kleines wohnzimmer worms
>> david malan: all right. welcome. hello, everyone. my name is david malan. i'm on the computer sciencefaculty here at harvard, and teach a few courses--most of them related to introductory computerscience and higher level concepts that derive from that. the next couple of days are not so muchthough about building from the ground
up, as we might in a typicalundergraduate course, but looking at computer science as itrelates to business and to decision making-- really fromthe top down so that we can accommodate a range ofbackgrounds, as you'll soon see, both less technical and moretechnical, and also a number of goals that folks have. in fact, we thought we'd startoff by taking a look at some of the demographics we have here. but first, let's take alook at where we're headed.
>> so today, we have fourblocks focused for the day. first up, we will focus onprivacy, security, and society. and we'll do this by way of acouple of case studies of sorts. very much in the news of latehas been a certain company called apple and a certain agency knownas the fbi, as you might have read. and we'll use this as anopportunity to discuss exactly what some ofthe underlying issues there are, why it's interesting,what it means technologically, and use that totransition more generally
to a discussion about securityand making decisions there on. >> two, looking at encryption specifically. so we'll look a little more technicallyat what it means to actually scramble or encrypt information. and then we'll take alook at dropbox, which is one of these very popularfile sharing tools these days. you might use it, or box, or skydrive,or the more recent incarnation thereof and so forth. and we'll take a look at some ofthe underlying security and privacy
implications there. we'll have a break, and then we'lllook at internet technologies in the latter half ofthis morning-- trying to give you a better sense of howthat thing works that many of you are connected to at the moment--certainly use most every day-- and what the implications are therefor performance, for hardware, for software, and any number ofother attributes, specifically trying to tease apart a whole bunchof acronyms that you might have seen or might even use, butdon't necessarily know
what's going on underneath the hood. and we'll take a look to at theprocess of actually getting a company or getting a entity online on theweb, and what that actually means. then we'll have a break for lunch. we'll come back and take a look at cloudcomputing, and also designing server architectures moregenerally so that you'll walk out with a better understanding,hopefully, of this buzzword "cloud computing," but what it actually means. and if you're trying tobuild a business or you're
trying to expand a business,exactly what you need to know and what you need to do in order tohandle increasing numbers of users online, and what kind of decisionsyou have to make around that. >> and then in the last part of today,we'll take a look at web development specifically. we won't get our handstoo dirty, but i thought it might be enlightening if we actuallydo get our hands a little dirty, and take a look at something calledhtml, css, and an actual server set up so that you'll create a littleweb page for yourself, even if you've
done this before. but we'll talk about what theinteresting ideas are underlying that and what actually ishappening every time you go to google apps, or facebook, orany number of other web-based tools. >> tomorrow, meanwhile,we'll transition to a look in the morning atcomputational thinking-- a fancy way of describinghow a computer might think or a human versed incomputing might think-- a little more methodical, a littlemore algorithmic, as we might say.
and we won't go too deeplyinto programming per se, but we'll focus on someof the tenets that you see in programming and computerscience-- abstraction, algorithms, and how you represent data, andwhy that's actually interesting. we will take somewhat ofa look at reprogramming in the latter half of tomorrow morning. we'll get your hands alittle dirty with that, but only so that we have somecontext for talking about some of the terms of art that an engineer ora programmer might actually use, things
you might hear or see on a whiteboardwhen engineers are designing something. in the latter half oftomorrow, we'll take a look at what might be calledtechnology stacks. in other words, mostpeople today don't really sit down with an emptyscreen in front of them and start building some applicationor building some website. you stand on theshoulders of others using things called frameworks and libraries,many of them open source these days. so we'll give you a senseof what all that's about
and how you go about designing softwareand choosing those ingredients. >> and then we'll conclude with a lookat web programming specifically and some of thetechnologies related there, too-- things like databases,open source, or commercial apis, or application programminginterfaces, and then one such language that you might use with that. so it'll be a mix of conceptualintroductions, a mix of hands on, and a mix for discussion throughout. >> but before we do that, let me give youan answer to a couple of the questions
that everyone here was asked. how would you describe yourcomfort with technology? we have a bit of a range here. so six people said somewhat comfortable,five said very, and two said not very. so that should lend itself tosome interesting discussions. >> and please, at any point, whether youare in the not very or very categories, do push back if eitheri'm assuming too much or speaking at too high of a level. do bring me back down.
