It's 2014. Are we there yet?

Mark H. Wood mwood at IUPUI.Edu
Thu Apr 10 16:50:06 CEST 2014 

On Wed, Apr 09, 2014 at 12:39:44PM -0400, Kapil Aggarwal wrote:
> Let's list a few arguments:
[snip]
> -          WTF is a key pair/public key/private key/<insert more arcane
> terminology>. - J This IS a big problem. I may get it, you may get it, how
> does the average Joe user gain that understanding? The nomenclature needs to
> be, well, something that the average Joe user can understand as well. They
> understood SSL (well, for the most part).

I think this one is easy.  The key pair is a mathematical analog of
the old spy trick (I'm sure it's in the movies somewhere) of tearing a
playing card in two, giving one piece to each of two people who do not
know each other but must be able to recognize one another.  No two
cards tear *exactly* the same way.  And the math does this *much*
better.

I thought that the tradition of the mizpah coin would serve as well,
but I haven't found a good explanation, just advertising and Biblical
backgrounders.  As I recall, someone thought to break a soft metal
coin in two, so that the jagged edges would symbolize a unique
relationship, and somehow related it back to the story of the cairn of
stones that symbolized an agreement with God as witness.  Nowadays
they mint the things in two pieces, very stylized, and you buy them
already separated.  So maybe this is not so useful here.

Anyway, the point is the same:  a random process produces a unique
boundary between two complementary pieces, which the holders can use
to identify each other.  A computer does it with mathematics that you
don't have to fully understand, so long as you trust someone who
does.  If you need to see it in the physical world, just tear a piece
of paper, or break a cookie in two, and contemplate the result.

There are other things you can do with the jagged edges (so to speak)
of these keys, to scramble and unscramble a message, because the two
pieces are related, in a way too complex to easily guess if you don't
have one of them.  Go ahead:  pick up a pencil and paper, and try to
predict the EXACT shape of the torn edges of a card without seeing it.

One thing you must understand is that the keys are related
*mathematically*, not physically.  *Unlike* the card, knowing one shape
does not automatically give you the other.  This is useful:  it means
that you have a secret which you don't have to share to prove that you
know it.

After that, it's all just multiplying impossibly huge numbers.

That's dumbed down considerably, but I think it gets the basic idea
across simply.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Machines should not be friendly.  Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/attachments/20140410/79c46e24/attachment.sig>

More information about the Gnupg-users mailing list