{"id":44,"date":"2008-02-29T11:30:08","date_gmt":"2008-02-29T00:30:08","guid":{"rendered":"http:\/\/scriptorum.imagicity.com\/2008\/02\/29\/ing-encryption\/"},"modified":"2008-02-29T11:30:08","modified_gmt":"2008-02-29T00:30:08","slug":"ing-encryption","status":"publish","type":"post","link":"https:\/\/village-explainer.kabisan.com\/index.php\/2008\/02\/29\/ing-encryption\/","title":{"rendered":"#@)(!*^ing Encryption"},"content":{"rendered":"<p>A few words about the title: The first seven letters are written using a very simple code, or cypher. Each of the letters in the original word is replaced by the non-alphabetical character to which it is closest on a US keyboard. The process of hiding a message by substituting other letters, numbers or symbols is known as encryption. When the code is reversed, the title reads \u2018<strong>Explaining Encryption<\/strong>\u2019.<\/p>\n<p>But it also looks like swearing, doesn\u2019t it? In fact, the use of characters like this to denote swearing is a simple (dare we say crude?) kind of encryption. A child too innocent to know such words derives no meaning from the random collection of characters. Someone well versed in the ways of the world, though, can add up the number of characters and quickly deduce what was intended.<\/p>\n<p>On and off over the last two months, we\u2019ve been looking at various aspects of online security. This week, we\u2019re going to consider what steps we can take to make the information we send over the Internet secure from prying eyes.<\/p>\n<p>We\u2019ll also consider why it is that no one uses these measures, and why most of us won\u2019t any time soon.<\/p>\n<p><!--more--><\/p>\n<p>When you talk with someone over the Internet, it\u2019s useful to imagine that you\u2019re sitting down with them in a busy caf\u00e9. It\u2019s not exactly a wide-open place, but it\u2019s not very private either. As long as you keep your voice down \u2013 and as long as the waiter doesn\u2019t eavesdrop \u2013 you have a reasonable expectation of privacy. Nonetheless, there are some things you simply would not say.<\/p>\n<p>The Internet, unfortunately, has very few truly private places. It takes a great deal of effort to establish security strong enough to be guaranteed that nobody knows who you\u2019re talking to, or what was said. It\u2019s often easier to learn a few little tricks to make sure that no one understands what you\u2019re saying, even if they can hear you.<\/p>\n<p>One technique that works really well for some people is to speak in a language that nobody else understands. The US Army used this trick during the Second World War. They enlisted a number of Navajo Indians to work as radio operators. The Navajo language was not documented anywhere, and the US was confident that no one aside from the Navajo people themselves spoke the language, so they took advantage of this, and used them extensively to provide secure communications in places where going through a lengthy encryption\/decryption process would cost lives.<\/p>\n<p>That\u2019s more or less what encryption is. It\u2019s a newly-minted code (language, if you like) that only you and the computer at the other end of the link can understand.<\/p>\n<p>The most common kind of encryption on the Web today is something called Secure Sockets Layer, or SSL. It uses a fairly simple process to establish a kind of a tunnel between you and the server you\u2019re connecting to. The mechanics of the transaction are actually somewhat complex, but in layman\u2019s terms, the process works something like this:<\/p>\n<p>Joe wants to log into GMail. He goes to gmail.com and clicks on the login link. The server sends some information back to the browser that says, \u201cI really am the server that he meant to click on. Here\u2019s my ID. I want to talk to Joe privately.\u201d The browser examines the ID and, provided it\u2019s legit, cooperates with the server to invent a language that only the two of them understand. Joe can now talk with the GMail server without fear of anyone else understanding what\u2019s being said.<\/p>\n<p>Setting up something like this is fairly easy when each party in the transaction is known to the other. Public servers can obtain virtual ID cards, called certificates, which allow us to verify that someone else isn\u2019t just pretending to be them. A good web browser will warn you before it establishes a secure connection with a server that isn\u2019t trusted in this way.<\/p>\n<p>The process isn\u2019t foolproof, but it\u2019s much better than nothing.<\/p>\n<p>There are two big problems with encryption, though. First, it\u2019s too easy. Second, it\u2019s too hard.<\/p>\n<p>When used in a web browser, the process of establishing trust between two machines usually happens without any intervention from the user. The idea is that it should \u2018just work\u2019. Developers went to very great lengths to find ways to make that happen. Unfortunately, that means that most people are never aware whether they\u2019re sending their information securely or not, or whether the information is actually going where they think it\u2019s going.