We are slowly getting to a point where you will understand how secure connections are established on the internet and how not to be overheard. But before that let’s understand one more thing.
If you saw my post regarding the Diffie-Helman key exchange you might be wondering: what if someone in the middle would intercept the communication. I.e. the hacker would replace publicly shared information with his ones and present himself as a sender/receiver to both sides. He could then pass through every message and know the content unseen. This situation is called the MITM (Man In The Middle) attack and Diffie-Helman alone is vulnerable to that.
The solution for that is the digitalsignature. It contains a unique and complementary pair of keys:
- secret key which could only encrypt the message
- publicly known key which could only decrypt the message.
This could be intercepted by the hacker too. He can also decrypt all messages during the Diffie-Helman key establishing process. But he won’t be able to replace any of them and present himself as the sender. That’s because there are special places where public keys could be downloaded and checked. The receiver could validate his version of the public key against that and be sure that the right person has sent that information.
Ok, but how about switching the keys and making:
- public key which could only encrypt the message
- secret key which could only decrypt the message.
In such a scenario, we wouldn’t need the Diffie-Helman algorithm. We will download the public key, and encrypt the message and only the owner of the secret key would be able to decrypt that. Yes, this is true and this was done in the early days of the internet. However secret keys would be stolen then all previous communication could be decrypted and compromised. So now we are using digital signatures for long periods (i.e. two years) and the Diffie-Helman algorithm to establish a secret key for single sessions.
Is this slowly clarifying itself? If not please ask and I will be happy to share more details on How not to be overheard.