Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tearing Down China's Great Firewall

Posted by ryuzaki0 on from the best-work-done-in-basements dept.

quadsoft writes to tell us The Toronto Star has a look at three University Toronto computer geeks who are working hard to circumvent the internet censorship problems like those found in China. From the article: "But the computer smarts of Ron Deibert, Nart Villeneuve, and Michael Hull, combined with their passion for politics and free expression, have led them to develop a highly anticipated software program that allows Internet users inside China and other countries, such as Iran, Saudi Arabia and Burma, to get around repressive censorship and not get caught."

1 of 410 comments (clear)

  1. Re:Sure, because it's different things by The+MAZZTer · · Score: 5, Informative

    That's not how public/private key cryptography works. If it did, any script kiddie could grab the private key in transmission.

    The reason the private key is called so is becasuse it is never transmitted. It stays on the machine that came up with it.

    Here's how it works, and we can assume both machines do the same thing for each other. One comp comes up with a private key and public key pair, where things encrypted with the public key can only be decrypted with the private key (and not with the public). Then, the machine can send the public key plaintext (or with some other form of encryption, which we can assume can be cracked much easier than the key pair cryptosystem we're using for the bulk of the data). The receiving machine uses the public key to encrypt it's data and sends the encrypted data.

    Now if we assume any transmitted data can be evesdropped upon, the hacker has our public encryption key and the encrypted data... but he doesn't have the private encryption key! The data is useless to him! (Unless the key pair is weak, the data is weak, or the hacker has the hardware to brute force keys, but we'll assume the users are smart enough to avoid the first two and the cryptosystem uses a long enough key to make the last one futile.) The first computer gets the encrypted data and decrypts it with the private key.

    A similar process, reversed, is used in certificates. They are encrypted with a private key, and the public key is made available. Assuming sufficient mechanisms are in place to assure that the public key does in fact belong to the original computer, any message decryptable with the public key shows that the message must have originated from the only legitimate computer with the private key.