Do you not understand public-key cryptography, a.k.a. PKI,1 a.k.a. the thing that makes the padlock on your internet browser?
Well, don’t worry; no one understands public-key cryptography. Like, not even joking, but half the people who work in INFOSEC don’t understand public-key cryptography, let alone normal people with actual lives. So here’s a short video to get you started. It mostly deals with the maths side of things which, ironically, is the easy part.2
Incidentally, my favourite part is where the nerdy lookin’ dude draws up a pentagram on a chalkboard, all casual as fuck:
Diagramming mesh networks or summoning the Dark Gods of Computer Science? We may never know.
- So technically, “PKI” stands for “public-key infrastructure”, which are the systems that implement public-key cryptography in the Really Real World. They’re not interchangeable terms, though they’re often used as if they are. ^
- If you’re wondering, the “hard part” is where the PKI comes in. Which is to say, if you’re Alice and you want to securely communicate to Bob, how do you know the person who’s claiming to be Bob is, in fact, Bob? The Entity Claiming to Be Bob is handing out private keys all over the place, so you can communicate to someone without Eve listening in over the wire. But how can you be assured that Bob isn’t Eve in a silly moustache? Welcome to the base problem behind 99% of all computer security. ^