最新评论 (0)


The Internet: Encryption & Public Keys

互联网科普系列 加密与公钥
The Internet: Encryption and Public Keys
大家好 我是Mia Gil-Epner 在加州大学伯克利分校主修计算机科学
Hi my name is Mia Gil-Epner, I’m majoring in Computer Science at UC Berkeley and I work
同时为国防部工作 负责保障信息安全
for the Department of Defense, where I try to keep information safe. The Internet is
互联网是个开放公共系统 我们通过共享的链路来发送和接收信息
an open and public system. We all send and receive information over shared wires and
但即便它是一个开放的系统 我们仍需要交换一些私人数据
connections. But even though it’s an open system we still exchange a lot of private
比如信用卡数字 银行信息 密码和邮件
data. Things like credit card numbers, bank information, passwords, and emails. So
那么 这些私人信息是如何保密的呢任意一种数据可以通过
how is all this private stuff kept secret? Data of any kind can be kept secret through
加密 加扰 或改变信息隐藏原文本的方式来保密
a process known as encryption, the scrambling or changing of the message to hide the original
而解密则是去加扰的过程 使得信息可读
text. Now decryption is the process of un-scrambling that message to make it readable. This is
这是一个简单概念 但人们已经做了几个世纪了
a simple idea, and people have been doing it for centuries. One of the first well known
第一个众所周知的加密方法是凯撒密码 以罗马将军凯撒的名字来命名
methods of encryption was Caesar’s Cipher. Named after Julius Caesar, a Roman general
他加密他的军事命令 确保当信息被敌方拦截时
who encrypted his military commands to make sure that if a message was intercepted by
他们不能读取它 这是一种替换加密的技术
enemies, they wouldn’t be able to read it. Caesar Cipher is an Algorithm that substitutes
each letter in the original message with a letter a certain number of steps down the
alphabet. If the number is something only the sender and receiver know, then it’s called
那么这个步数就是密钥 允许读者解密信息 例如
the key. It allows the reader to unlock the secret message. For example, if your original
假如你的原始信息是“HELLO” 使用凯撒密码的算法加密 以5为密钥
message is ‘HELLO’ then using the Caesar Cipher algorithm with a key of 5 the encrypted message
是这个… 要想解密信息 接受者只需使用密钥来倒推
would be this… To decrypt the message, the recipient would simple use the key to reverse
但是 凯撒密码有一个大漏洞
the processes. But there is a big problem with Caesar Cipher, anybody can easily break
每个人很容易就能试出可能的密钥 破解加密信息
or crack the encrypted message, by trying every possible key, and in the english alphabet
并且在字母表中 只有26个字母 那意味着你最多仅需要试26次就可解密信息
there are only 26 letters, which means you would only need to try at most 26 keys to
现在尝试26次不是很难 最多可能花费一到两小时
decrypt the message. Now trying 26 possible keys isn’t very hard, it would take at most
an hour or two. So lets make it harder. Instead of shifting every letter by the same amount,
而是用不同步数比如 一个十位数字显示十个步数
let’s shift each letter by a different amount. In this example a ten digit key shows how many
positions each successive letter will be changed to encrypt a longer message. Guessing this
猜这串数字是很难的 用十位数字加密有100亿种解决方案
key would be really hard. Using 10 digit encryption there could be 10 billion possible key solutions.
显而易见 这超出了人类极限 解决它要花费几个世纪
Obviously that’s more then any human could ever solve, it would take many centuries.
但今天的一台普通电脑 尝试这100亿种可能只需花费几秒
But an average computer today, would take just a few seconds to try all 10 billion possibilities.
