HTTPS (30 Jul 2013)

Now we know for sure that way too many countries mistook "1984" for a training manual, including Germany. It is about time to teach myself about security and cryptography.

Hartley Brody's "How HTTPS Secures Connections: What Every Web Dev Should Know" happened to float by on Hacker News (IIRC) the other day. For me, it was a great start to start exploring this wide field.

Key learnings:

• Certificates are required to authenticate communication partners. In other words, make sure you are really talking to your bank and not to someone who enjoys spending spare time on building web sites which look surprisingly like your bank's
• Following authentication, a "common secret" is established which is henceforth used to encrypt communication contents. The magic sauce is the Diffie-Hellman-Merkle algorithm. Algorithms like this make it possible to exchange enough information in the open to establish this common secret.
• For performance reasons, subsequent encrypted communication is symmetric.

Which pushes the following items on my reading/viewing list:

• Diffie-Hellman key exchange (video)
• Other key exchange algorithms: PSK (pre-shared key), elliptic-curve Diffie-Hellman, RSA, SRP
• What is Diffie-Hellman? (RSA Labs)
• Discrete Logarithm Problem (video)
• Simon Singh: Geheime Botschaften
• https://www.boxcryptor.com
• The First Few Milliseconds of an HTTPS Connection
• https://konklone.com/post/switch-to-https-now-for-free

---

When asked for a TWiki account, use your own or the default TWikiGuest account.

---