and conversely, if you'dlike to get a little more into the weeds with some topictechnically, by all means push on that. i'm to happy to answer downto 0s and 1s if need be. >> do you have any programmingexperience in any language? just to calibrate, almost everyonehas no prior programming experience, which is great. and even for those that do, we won'tspend too much time actually teaching how to program, but ratherjust giving you a taste so that we can then move from thereand talk at a higher level about why
some of those concepts are interesting. >> this and more will allbe available online. in fact, if there's one urlyou want to keep open in a tab throughout today and tomorrow, youmight want to go to this one here. and that's a copy of the slides. and any changes we make over thecourse of today or discussions that we annotate on the slides,they'll be there instantly if you just reload your browser. so i'll give you amoment to jot that down,
and you'll then be ableto see exactly what i see. >> but before we forge ahead, ithought it might be helpful, especially since we'rean intimate group, just to get to know each other alittle bit and perhaps say where you're from, or what you do, andwhat you're hoping to get out of today and tomorrow, ideally so thatyou might find one or more like minded spirits or folks totalk to during break or lunch. and i'll jump us aroundsomewhat randomly. arwa, you'd like to say hello, first?
>> audience: hello. good morning, everyone. my name is arwa. [inaudible]. i work at at my sector likebanking, business [inaudible]. david malan: ok. wonderful. andrew. audience: yeah. hi, everyone.
i'm andrew [inaudible]. so i work for a technologycompany, red hat, which is a big open source company. i have a businessbackground so [inaudible] get more versed into makingsolution oriented investments, i just need to know whatpeople are talking about. so i lead our global partner operations. i've been doing thatfor about five years. your overview is fantastic.
i'm really looking to pickup all those [inaudible]. david malan: wonderful. glad to have you. chris. >> audience: good morning. my name is chris pratt. i work for a company called [inaudible]. it's a family business, so ido a lot of different projects. and right now, i'm focused on technologyinitiatives and managing our it staff.
so i'm here to get a more highlevel and broad understanding of the types of thingsthat [inaudible] is doing and familiar with so i can helpthem make the decisions [inaudible]. welcome aboard. olivier, is it? >> audience: yes. so i'm french living in switzerlandworking for [inaudible]. it's a [inaudible] corporations. so we're collecting money whenthere's a disaster and everything.
and i'm teaching some strategies there. >> so i have to work on [inaudible]digital projects, but also quite technological projects. so the idea for me is really tobe able to make better decisions and being better informed ofwhat i'm really [inaudible]. and roman or roman, is it? audience: i'm from [inaudible]. and i'm responsible for the [inaudible]. and in the team we-- we'rea cross functional team
so we work with engineers. and what i'm looking forward to isbeing able to communicate better with engineers. [inaudible] >> david malan: wonderful. and karina. >> audience: i'm karina from montreal. i'm on [inaudible] ofprovince of quebec. sorry, for my english.
and i'm here to better understand whatmy programmer or supplier explained to me. david malan: oh. well, if i ever speak tooquickly, do slow me down. and i'm happy to repeat. >> audience: [inaudible] david malan: sure. no worries. and nikisa, is it?
audience: yes. thank you. my name is nikisa, and i'm [inaudible]. i am myself [inaudible]. so i'm always confused with [inaudible]whatever you are really [inaudible]. >> david malan: ok. victoria. >> audience: i'm victoria. i live in czech republic.
i work for [inaudible] enterprise. and even though it isan it company, it's possible that in an itcompany [inaudible]. so i'm focused on businessdevelopment, and whenever i go to a customer meeting, ihave to take a technical person with me because mycustomer asks questions about technical side ofthe story. [inaudible]. they talk to each other, butthen i have no understanding of what they're discussing.
