What is a PGP Key and how does it work?
Maybe you've come across this lately like I have on various websites. Several major news sites now encourage tips through email using an encryption method known as PGP Keys (here's a quick example -- look at the bottom of the article). I didn't really know much about it so I searched online for an explanation and it looks like Computerphile did a rather great explanation of what it is, how it works, and why it's good to use for sensitive information.
The PGP Key has two parts -- a public key and a private key -- and in the simplest terms, the public key is used to encrypt a message and the private key is used to decrypt it. The keys are specific and related to each other and can also be used to verify identity of a sender in circumstances where you cannot do so in any other physical way. Neat!
CGP Grey on digital encryption
CGP Grey drops some very good knowledge on digital encruption and the recent fight for it in specific relation to the San Bernardino massacre and the encrypted iPhone the FBI wanted unlocked by Apple.
It's a good reminder that even though our fight seems strong at the moment for digital encryption the same isn't always necessarily true for other countries where hackers are happy to hack away without consequence. Having one backdoor vulnerability, no matter how good the intention is, is a bad, bad, bad form of encryption for all.
John Oliver sums up the scary facts in the Apple vs FBI encryption case
Have you seen this yet? Of course you have. John Oliver's videos have lately been tackling a lot of pressing issues like this one about the battle for encryption with Apple and the FBI at the forefront.
To sum up some facts quickly:
- Judge ordered Apple to help FBI break into San Bernardino terrorist's phone
- Apple says no.
- Apple takes it public with this press release saying why breaking encryption for the FBI is bad for everyone.
- Facebook and Twitter support Apple in telling the FBI to F off.
- The FBI messed up bad, changing the user ID of the suspect's account rendering access impossible.
The entire scenario is so much deeper than simply saying that those who oppose breaking the encryption must have something to hide. No, it's not even about that. It's about the very real and scary precedent that could be set if the the government forces Apple to build a backdoor into its OS. If you're on the fence about the issue, maybe you'll change your mind hearing somebody like John Oliver put it into decent and understandable terms.
An explanation of how a 2048-bit RSA encryption key is created
Ready for something really nerdy? Here you go. I saw this video over at BoingBoing and couldn't stop thinking about how amazing this whole setup really is. It explains in some detail the creation of a 2048-bit RSA encryption key for a major new piece of internet infrastructure.
The process involves people from Verisign, the U.S. Department of Commerce, and ICANN coming together in a physical room, having the entire process videotaped, and everybody leaving with a part of key (but not the whole key) -- either physical or digital -- in their possession. There are so many fail-safes in place in this process that it somewhat resembles a spy movie. Makes sense though. Watch and learn!