"End-to-end encryption: Behind the scenes" by Martin Kleppmann, Diana Vasile

Поделиться
HTML-код
  • Опубликовано: 29 окт 2024

Комментарии • 9

  • @fuu812
    @fuu812 7 лет назад +2

    Excellent talk! Hope to see more of this in future. I wonder how we can do such operations as all these examples produce easily very large numbers which end up with "infinity" error.

  • @digitalairaire
    @digitalairaire 4 года назад +1

    31:35 The best conceptual explanation of PKI I've seen

  • @TrulyLordOfNothing
    @TrulyLordOfNothing 2 года назад

    06:45 I, as Martin, do not have Diana's private key.According to the RHS, All I can do is: Signature raised to Dpub and get the hash of the message. Would doing this really be the same hash as shown on LHS? If that were true then every hacker is one step away from knowing the message if he can unhash it. Because now, he's already reaches from signature(cipher) -> hash.

  • @TrulyLordOfNothing
    @TrulyLordOfNothing 2 года назад

    what exactly is g at 19:38 He says it is public but what is it?

  • @harigovindvk1242
    @harigovindvk1242 8 лет назад

    when we are offline during a Diffie-Hellman key exchange, does the server posses our g^x, the g^y from the sender and the encrypted message ??.

  • @matosmpb
    @matosmpb 7 лет назад +1

    can a E2EE app "fake" it has E2EE and always be the man in the middle?

    • @sundhaug92
      @sundhaug92 7 лет назад +3

      Yes, though it depends a bit on the situation and the protocol. For example:
      1. A perfectly encrypted stream can still be captured, even if the actual content cant be derived.
      2. Even an encrypted stream may have unencrypted metadata relating to underlaying protocol. For example for GPG, a man in the middle can detect the fact that A is sending an email to B and that A uses email-service G, though some of this is limited by using an encrypted connection to the servers and between the servers.
      3. An app can use a bad key-generation-function, enabling someone to calculate the key-pair.
      4. An attacker can use a quantum-computer to calculate the factors for an RSA-based system.
      5. An app can tag a message with either an escrow-key (see Shipjack/clipper chip) of the decryption-key itself

    • @markusklyver6277
      @markusklyver6277 3 года назад

      Yes, you can never be sure there isn't a man-in-the-middle. This is the classical General's Problem.