Ed Felten (previously) -- copyfighter, Princeton computer scientist, former deputy CTO of the White House -- has published a four-and-a-half-page "primer for policymakers" on cryptography that explains how encryption for filesystems and encryption for messaging works, so they can be less ignorant.
It is a remarkable and clear piece of technology writing, perhaps the best example of its type I've ever read. It's clearly the results of explaining the same thing, over and over and over and over again, using trial-and-error to identify the places where the audience gets tripped up, until what remains is a perfectly clear explanation of something that's both difficult to understand and vitally important.
Suppose two users, Alice and Bob, want to send a series of messages to each other. They want to
use encryption to protect the confidentiality of messages (so that nobody else can learn the
contents of messages) and the integrity of messages (so that nobody else can tamper with
messages without detection); and they want to use encryption to authenticate each other, so
they both know they are not communicating with an impostor.
For encrypted communication, each party will generate a long-term identity key, which they
keep secret. A party can use its long-term identity key to prove its identity to other parties.
As depicted below, encrypted communication operates in two phases. In the first phase, the
handshake, the two parties exchange a series of specially constructed messages. If all goes well,
the initial handshake has two results: each party gets confirmation of the other’s identity (i.e.
that the other party is the real Alice or Bob, and not an impostor), and Alice and Bob agree on a
secret session key that is known only to the two of them. The details of how the initial handshake
procedure gets these results are complex but not directly relevant to the policy discussion.
Having completed the initial handshake, Alice and Bob can proceed to send messages to
Nuts and Bolts of Encryption: A Primer for Policymakers [Ed Felten/Princeton]
(via 4 Short Links)
Last night’s sold-out Walkaway tour event with Laurie Penny at Waterstones Tottenham Court Road was spectacular (and not just because they had some really good whisky behind the bar), and the action continues today with a conversation with Olivia Sudjic tonight at Pages of Hackney, where we’ll be discussing her novel Sympathy as well as […]
The following is an excerpt from my new book, The PrEP Diaries: A Safe(r) Sex Memoir, now available from Lethe Press. The book chronicles the before-and-after of using Truvada PrEP, a recent breakthrough in HIV prevention that has prompted a new sexual revolution–except that most individuals have no idea it exists. Through sex positivity, explicit openness, and fun, I hope to make many more people aware that PrEP is an option for them in not just preventing HIV but having a better, braver sex life.
For years, Anita Sarkeesian and her crew at Feminist Frequency (previously) have been striking terror into the hearts of reactionary assholes by saying calm, smart, funny, sensible and insightful things about how video games reveal our social attitudes.
Loot Crate is a subscription service that delivers a box of curated pop culture goods to your doorstep. To sample their geeky wares, you can order a single mystery box exclusively from the Boing Boing Store.Each month Loot Crate sends you 6-7 unique items and apparel, including collectibles, books, and t-shirts. Pulling inspiration from all […]
Yes, yes there is. The ultraportable Twisty Glass Mini boasts all of the simplicity of its forebear, while fitting just a little bit better in your pocket.The Mini is perfect for casual smokers, and anyone who doesn’t have the patience or fine motor skill for rolling papers. This piece keeps the convenient design of its older […]
Learning to code is a perfect way to grow your technical sophistication, and open up a host of new career options. But since most “learn to code” initiatives focus heavily on web development, it can be tough to find good resources for general-purpose computer science outside of a 4-year degree program. To get a broad […]