Symmetric Key, asymmetric key, https

The most strange Technology of HTTPS is the Secure Password transfer mechanism.

A and B want to conduct private communication, so that even if all emails are intercepted, NO content will be leaked. This is not easy at first glance, because A and B have at least one letter containing a password. Once the third party knows the password, the encryption will become invalid.

In fact, if the encryption and decryption are the same password K (this is called a symmetric key), it is certainly impossible to pass the password securely. If you use K to encrypt K itself, the other party cannot solve the problem. As if you put the WinRAR installation package in a RAR compressed package, the result is depressing.

What's amazing is that there is actually a key called an asymmetric key, which contains a pair of keys-Public Key X and private key y. The public key X can only be used for encryption, and the Private Key y can only be used for decryption. That is to say, if you only know the public key X, you can only let people with the private key y undo it after you encrypt your diary with X.

With X and Y, we can safely transmit K to each other!

The principle is very simple. You can either speak or write a letter:

A: B. I want to communicate with you.

B: Okay. The public key is X.

A: At this moment, a generates a symmetric key K, and then encrypts K into X (k )). The password is X (k ).

B: Unlock X (k) with Y to obtain K. The password has been received. In the future, we can use the password to communicate.

Then a and B use K for encrypted communication, but in the previous conversation records, the K password is not found, and the eavesdroppers are completely connected to the cloud. In addition, the key private key y is only known to B.

In https, B is the server, and a is the client. To verify the identity, a and B generally perform two-way certificate authentication to ensure the authenticity of the identity.

----------------------------------------------

Any magical technology must have a simple mathematical principle. Just like Google's search engine and translation are based on the basic theorem of information theory, which involves Bayesian formulas, Markov chains, etc.AlgorithmFrom the first day to today, the basic algorithms have not changed, but are used better with the development of software and hardware.

From another perspective, technologies with potential for development must be backed up by simple mathematical principles. Today, artificial intelligence is still cool, and even known as the bubble technology, because its basic algorithms have not made any breakthroughs for a long time.