so i'd like to get abetter understanding because i think it wouldhelp myself [inaudible] with my relationship withthe customers as well. >> david malan: and it's a goodpoint for me to chime in. there's only so much we'll beable to do in just two days. but among the goals,i would hope, is that, after the next couple ofdays, at least more words will look familiar asyou're poking around online. and you'll have a bettersense of what to google,
or what words actuallymean something and what might be fluffy marketingspeak so that, over time, you can build up that comfort andhopefully displace the person that has to tag along each time. ben. audience: my name's ben [inaudible]. i'm a technology transactionattorney. [inaudible]. and i'm really here to just geta better understanding of what ctos and engineers at [inaudible] legalside of structuring things [inaudible].
audience: and dan. hi, everybody. my name's dan. i live local here. i'm from andover. i work locally at a softwarecompany, kronos incorporated. been in software over20 years and [inaudible] marketing and development type jobs. for the last five years, i've manageda team of technical cloud consultants
in presales fashion. >> so i picked up a lotof concepts on the way. and so i do a lot oftechnical discussions. but i can only take it so far. similar to victoria,lots of times i get lost and need to call in a technical person. so i'm just looking to stringa lot of technology jargon together so i get abetter understanding so i can have more informed conversations.
david malan: excellent. well, ultimately, we cansteer the next couple of days in any direction folks would like. we have a straw man forboth today and tomorrow. but by all means, feel free tosteer us either during the session or during breaks or lunchif there's something you'd like to get off your chest. and let me emphasize, therereally is no dumb question. and if you feel likeyour question is dumb,
by all means just ask me more quietlyduring breaks, or lunch, or the like. but rest assured, we seem to be invery good company-- very mixed company here, both internationallyand technically. so feel free to share ascomfortably as you'd like. >> so why don't we take alook, again, in this context of privacy, security, and societyat this particular case involving apple and the fbi. and you might be generallyfamiliar with this case. it's hard to escapemention of it these days.
>> out of curiosity, howmany of you have iphones? almost everyone. and you have an android phone? so fortunately, even thoughthis is a little biased toward iphone specifically, thereality is the android operating system by google has so many of the similarfeatures to what apple is doing. >> they simply happen to bein the spotlight right now, and they've been particularlyon the cutting edge when it comes to actuallylocking down these devices
more and more witheach iteration of ios, the operating system thatactually runs on apple's devices. so why don't we take alook here just to set the stage at what the actual issue is. so what's going on with appleand the fbi to the extent that you're familiar with the issue? >> audience: the fbi wants to get access tothe data, which is encrypted by apple. >> david malan: exactly, so the fbi wantsto get access to data that's encrypted. so first, step back.
what does it mean for data to beencrypted, just as a quick definition? >> audience: somehow secure thatpeople won't have such easy access to it [inaudible]. david malan: yeah. exactly so it's some way of obscuringinformation so that no one else can, in theory, access that information. and so you can just casuallythink of it as scrambling. so if it's an english wordor an english paragraph, you might just jumble the words upso that someone might look at it
and it sees nonsense. but hopefully, there's a wayto rearrange those letters. >> now, in reality, it'smuch more secure than that because someone who'ssimply diligent could unscramble the wordswith high probability and figure out what a sentence says. and in reality, at the endof the day, all of this is happening at a verylow level-- 0s and 1s. and tomorrow morning, we'll talkabout computational thinking
and what it means for data tobe implemented or represented with just 0s and 1s. but for today's purposes,let's just assume that you have things likeemails, and photos, and videos, and all of that on a iphoneor an android device. and somehow, that datais ideally scrambled. and so there's a suspect in thisparticular case, san bernardino, where they have the suspect's phone,and they want to get data off of it. but in this case, apple has essentiallysaid no to some things and yes
to other things. so they've said yes to a few thingsin a manner consistent with what a lot of us companies would dowhen subpoenaed or the like. they've provided, for instance, theauthorities with the icloud backup. so if i'm familiar, icloudis this cloud base-- and we'll come back to cloud computing--this nebulously defined cloud based service where itjust backs up your data. and it turns out that you canaccess data there unencrypted. so it's unscrambled when it'sactually being backed up there.
