Slashdot Log In
30 Years of Public Key Cryptography
Posted by
Zonk
on Sat Oct 28, 2006 06:22 AM
from the happy-cjsuiebz dept.
from the happy-cjsuiebz dept.
An anonymous reader writes "Public key crypto turned 30 last night, and the biggest names in crypto turned out to celebrate at an event hosted at the Computer History Museum. Voltage Security teamed with RSA to bring together some of the most famous cryptographers of yesterday (Whitfield Diffie and Martin Hellman) and today (Dan Boneh), along with luminaries Ray Ozzie, Brian Snow, and Jim Bidzos. From the ZDNet article: 'NYT reporter John Markoff, who has covered Silicon Valley for 30 years, was master of ceremonies, and started off by saying that no technology has had a more profound impact than cryptography, and that public-key cryptography has been underappreciated for its role in the Internet. Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.' You can view the podcast and pictures of the event at the Voltage Security site.."
Related Stories
[+]
First Quantum Cryptographic Data Network 65 comments
jdubs writes to tell us ScienceDaily is reporting that scientists at Northwestern University and BBN Technologies have demonstrated the first truly quantum cryptographic data network. From the article: "Kumar's research team recently demonstrated a new way of encrypting data that relies on both traditional algorithms and on physical principles. This QDE method, called AlphaEta, makes use of the inherent and irreducible quantum noise in laser light to enhance the security of the system and makes eavesdropping much more difficult. Unlike most other physical encryption methods, AlphaEta maintains performance on par with traditional optical communications links and is compatible with standard fiber optical networks."
[+]
Crypto Snake Oil 215 comments
An anonymous reader writes "Luther Martin of Voltage Security has published an article about the perception of cryptography today with regards to quality and honesty in vendors. From the article: 'Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography. Even after you use cryptography, you are never quite sure that it is protecting you like it is supposed to do.'"
[+]
CryptoDox: Encyclopedia on Cryptography & Info 47 comments
xorgb writes "CryptoDox is an online encyclopedia on Cryptography and Information Security. The data is being made available under the GNU Free Documentation License. The site is powered by MediaWiki and in the few months that it has been online it has got some good articles on the basics of cryptography. It is currently looking out for contributors to enhance its database of articles. Check it out!"
[+]
NSA Publication Indices Declassified 76 comments
Schneier is reporting that a 3 year old freedom of information act request has finally come to fruition showing us indices from the NSA Technical Journal, Cryptographic Quarterly, Crytologic Spectrum, and Cryptologic Almanac. From the article: "The request took more than three years for them to process and declassify -- sadly, not atypical -- and during the process they asked if he would accept the indexes in lieu of the tables of contents pages: specifically, the cumulative indices that included all the previous material in the earlier indices. He agreed, and got them last month. Consider these bibliographic tools as stepping stones. If you want an article, send a FOIA request for it. Send a FOIA request for a dozen. There's a lot of stuff here that would help elucidate the early history of the agency and some interesting cryptographic topics."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Celebration! (Score:5, Funny)
Re: (Score:2)
Damn! (Score:2)
When cryptography is outlawed, (Score:3, Funny)
(If you do a run of stickers with that on them, kindly tell me, and I'll buy some from you.)
Re: (Score:2)
https://addons.mozilla.org/firefox/770/ [mozilla.org]
Re: (Score:2)
Re:When cryptography is outlawed, (Score:4, Funny)
(for the uninformed, NTT allows you to easily install extensions that are only marked for compatibility with older FF versions)
Parent
Re: (Score:2)
first papers on PKC (Score:5, Interesting)
I was a math undergrad interested in large prime numbers and numerical computing when the first hints on what RS&A were doing came out in Scientific American. At that time I had only 3 years programming experience and it was a big thrill to get a public key crypto email system working (first in Pascal on a DEC-20) but I only distributed it to a small group as the university was not yet on the Internet.
I told the story to PZ at a conference about 8 years ago and we had a good laugh wondering how things might have developed differently had that program been distributed on Usenet by someone outside the USA!
May be older than 30 years old (Score:4, Interesting)
It is likely that the NSA discovered public key Cryptography in the late 60's or early 70's. Public Key Cryptography may be as old as 40 years old at this point, but without clarification from the NSA, we will never be certain.
---
Yahma
Proxy Storm [proxystorm.com] - Free Anonymous Proxy Service for security conscious individuals.
Actually I'm SURE it is (Score:2)
Can anyone back this up? I definitely remember watching the film, and feeling very sorry for the poor bloke who got basically nothing for his idea.
Re: (Score:2, Insightful)
No technology with a more profound impact? (Score:2, Insightful)
I hear that the wheel had quite an impact. Oh yeah and the steam engine. Not fogetting the printing press. Or even plastic. Seriously, do they even think before parroting this nonsense?
Re: (Score:2)
Insipid journalists.
Re: (Score:2)
GCHQ in 1973! (Score:5, Informative)
Re: (Score:2)
At GCHQ, they did not understand the importance of it.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Great to see Ray Ozzie in that list. (Score:4, Interesting)
Sure, others used it before then, but in terms of a widely used corporate end user audience, it was (and still is to some extent) unique.
Yes, you may now rag on Notes if you like -- of course, keep in mind it remains the only real solution for a major corporation that by public key authentication and encryption by default, has a fully functional smtp mta built in, handles the front end needs of end users well enough for salespeople (not like a typical pop or imap client) and of course, fully supports linux as a server platform (and within a few months as a client platform as well).
Re: (Score:2)
Like many other good ideas I believe it was given a bad reputation by the lusers who invested their careers in notes as a platform for everything.
Once standardisation sets in notes becomes a reason not to do stuff, or at least not to bother trying.
