# Differences

This shows you the differences between two versions of the page.

 cryptography_for_dummies [2020/05/05 20:05]statueofmike cryptography_for_dummies [2018/02/06 11:57] (current) Both sides previous revision Previous revision 2020/08/23 00:50 statueofmike 2020/05/05 20:05 statueofmike 2020/05/05 19:59 statueofmike 2019/02/12 14:52 statueofmike [Recommended Reading] 2019/02/12 01:48 statueofmike 2018/03/29 18:43 statueofmike 2018/03/29 18:43 statueofmike 2018/03/29 18:40 statueofmike 2018/03/29 18:39 statueofmike 2018/03/29 17:46 statueofmike 2018/03/29 17:40 statueofmike 2018/03/21 20:47 statueofmike created Next revision Previous revision 2020/08/23 00:50 statueofmike 2020/05/05 20:05 statueofmike 2020/05/05 19:59 statueofmike 2019/02/12 14:52 statueofmike [Recommended Reading] 2019/02/12 01:48 statueofmike 2018/03/29 18:43 statueofmike 2018/03/29 18:43 statueofmike 2018/03/29 18:40 statueofmike 2018/03/29 18:39 statueofmike 2018/03/29 17:46 statueofmike 2018/03/29 17:40 statueofmike 2018/03/21 20:47 statueofmike created Line 1: Line 1: + A lot of my coworkers are feeling pressure from "blockchain" hype. Before throwing a blockchain at a problem, let's review some cryptography basics. There's a good chance a simpler cryptography technique will be more appropriate for whatever application someone wants to hit with the blockchain-hammer. + From building-blocks to blockchain: + + - Cryptographic Hashing + - Symmetric Key + - Public/Private Key + - Blockchain + + ==== Architecting With Crypto ==== + + "Encryption is something you go around, not through" + -I forgot who said this but it's true + (common avenues: [[http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?hp&_r=0&pagewanted=all|implementation backdoors]], [[https://en.wikipedia.org/wiki/Category:Broken_cryptography_algorithms|broken algorithms]]) + + + First consider when NOT to use cryptography. + It's like Black Panther's suit: + + {{ :vibranium-yes.png?nolink&400 |}} + + It will stop bullets, but it doesn't make you invincible on its own. + + {{ :vibranium-no.png?nolink&400 |}} + + Always keep in mind: + * what is encrypted? + * where are the keys? + * (what are scope limits) + * is usability practical? + * if someone is going to put a vital password on a post-it in the break room, reconsider + + This is where catastrophic problems usually come from. People get tunnel-vision on the encryption methods and forget to consider the context and environment it's playing around in. + + ==== Crypto Techniques ==== + So before jumping into blockchain, consider: + + === Cryptographic Hashing === + + [[https://simple.wikipedia.org/wiki/Cryptographic_hash_function|{{ :cryptographic_hash_function.png?400 |}}]] + + The basic building block of encryption. A cryptographic hash is considered "cryptographically secure", which means it is mathematically-really-hard to invert the function. You effectively can't brute-force or guess what input created the output. + + https://docs.google.com/drawings/d/1I9f3xdHzMs_PfxZWLE8J6LU-6yexycUbeCPGzKRj4hw + + Cryptographic hashing is also quite versatile. This makes it such a powerful tool. + + === Symmetric-Key Methods === + + Closest to what we typically think of as "passwords". [[https://en.wikipedia.org/wiki/Symmetric-key_algorithm|Symmetric-key methods]] use a shared secret (a.k.a. "cipher") to encrypt and decrypt data back and forth **symmetrically**. They're relatively cheap on computing resources. + + Examples: + * password in your ZIP archive file + * user account password used to encrypt the partition or files in your PC/Mac + * keychain "master" passwords, used to store other passwords in an encrypted format + + + === Public-Key Methods === + + A pair of hashing functions R and U are created together. R is "pRivate" and U is "pUblic". + They behave in a way that U can verify if some output came from R. + + $$R(x) \rightarrow y$$ + $$U(\{Y\}) \rightarrow \text{something sane}$$ + $$U(\neg \{Y\}) \rightarrow \text{error}$$ + + Common technology used is [[https://en.wikipedia.org/wiki/RSA_(cryptosystem)|RSA]]. Used in e.g. [[https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server|SSH]] and Secure Signing. + + == Secure signing - Adobe PDF example == + * R is the "signature" file you create in Acrobat and save to your local computer for future use. + * y is the "signature" left on a PDF you send to someone else. + * U is built or saved in Adobe Acrobat that others use to verify the signature. + + + + === Blockchains === + https://docs.google.com/drawings/d/1RW0rDd5BEQ24e4lQdmxn8bm8dyhhoLROwLIazTCCUb4 + + + A blockchain combines a cryptographic hash chain with distributed data storage. Most blockchain issues reduce to distributed storage problems parity and replication efficiency. + + Recall that cryptographic hash functions can take variable input and produce a fixed-length hash. Each "block" contains a previous block's hash and data, which are all used to compute that block's hash. This is shared across a distributed data storage network. + + Replication methods are required to manage data parity across the network (see bittorrent or database clusters for other replication examples). + + ==Benefits== + * auditable + * cryptographically secured by conjugate hashing + * interference requires compromising enough of the network to sway consensus of the replication method + + {{gdraw>1iZawUscaB8DHnm9qOWMYCjVrGm81IaESTOigAyRPXg0 width=455 title="test title" center}} + + + ==== Recommended Reading ==== + + * Blockchain + * [[http://graphics.reuters.com/TECHNOLOGY-BLOCKCHAIN/010070P11GN/index.html | Reuters Blockchain Guide]] + * [[http://book.mixu.net/distsys/replication.html|The Replication Problem of Distributed Systems]] + * [[https://simple.wikipedia.org/wiki/Cryptographic_hash_function|Hashing]] + * [[https://simple.wikipedia.org/wiki/Symmetric-key_algorithm|Symmetric-Key Methods]] + * Paired-Key Encryption + * [[http://aplawrence.com/Basics/gpg.html|Quick-start blog]] + * [[http://www.gnupg.org/gph/en/manual.html|GPG Documentation]]