and so apple's turned that over. but unfortunately, thesuspect in question seems to have disabled automaticicloud backup some weeks prior to the fbi obtainingthis particular iphone. so there's a few weeks of potentialdata that lives on the phone, but not in icloud. and so the fbi wants to actually lookat what's on that particular phone. unfortunately, the phone,like many of ours here, is protected with the passcode.
and how long are these passcodestypically-- whether on your phone or in general? >> audience: four. >> david malan: yeah. so often four digits. they've started withnewer versions of ios to make these passcodes a little longer. and let's just putthat into perspective. so if it's a four digitpasscode, that's pretty good.
that's comparable towhat many people have on their atms or their debit cards. what's the implication for security? >> well, let's take a step back. if you have a fourdigit code-- and let's let's start to ourselveseven before tomorrow morning. think computationally. it's a four digit code. how would you, as a human off thestreet, not necessarily a technophile,
characterize just how secure aniphone is if it's using a four digit passcode-- 0s through 9s. how do you begin to quantifythe security of an iphone then? audience: five? david malan: five? and what you mean by five? >> audience: [inaudible] this technology--it's easy to access trying from 1001 [inaudible]. >> audience: try 111, 000, [inaudible].
and if i [inaudible] my computerso many times [inaudible]. david malan: ah, good. so already, if we've defined the problemscenario as this device is secure because it has a four digitpasscode, an attack on that phone would simply be to tryall possible numbers. you might just start 0 0 0 0. and frighteningly, that is thedefault passcode on a lot of devices these days. in fact, as an aside,if you have any device
that supports a wirelesstechnology called bluetooth, the default passcodevery often is 0 0 0 0. or maybe, if it's a more securedevice, 0 0 0 0 0-- one additional 0. so when in doubt, if you need toget into some device, start there. >> but of course, if the iphone shakes orwhatnot, and says, nope, that's not it, what number might you try after 0 0 0 0? 1 1 1 1. 2 2 2 2. 7 7 7 7-- that's yours?
ok. you might just brute force,as a computer scientist says-- try all possible values. >> so let's steer back tothe original question. how secure is an iphone? someone off the street might say verysecure, or not very secure, or medium secure, but that's kind of meaningless. it would be nice if we couldascribe something more quantitative, even if its numbers.
we don't need fancy math, but just somenumerical estimate or qualification of the security. >> so if you've got a fourdigit passcode, can we begin to ascribe some kindof numeric rating to it? how secure is it? >> audience: 1 out of 10,000. so 1 out of 10,000. where do you get the 10,000 from? >> audience: all possibilities [inaudible].
david malan: yeah, exactly. if you've got a 4 digit code, you canhave 0 0 0 0, or you can have 9 9 9 9, maximally. and so that's 10,000 possibilities. so that seems pretty big. and it would certainly takea human quite some time to try all of those codes. >> and so suppose, i, during lunchswiped one of your iphones and you have a four digit code.
if i had enough time, maybei could type in 0 0 0 0. and then it shakes and says, no. 0 0 0 1, 0 0 0 2, 0 0 3, andmaybe i can do 1 per second. so that's 10,000 seconds. so how long would it take mein the end to actually get to decrypting or hacking intosomeone's iphone, given these numbers? and we'll play with a few perhaps here. >> let me go ahead and pull upoverkill of a calculator. so if it's 10,000 seconds, thereare 60 seconds in a minute,
and there are 60 minutes in an hour. so it's like 2.7 hours. so i have to miss the afternoonsessions, if i started during lunch. but it would only take me 2.7 hoursto try getting into your iphone. >> now, you might befamiliar with mechanisms that apple and soon probably othercompanies use to defend against this. this does not seem orfeel very secure anymore. and we'll come back in just abit to do one more introduction, unless we feel omitted.
what can we do to make this more secure? 10,000 feels like a lot. but 2.7 hours does notreally feel like that long. audience: doesn't it get locked afterthree attempts or something like that? david malan: ah, maybe it does. in fact, hopefully notthree, because even i goof on my passcodethree or more times. so there is typically some threshold. and i believe in ios's case,the default is actually 10.
but similarly-- david malan: --similarly reasonable. so what does that mean-- sowhat happens after 10 tries or whatever number of tries? >> audience: it gets locked. so the phone maybe locks itself down. >> audience: time delay. >> david malan: time delay. would do you mean by time delay?
