Sunday, May 4, 2008

I Feel Afraid

When you are using Internet to send information, do you think that your information can be viewed on the Internet? Well, it is technically feasible. For example, if you want to send a mail, after you press "send" button, the mail will be sent to an SMTP server, then it will be transferred among several servers. Don't forget that your mail is usually plain text. Everyone can understand your mail if he can access to the mail server where your mail is located.

I feel afraid...

Maybe the best way is that everyone has a pair of RSA password keys. One for yourself (private key) and the other for public (public key). The passwords is two very large number. For example, if you have two numbers m and n, where m is your private key and n is your public key. Before you send a mail, you can use m to encrypt your message. When the recipient received the mail, he can use n to decrypt the message. Remember, n is your public key so your friend can get it, but you must protect your private key. If your friend wants to send mail to you, he need to use your public key, n, to encrypt the message. Then after you recieved the cryptographic message, you need to use your private key, m, to decrypt the message.

Wrote lots of things regarding RSA encryption algorithm. I think it's safety enough for business. But what if your friends who know your public key betray you, e.g. tell your public key to other suspicious people, then he can decrypt your message? I don't know how to avoid it.

There are some tools which support RSA, such as GnuPG (opensource software), PGP Desktop (commercial software).

No comments: