Encryption

http is stateless
every request is dealt with freshly
if we need to relate a request to prev requests (the only way to do that is if that info comes with the request)
last time we talked about URL encoding & cookies

http doesn't tell you what to do with cookies but it does support it (the client will send along the cookies that it supposed to. the cookies are set by the domain, matching the match prefix.)

the server must look for a cookie when a request comes in and deal with them.

CLIENTS NEED TO MAKE SURE THAT COOKIES DON'T BECOME A SECURITY HAZARD. (cookies can only be overwritten by the source & path prefix. if site A has a cookie, site B can't see it or overwrite it. + tight limits on cookies).

if you have a ton of info in your cookie, browser just won't store it (browser has a storage limit)

usually, if you type in a URL, your browser is going to make several HTTP requests on your behalf (to fetch embedded URLs also). so... your browser is making a lot more requests than you know about.

if you have URL A with embedded link (likely an ad) B, B will have info about user on A (B puts this info into its cookie).
SO if ad B notices you on site A & C, it knows that you've been to those sites because it stores this data in its cookie.
technically - URLs can store like 900 bytes of encoded data. legally - URLs shouldn't store any info that the user didn't allow.
some browsers allow you to turn off automatically generated content in cookies

ENCRYPTION

applying a reversible function to a key.
caesar cipher (rotates alphabet by 3 positions)
frequency analysis allows you to guess common words like (hail hitler in the immitation game)
substitution ciphers - you could just have a 1:1 table mapping chars to other chars. if you treat blanks as chars, then you have a long character string and it's harder to break, but still vulnerable to frequency analysis.
polygram cipher - make the substitution table larger. A^n entries (so if you have 26 characters and want to make a trigram cipher of chunks of 3 chars grouped together, you can make a substitution table that is 26^3 big.

today we use: substitution rules.

don't store any tables
derive table rows using substitution rule
XOR (flips a bit) k where k is key
key of len b is 2^b possible keys

TRIPLE DATA ENCRYPTION STANDARD (DES) IS USED TODAY.

DES is a block cipher with a 56 bit key
today, we apply DES to something 3 times in sequence with 3 different keys.
because secret keys need to be passed on the web, we need PUBLIC-KEY CRYPTOGRAPHY.

PUBLIC-KEY CRYPTOGRAPHY

secure comm without key exchange
there's a pair of keys: a public key & a private key. a message that is encrypted with one key can be decrypted with the other. BUT you can't derive one from the other.
I am sending a message to you. You have a public & a private key. I know your public key, so I can encrypt my message with it. No one can decrypt it after, because only you can do that with your private key.
if I encrypt my message with my private key, you can decrypt it using my public key (that's my signature).
These key pairs are easy to compute one way and hard to compute in reverse: TRAPDOOR FUNCTIONS

Fermat's Little Theorem: where p is prime: a^p = a(%p) a^(p-1) = 1(%p)

Chinese Remainder Theorem (re-read)

OK, back to crypto.

choose 2 large primes, p, q
n = pq
lambda = (p-1)(q-1)
choose e randomly (e < lambda)
choose d (std. de = 1(mod lambda))
n & e serve as a public key
n is product of primes p, q
n & d is the private key
choosing d requires e & lambda

ENCRYPT (m) = m^e(mod n) = c DECRYPT (c) = c^d (mod n) = m

err ma gerd look back at lecture notes for all the equations that deal with creating public and private keys used to encrypt/decrypt.

what if you don't get the right public key??

certificate authorities verify public keys for entities that have published them.

REVIEW

encrypting & decrypting requires exponentiation:
encrypt(n,e) (m) = m^e (mod n) = c
decrypt(n,d) (c) = c^d(mod n) = m
keys need prime #s
the product of primes is never exposed
extremely challenging to recover original primes