>> audience: it'll lock the phone forfive minutes, and after five minutes, you can try again. but that doesn't feel like it'ssolving the problem, right? can't i just come back 5 minuteslater and continue hacking on it? >> audience: but after you tryagain, it goes to 10 minutes. david malan: ah. audience: --keeps expanding. audience: so the thing increases but-- so let's suppose it'snot one per second,
but it takes me for 10,000 codes,instead of times 1 second for each, it's actually not even 60 seconds. it's five minutes. so now, this is the total number--this is the total amount of time i need in order to hack into a phone. and again, there's 60 seconds in aminute, and 60 minutes in an hour. >> so now, we're up to 833 hours. and if we want to see this precisely,now we're talking about 34 days. so it's going to take anadversary, without sleep,
34 days now to hack into your iphone,if there is this five minute delay. but it's not even just five minutes. as kareem said, whathappens after the next-- >> audience: after you've tried-- >> david malan: --misattempt? >> audience: --five more times, thenit gives you a 10-minute delay. david malan: a 10 minute delay. and i'm not sure what it is afterthat, but maybe it's 20 minutes. maybe it's 40 minutes.
and if it is, that's actually anexample of a fairly common technique in computing known asexponential backoff, where this exponentiation usually meansyou double something again and again. >> so that starts out beingnot so significant. but once you start doubling from2 to 4 to 8 to 16 to 32 to 64, the gaps really start to widen. and so it might take a month,or a year, or a lifetime to actually get into that device. now, there's other mechanisms still.
time is a good thingbecause, in general, this is a common security technique. you can't necessarily stop the badguys, but you can slow them down. and because there are finiteresources in life, like living, you can eventually pushout the threat so far that even though, sure, the adversarymight get really lucky and try 7 7 7 7 on your phone and get the answerright, the probability of that is incredibly low. and so, generally security is afunction, not of absolute protection,
but of probabilistic protection. you're just pretty sure that you'resafe from some kind of attack. >> but that might not bereally good enough. so what more could you do? and what more does apple do,if people have enabled this, if an adversary or bad guy triesto get in more than 10 times, besides inserting a delay. what would be a strongermeasure of defense that might make you sleep better at night?
>> audience: erasing the data. >> david malan: erase the data. yeah. so in fact, that's avery common technique where, much like theold movies, this message will self-destruct in 10 seconds. very commonly, willdevices, iphones among them, just wipe themselves, deletethemselves after 10 incorrect attempts. so is this a good thing or a bad thing?
now, let's put on more ofthe product manager's hat. what's good about this? why is this a positive feature? >> [interposing voices] >> no access to your information. so now, not only have youslowed the adversary down, if you do have thoseartificial time delays, but you've also ensured that ifhe or she screws up 10 times, now the window ofopportunity is just gone.
they've only had 10 attempts. and the probability of getting theanswer correct out of 10 attempts when there's 10,000possibilities is 1 out of 1,000. so 10 divided by 10,000-- 1 over 1,000. but even that's not all that good. so we'll come back to making mefeel better about that probability because it actually feels somewhat high. it's 1/10 of a percent. what's bad about this feature though?