因此 现代世界 坏人是带着电脑而不是铅笔来解密
So in a modern world were the bad guys are armed with computers instead of pencils how
can you encrypt messages so securely that they’re too hard to crack? Now too hard means
现在 太难意味着有太多可能性以至于在合理时间内无法计算
that there are too many possibilities to compute in a reasonable amount of time. Today’s secure
communications are encrypted using 256 bit keys. That means a bad guy’s computer that
intercepts your message would need to try this many possible options… until they discover
the key and crack the message. Even if you had a 100,000 super computers and each of
每台每秒都能尝试一千万亿个密钥 也需要花费数万亿年
them was able to try a million billion keys every second it would take trillions of trillions
来试尽所有选择 破解出以256位加密的信息
of years to try every option, just to crack a single message protected with 256 bit encryption.
当然 计算机芯片每年缩小一半却加速一倍
Of course computer chips get twice as fast and half the size every year or so. If that
如果持续以指数式进步 今天不可能的任务将
pace of exponential progress continues, today’s impossible problems will be solvable just
在几百年后解决 之后256位不再足够安全
a few hundred years in the future and 256 bits won’t be enough to be safe. In fact
事实上 我们已经增加了密钥长度来追上电脑发展速度
we’ve already had to increase the standard key length to keep up with the speed of computers.
The good news is using a longer key doesn’t make encrypting messages much harder but it
exponentially increases the number of guesses that it would take to crack a cipher. When
当发送者和接受者使用 相同的密钥 来加密和解密信息时
the sender and receiver share the same key to scramble and unscramble a message its called
就称为对称加密 像凯撒密码 就是对称加密
Symmetric Encryption. With Symmetric Encryption, like Caesar Cipher, the secret key has to be
两人已在私下提前对密钥达成协议对于两人来说 那是很棒的
agreed on ahead of time by two people in private. So that’s great for people, but the internet
但互联网是开放公共的 因此两台电脑私下达成协议是不可能的
is open and public so it’s impossible for two computers to “meet” in private to agree
因此 计算机开始使用非对称加密来替代
on a secret key. Instead computers use Asymmetric Encryption keys, a public key that can be
exchanged with anybody and a private key that is not shared. The Public Key is used to encrypt
公钥被用来加密数据 每个人可以用它来创造密信但是密信只能通过有访问私钥的电脑来解密
data and anybody can use it to create a secret message, but the secret can only be decrypted
by a computer with access to the private key. How this works is with some math that we won’t
这样想 想象你有一个私人邮筒
get into right now. Think of it this way, imagine that you have a personal mailbox,
任何人都能存邮件 但他们需要一个钥匙来存
where anybody can deposit mail but they need a key to do it. Now you can make many copies
现在你能制作许多存邮件的钥匙备份 然后给你的朋友发一个或者公开
of the deposit key and send one to your friend or even just make it publicly available. Your
friend or even a stranger can use the public key to access your deposit slot and drop a
并且扔入一些信息 但是 只有你能用私钥打开邮箱
message in, But only you can open the mailbox with your private key, to access all of the
去访问所有你收到的密信 并且只要利用给他们的公钥
secret messages you’ve received. And you can send a secure message back to your friend
你能给你的朋友回送密信 通过这种方法 人们不要私钥就可以交换私信
by using the public deposit key to their mailbox. This way people can exchange secure messages
without ever needing to agree on a private key. Public Key cryptography is the foundation
of all secure messaging on the open internet. Including the Security Protocols known as
当我们浏览网页时 它保障我们的安全
SSL and TLS, which protect us when we are browsing the web. Your computer uses this
现在你的电脑一直使用它 只要你看到小锁或以https开头的浏览器地址栏
today, anytime you see the little lock or the letters https in your browser’s address
bar. This means your computer is using public key encryption to exchange data securely with
the website you’re on. As more and more people get on the internet more and more private
越来越多的私密数据将被传送 数据安全的需要也将越来越重要
data will be transmitted, and the need to secure that data will be even more important.
随着电脑的快速发展 我们将不得不发展新的加密方式
And as computers become faster and faster we will have to develop new ways to make encryption
使得电脑难以被破解 这正是我的工作所要做的 它一直在进步
too hard for computers to break. This is what I do with my work and it’s always changing.