An Extremely Brief Introduction to Security Concepts
In order to discuss secure email, we must first agree on some terms relating to security in general. If we want to communicate securely, whether by email or another means, what do we mean by “securely”? That question can be answered in two ways: authentication, which is the process of ensuring that the two parties involved are who they say they are, and privacy, which is the process of protecting the contents of the conversation from others.
Authentication is generally implemented by use of either a shared secret or an asymmetric key algorithm like the public key/private key concept. A shared secret allows for extremely strong protection, since the two parties can agree to anything (such as “Every time that I say ‘turkey,’ I really mean that you should call your mother”). The problem with shared secrets is that the two parties must at some time agree on the secret. How does one do that on the Internet when the two parties have never met? Any Internet-based exchange could be intercepted. Asymmetric keys, on the other hand, rely on a special mathematical property of very large numbers; they are hard to factor. Two keys, generated in advance, can include factors for the same large number. Guessing the number by brute force, even with modern computers, can take a long time. This is how public key/private key systems work.
For the purposes of email, the asymmetric key algorithm is preferable since the two parties may never meet to safely ...
Get Programming Internet Email now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