>> audience: it's bad because-- what do you mean in my hands? >> audience: if you didn'tlose it, and you're just trying to get into your phone. so what if there has been no compromise,your just kind of distracted, you're an idiot, youforget your password. and so it's not thatunreasonable, especially if you don't log in toyour phone that often or you're distracted whiledoing it, maybe you yourself
mistype your code 11 times. and now, dammit, you'vejust wiped your own device. so this too is kind of a themein computing and computer science of trade-offs. there really is rarely a right answer. there's simply a more preferableor a less costly answer. and in this case, there's a trade-off. one, our data is alittle more secure, if it gets into the hands of some adversary.
but i can shoot myself in thefoot by wiping, accidentally, my own data if i don't actually getthat passcode right within the first 10 times. so what's the push? how do we fix that? do we throw the feature outaltogether, if we're apple, and say, this feels bad because we're going tohave-- if we have one irate customer, this is not a situationwe want to invite. audience: we encrypted and thenwe recovered the code somehow
by apple or whatever [inaudible]. david malan: can you elaborate? audience: [inaudible] so maybe we don't do this wiping thing,which feels a little overly dramatic. why don't we just keepthe data encrypted? well, so in this case, apple alreadydoes keep the data encrypted. and what's keeping the adversaryfrom seeing your encrypted data is unfortunately that passcode. >> so the passcode effectively unlocksthe data so that while it's scrambled,
if you're just holding the phone, assoon as you log in with that passcode, it's unscrambled andthe user can see it. so it is already encrypted. but if we want to avoid wipingthe data, but we somehow want to have a good answeron the customer support line if the absent minded orforgetful user has accidentally wiped his or her phone because theymistyped the password 11 times, what solution could we offer? how else could wesolve that problem now?
>> audience: customer service [inaudible]. so that's good. so maybe without usingresorting to wiping, we could have some out-of-bandmechanism for solving this problem. and by out-of-band, i mean youdon't interact just with the phone, maybe you grab someone else's phone oremail and you talk to customer service. and maybe they ask you theusual questions of, well, what's your name, what'syour birthdate, what are the last four digits of yoursocial security number or country id.
>> and what's good about that? well, of course, withhigh probability, it lets you and only you intoyour phone because maybe they send a temporary passcode. and this does not exist inapple's case, but maybe they do send you a temporary passcode. you get in, and you're back on your way. but what's the downsideof this solution? >> audience: if someonesteals your identity,
they might have accessto all this information. if someone steals youridentity-- and frankly, it's not all that hard,especially when so many companies ask the same questions. what's your name, what'syour address, what are the last four digits of yoursocial security number, what was your favorite pet, whatwas your favorite parent or whatever the questions might be. and in fact, as an aside, i've noticed,having just the other day filled
out questions like these, thequestions in a reasonable effort to become a little less well-knownare getting increasingly personal. and as soon as you start giving thistidbit of information that might indeed be a secret to this company, and tothis company, and to this company, and to this company, it's not going tobe long before some company aggregates this kind of information. and so you've toldlittle simple secrets, like your best friend growing up, toall of these individual companies. and soon enough, you have an attackknown as social engineering, whereby
someone just masquerades as you onthe phone or spoofs your email address and somehow gets into the phone. >> so i'm not liking that. it's a possible solution, butlet's suppose i'm not liking that. let's go back to the issue athand where phone is encrypted and we've not enabled some kindof self-destruct mechanism. but i do-- rather, i have enabledsome self-destruct mechanism, but i nonetheless wantto appease a customer who accidentally wipes his or her phone.
how else could we solve that problem? >> audience: make a backup. >> david malan: make a backup. and indeed, this is howapple happens to do this. one of the motivations of icloud isexactly this-- not only convenience and resting assured that allof your photos and everything are backed up, but in this case--because if your individual device, whether it's an ipod, or iphone, oripad is lost, or stolen, or accidentally or deliberately wiped, at leastall of your data is somewhere else.