No Zimmerman? Where was the real party? (Score:4, Insightful)
Re: (Score:2)
eCommerce possible without public key crypto (Score:3, Interesting)
I don't like to take away from their excellent work, but it is possible, though inconvenient, to do private-key crypto for such things.
Your bank, for example, would need to [paper] mail you a private key to type into your machine (or give you a thumbdrive with it, whatever you like). Inconvenient, yes; you'd need a new key for each company you interact with. Probably it would encourage a few monopolies (amazon and eBay) to dominate, since you'd only need to interact with them by paper once. But not impossible.
Re: (Score:2)
Eg: SSL uses public key enc
Wrong Date (Score:3, Informative)
I suppose the commercial victors get to (re)-write the history books then.
Re: (Score:2)
How many use it? (Score:3, Interesting)
Could it be that encryption is still to complex for most people?
I will continue to encrypt emails to those I know can handle it and will sign others.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Barriers to use of email encryption (Score:4, Informative)
Complexity may be an issue, but I think it's a relatively minor one.
The biggest issue is that people simply really just don't care. When I try to advocate this stuff to laymen, by far the most common comment I hear is "So what if someone reads my email?" Most people don't think email privacy is worth protecting. Yes, even despite the news stories in the last few years (i.e. the government really is reading your email; it's not just a paranoid crackpot theory anymore).
Another issue is something that has actually gotten worse in the last 10 years. Webmail is very popular. It's nearly impossible to do email encryption correcting using webmail instead of "real" (e.g. POP or IMAP) mail. You either have to trust a foreign system with your keys, or you have to have so much non-web-intelligence running inside the web browser (e.g. a Java applet or something) that it isn't really webmail anymore. And even if you make it sophisticated enough to run on the web browser, you lose one of the major advantages of webmail: checking your email from anywhere, including untrusted machines. (The only way to do it then, is for the user to do the crypto inside their head instead of using a computer.) It's a mess and it just can't be done right. As long as people want webmail, as long as they see it as a good thing instead of a bad thing, they can't have good encryption. (Well, unless they are the admin of the web server. e.g. One person at Google could conceivably use gmail as a secure webmail system. ;-)
Parent
Re: (Score:2)
Re:implementations? (Score:4, Informative)
Parent
In another 30 years... (Score:2)
Hopefully we see a world where the major email clients (including Thunderbird/Seamonkey) come with easy to use email encryption out of the box.
Hopefully we see a world where your communications and data are safe from people you would rather didnt see them (black-hat hac
Re: (Score:2)
1a) Mail servers that start caching SSH-style public keys for servers that they talk to. Then encrypt the transport between the two servers. There are definitely MITM attacks that could be mounted, but the outbound MTA might simply keep track of key-changed events in the log files. Let the admins worry about it, if they do.
1b) IPSec with opportunistic encryption for encrypting the transport. Ma
Re: (Score:3, Informative)
Essentially, if the recipiant supports encryption, the recipiants public key is pulled from a key server. Then, the email client encrypts it using something similar to PGP or GPG. Something thats standard enough that anyone can implement it.
At the other end, it is decrypted by the mail client using the recipiants private key.
All that the servers in the middle see is an encrypted email (same as they would see if you encrypted an email right now with PGP or GPG or whateve
30 Years of *Public* Public Key Cryptography (Score:2)
John Markoff (Score:3, Interesting)
The evils of public-key cryptography (Score:4, Informative)
I personally think that it would be far better to make use of shared-secret systems for when you need communication security, like logging onto banks. The solution to phishing is clearly to use a shared secret system, because things like IE7's anti-phishing filtering can be worked around. SRP6 is great, but unfortunately that is based on public-key technology (though doesn't actually involve a public key, like Diffie-Hellman).
I hope that someday it is proven that public-key cryptography cannot be securely attached to an NP-complete problem, and that either a fast discrete logarithm algorithm (*) is found or quantum computers take off.
(*) A fast solution to the discrete logarithm problem implies a fast solution to integer factorization.
Melissa
Re: (Score:2)
"most uses of it are bad."
You must have a different definiton of "most" from the rest of us.
DRM can be implemented using either symmetric or public key crypto.
Re: (Score:2)
Overstatement (Score:3, Interesting)
Hardly. Phone conversations are not encrypted and can be/are intercepted, yet phone commerce is commonplace. Even in-person credit card purchases are hardly secure and there are a number of websites that do e-commerce without encryption. Without public key cryptography, more attention would be paid to security of the path between your ISP and the vendor. Websites could also have you set up username and password over a more secure channel and then use plain symmetrical encryption for the actual purchase.
Thanks for (holding back) encryption, RSA! (Score:3, Insightful)
And without the patent on public-key encryption that covered not just the method but the very idea of it, we might all have secured communications by now. But instead we are not much further ahead except for ssh which at least helps network admins.
I just have a hard time cheering for RSA which did nothing other than patent a mathematical formula discovered by multiple people and prevent it's dfree use in America and other countries that allow software patents.
I was using PGP back in the early 90's and was frustrated that it's use was hamstrung by the patent and US laws on exporting encryption software. What a waste.
Re: (Score:2)
Maybe I'm wrong but there are other ways of doing asymmetrical encryption schemes (elliptic functions in Galois fields) that are not patent encumbered.
Maybe there was no will to develop it?
Re: (Score:2)
The real "missed opportunitity", if you think of it as such, was from the middle of the last century in Bletchley Park and elsewhere. That's when cryptography and computer science started to come together.
Re:30th birthday of what exactly? (Score:4, Informative)
Parent
Re: (Score:3, Informative)
Re: (Score:2)
Diffie/Hellman/Merkle's work was pointing the way; I have to think public-key would've happened in relatively short order (within 5-10 years) without RSA.