<\/p>\n<p>In effect, browser makers are victims of their own success. They were so good at hiding the complex process of establishing trust that they made it too easy for users to ignore security completely. In fairness, they have all worked hard recently to try to provide visual clues about the nature of the sites people visit, but many users remain oblivious to the warning signs when things are not as they should be.<\/p>\n<p>So the most common kind of encryption is one that we use everyday, but we never actually see. That\u2019s possible because it\u2019s based on knowing a given computer\u2019s identity. Google is not likely to change from one day to the next; therefore it\u2019s possible to infer that if it was trustworthy yesterday, it will be trustworthy tomorrow. It\u2019s also well-known enough that we don\u2019t have to rely so much on our own judgement as on the experience of others.<\/p>\n<p>But what about those numerous occasions when someone whom you don\u2019t know very well asks you to send them confidential information? Let\u2019s say you want to send the results of a recent pregnancy test from the hospital in Australia to a doctor here in Port Vila. This is absolutely not the kind of information you would want to send out in the open. You wouldn\u2019t paste such information onto the back of a postcard and send them that way, would you?<\/p>\n<p>When you send information by unsecured email, that\u2019s exactly what you\u2019re doing. You\u2019re relying on people not to let their curiousity get the better of them.<\/p>\n<p>So why don\u2019t we all use encryption then? The answer is very simple and very complex all at once.<\/p>\n<p>The simplest way to explain it is that the process of setting up trust between two computers is a little complex. It\u2019s not beyond the ability of an intermediate-level computer user, but it might take them a little while to get used to the process.<\/p>\n<p>It\u2019s just hard enough, however, to keep the majority of people from using it easily. And encryption is one of those things that\u2019s kind of useless unless everyone can agree to use it, and to use it in the same way as everyone else.<\/p>\n<p>The biggest problem is that we can\u2019t see, touch or hear encryption, so software applications using encryption have to get in the way a little bit. They have to intrude on what would normally be a simpler process, asking questions, wanting confirmation for this or that. For many people, it\u2019s disconcerting, even alarming to have their computer suddenly start talking about security using jargon they don\u2019t understand.<\/p>\n<p>We find ourselves caught in a bit of a dilemma. Most of the time, we\u2019re happy with the notion of the Internet as a wide public plaza. We stroll around, taking in the latest sights, catching up on news, what have you. But occasionally we run into someone we really want to talk to, and lo, there\u2019s no quiet place the two of you can go. The contortions required to establish your own special language for two require time, effort and knowledge, and most often there\u2019s not enough of any of those.<\/p>\n<p>Encryption is really the only useful way to protect what you send over the Internet from prying eyes. Given the number of prying eyes on the Internet today, it\u2019s a shame that personal encryption techniques are so hopelessly behind the needs of the average computer user.<\/p>\n<p>We\u2019ll all use personal encryption some day, but that day is yet to come.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A few words about the title: The first seven letters are written using a very simple code, or cypher. Each of the letters in the original word is replaced by the non-alphabetical character to which it is closest on a US keyboard. The process of hiding a message by substituting other letters, numbers or symbols [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,5,10],"tags":[193,386,482,537],"class_list":["post-44","post","type-post","status-publish","format-standard","hentry","category-geek","category-journamalism","category-soft-core","tag-encryption","tag-navajo","tag-privacy","tag-security"],"_links":{"self":[{"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/posts\/44","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/comments?post=44"}],"version-history":[{"count":0,"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/posts\/44\/revisions"}],"wp:attachment":[{"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/media?parent=44"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/categories?post=44"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/village-explainer.kabisan.com\/index.php\/wp-json\/wp\/v2\/tags?post=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}