and you can just go buyor borrow another iphone. you can restore from backup,so to speak, from icloud, and you're back up and running. >> now, there's a trade-off there. potentially, apple now hasaccess to all of that same data. and we can come back to that some time. but at least now, we've solvedthe problem in a different way. >> and if you visualize thisstory line in your mind's eye, you can perhaps see that everytime we solve a problem--
kind of covering up a leak in hose,some other problem springs up elsewhere. we're really just pushingthe problem somewhere else. and in the case of theadversary with the time delays, really what we're doing iswe're not keeping adversary out, we're just raising the bar overwhich he or she has to jump in order to actually get access to our data. >> so any time, henceforth, you go to awebsite, or you read some white paper, or some cto or cso tells you, oh, oursystems are secure-- it's baloney. there's nothing to be meantby "our systems are secure"
other than we take industrystandard probabilistic measures to keep people away from yourservers or away from your data. >> now, the apple situation hasgotten kind of interesting because they've beenasked to do something that's not quite as simple asturn over the adversary's data. they've already done that from icloud. but now, the fbi wantsto get into this phone. and the belief that it does in facthave this self-destruct mechanism built in after 10 attempts-- and ibelieve that's because they
looked at the backups and realizedthis feature seems to be enabled, and i assume they don'twant to necessarily try and waste one outof their 10 attempts to confirm or deny this feature. >> and they also, unfortunately-- andthis is sort of the irony of it all, the county where thisfellow worked actually owned and was paying for specialsoftware-- device management software-- that had it been installedon their employees' phones-- so the phone in question is actuallystate property or county property that
was being used by an employee. had they installed in advancethis device management software, they could have with asimple click on a pc or mac unlocked this phone trivially. but unfortunately, they didn't havethat software actually installed. >> so there are yet other waysto address this kind of issue. it doesn't have to be a blackbox in your employee's pocket. but they didn't. and so now we're stuckwith the situation
with an encrypted iphone that willliterally self-- will figuratively self-destruct after10 incorrect attempts. and the fbi wants to getdata off of that phone. >> so let's take a look at what timcook has announced to the world and taken this bold stand. if you've not read it, letme go ahead and do this. if you'd like either on yourcomputer to go to this you url here, or i can grab for you some paper copies. why don't we just taketwo minutes, if you would,
and read the actual letter that timcook wrote to apple's customers. and we'll see if we can't thentease apart what it actually means. and so i've circleda few things in this. but let's see if we can't distillwhat's actually being said here and where the realinteresting stuff is hidden. so i for instance, on the paragraphstarting-- under the san bernardino case, the paragraph starting"we have great respect for," tim cook's last sentenceis this. "they have asked us to build a backdoor to the iphone."
this is a commonly used phrase,"backdoor" to something. what does this actuallymean, as best you can tell, from what you've read here or elsewhere? audience: hack it. david malan: they want to be ableto hack it, and what does that mean? what is a backdoor? >> audience: an alternate entry point? so it's an alternate entry point. much like an actual housewhere you have a front door,
and sometimes a back door where you'resupposed to come in the front door and maybe not so much the backdoor, unless you belong there, the fbi is asking for afigurative back door-- another way of getting into the phone that isn'tsimply a human finger touching the code and getting in in the usual way. they want to somehow slurp the data off,maybe with a cable, maybe wirelessly, or they want to somehow be able toinput the code, perhaps, to the phone without just using a raw human finger. >> so they allude to, inthe next paragraph,
"the fbi wants us to make a newversion of the iphone operating system, circumventing severalimportant security features." so why is the fbi asking appleto make a new operating system? that seems to be kindof besides the point? no? why do you think theymight be saying that? how is the solution to the problem? david malan: exactly. the version of ios, the operating systemthat's running on the phone currently,
has all of the security measuresthat we were discussing earlier, for instance, the timedelay, potentially the self-destruct mechanism, allof which are particularly bad. and so the data is on thereencrypted, and as best we can tell, apple somehow stores data separate fromthe underlying operation of the phone-- the operating system. and so it would seem to bepossible to install a new operating system on the phone withouttouching the user's data. >> in fact, if any of you haveever updated mac os or windows,
it would be-- hopefully,it's supposed to go this way. hopefully, you've been able to updateyour operating system from an older version to a newer versionwithout starting over, without deleting all of your files. now, some of you have probablyhad the experience where that does not go according to plan. but in theory, this should bepossible-- update the operating system, but do not delete ortouch the actual data. >> so the fbi is proposing that applecreate an operating system that
doesn't have these kinds of defensemechanisms, installed onto the phone so that they can get access to the data. now, how is that possible? wouldn't the suspecthimself, who is now deceased, have to install thatsoftware for the fbi? what is the fbi counting on here? >> audience: push it down somehow? that was my question. how do you install it ifyou can't log in to it?
