment that seems to defy the axiom."

And so the stage is set ...

"Imagine that Alice and Bob live in a country where the postal system is completely corrupt, and postal employees will read any unprotected correspondence. Alice wants to send an intensely personal message to Bob. She puts it inside a strongbox, closes it, and secures it with a padlock and key. She puts the padlock box in the post and keeps the key. However, when the box reaches Bob he is unable to open it because he does not have the key. Alice might consider putting the key inside another strongbox, padlocking it and sending it to Bob, but without the key to the second padlock he is unable to open the second box, so he cannot obtain the key that opens the first box. The only way around the problem seems to be for Alice to make a copy of her key and give it to Bob in advance when they meet for coffee. So far, I have just restated the same old problem in a new scenario. Avoiding key distribution seems logically impossible: surely, if Alice wants to lock something in a box so that only Bob can open it, she must give him a copy of the key. Or, in terms of cryptography, if Alice wants to encipher a message so that only Bob can decipher it, she must give him a copy of the key. Key exchange is an inevitable part of encipherment - or is it?"

And now the denouement ...

"Now picture the following scenario. As before, Alice wants to send an intensely personal message to Bob. Again, she puts her secret message in a strongbox, padlocks it and sends it to Bob. When the box arrives, Bob adds his own padlock and sends the box back to Alice. When Alice receives the box, it is now secured by two padlocks. She removes her own padlock, leaving just Bob's padlock to secure the box. Finally she sends the box back to Bob. And here is the crucial difference: Bob can now open the box because it is secured only with his own padlock - to which he alone has the key."

"The implications of this little story are enormous. It demonstrates that a secret message can be securely exchanged between two people without them first exchanging a key. For the first time we have a suggestion that key exchange might not be an inevitable part of cryptography."

And so this is the start - having a clear mental model of the basic issues to make the mind more ready to consider a few other possibilities. It takes a couple more steps from here to reach how public key encryption actually works today in our systems. And then one more step to understandiing something called PGP - Pretty Good Privacy.

I believe it's going to become very important to learn how to make these things work for us in our businesses. We've already got all these stuff built into our little Macs. All we need is to figure out how to turn them on. Right. The Mac Way.

Posted at 5:22AM UTC | permalink

Mac@Work
Put your Mac to Work

Sivasothi.com? Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.