|
Day One Unsecured Base of the Internet |
Know Who You Are Dealing WithWhen you want to start communicating with another Web site, using a secure connection, the first thing you need to do is exchange public keys. Your computer uses the key it receives to encode data going to the other site. The other site uses the key your computer provides it to encode data to be send back to you. Neither computer reveals it's private key. If another computer happens to get a copy of one of the public keys, it does not matter, since that key cannot be used to read any of the traffic. (Think of the public keys as being like a box of open padlocks.) One flaw in this method is that you need a way to be sure you are exchanging keys with the system you want. Otherwise you could fall victim to what is called a 'Man in the Middle' attack. In this attack, a 'hacker' computer pretends to be the one you want to talk to (your bank for example). you exchange public keys with the hacker, and the hacker then connects to the real website you wanted. The hacker exchanges his own public key with the bank site. What happens now is that you send encrypted data to the hacker, who can decrypt it, read it, re-encode it using the key he has for the real bank, and then pass it on. The bank sends encrypted data back to the hacker, where he can decrypt it, read it, re-encrypt it for your computer, and send it to you. This is where security certificates come into play. We will see examples of all of this in practice later.
|