Intuiting TLS
a year ago
- #TLS
- #Security
- #Encryption
- The internet's problem: Anyone between you and websites can see/edit communication.
- TLS (Transport Layer Security) aims to solve privacy issues in public settings.
- Encryption basics: Use a cipher known only to you and the website.
- Problems with simple ciphers: Complexity and uniqueness per website are needed.
- Random Number Generator (RNG) with a seed (key) for unique ciphers per website.
- Key Exchange problem: How to securely share the website's key without interception.
- Diffie-Hellman Key Exchange: Uses one-way and commutative operations for secure key sharing.
- Authentication challenges: Ensuring the other party is who they claim to be (Key Authenticity).
- Data Authenticity: Using hash functions to verify message integrity.
- Authenticated Encryption (AEAD): Combines encryption with hashing for data integrity.
- Key Authenticity solution: Pre-Shared Keys (PSK) or certificates for trust.
- Certificates: Use signatures from a trusted third-party (Root) to verify identities.
- Public Key Infrastructure (PKI): Centralized trust system using certificates.
- TLS handles edge cases like forward secrecy and data/timing attacks.
- Resources for learning TLS: Monocypher, TweetNaCl, Julia Evans’ Toy TLS 1.3, xargs’ Illustrated TLS 1.3.