exactly. so you would seem to have achicken and the egg problem here, whereby, you would think,to update the software, you need to log into the phone. but to log into the phone, youneed to update the software so as to avoid these defense mechanisms. >> so lets just reason backwards. so not necessarily being the programmerat apple, what must be the case? if the fbi thinks it can do this,what must be the case logically?
what is the answer to that question? >> it must be possible todo, presumably, somehow. so how might you do it? all you are is a user with aniphone, maybe a mac or a pc, maybe a cable, maybea network connection. how might the fbi beassuming apple can do this? >> audience: maybe throughautomatic updates? so very much in vogue thesedays is automatic updates where an android phone,and iphone, windows phone,
whatnot will justautomatically download updates. so maybe apple could justupdate the operating system, as the fbi has requested, puta copy of the new operating system in the cloud ontheir servers, and just wait for the suspect's phone to connectautomatically, as it probably does nightly or everyfive minutes or something, to pull down the new operating system. >> now, let's pause for just a moment. you probably don't want to dothat for everyone in the world,
otherwise we have aneven bigger problem. well, maybe the fbi might like todo that to everyone in the world, but probably won't go over so well. so just thinking logicallyhere, is that possible? is that a deal breaker? can you roll out software tojust one user in that scenario? how, would you think? >> audience: you make it availableonly for that device's address. just for that device's address.
and maybe that addressesis some numeric address. maybe it's the device's phone number. maybe it's the device'sapple id, if you're familiar, like the email addressthat the human uses to log in to that-- for automaticupdates to the app store. so there's probably a way to do that. >> so you have the operating systemfor everyone in the world, except for this one person who hashis own version of the operating system getting pulled down.
now, maybe it's not on the network. maybe that's a littleeasier said than done. so what's another mechanism? well, it wasn't all that long ago thatmost of us here, android or iphone, were updating our phones via cable--some kind of usb cable connected to your mac or pc. and that might very well be possible. >> and in fact, this is arguably a securityflaw in the current version of ios, and iphones more generally,that that is in fact possible.
you can update the software on thephone without unlocking the phone, it would seem. now, why is that a security flaw? because they have opened themselvesto exactly this kind of request. >> so as an aside, the outcome that seemsinevitable from this whole process is there is no way that's going tobe possible with the next version, you would think, of ios. right? they could have deliberatelytied their hands-- apple-- so
that this isn't even possible. >> now, they've probably been assumingthat because only they own the source code to ios that thisisn't really a threat because no one's going to sit downand build a whole operating system and figure out how toinstall it on an iphone. but it's certainly possible now tojust require a passcode moving forward to install this operating system. >> so that's the gist ofwhat they're asking. and the bigger picture that we candefer to perhaps a lunchtime style
chat or dinner table stylechat-- the government suggests that this tool couldbe used only once on one phone. and that's where privacydefendants really bring some strength to bear thatjust seems very unreasonable. as soon as the software actually exists,surely additional legal requests will come in, surely there's a risk of somebad guy getting access to that kind of software, installing ithim or herself on phones, and so you're just opening, itwould seem , a can of worms. >> now, even obama recently,if you've read or listened
to one of his recentspeeches, commented, i think, that folks seemed to befetishizing their phones, so to speak, whereby we have accepted over 300 yearsthe fact that the police with a warrant hopefully can come intoyour home or can search through the contents ofyour drawers or whatnot, and yet, we seem to be puttinga phone on this pedestal whereby it should be immune to all prying eyes. but i would argue, frankly, from acomputer scientist's perspective, that is actually progress-- the fact thatwe now have the mathematical means
to actually keep data truly secure byway of this thing called encryption, and we'll come back toin just a little bit. >> so any questions aboutany of that just yet? well, let me show you justhow there is, in fact, one way to brute force your way into a phone. and in fact, this isnot out of the question. this is just a short youtube videoof essentially a little robot someone built that does this with a little pad. >> and i forget what it is.
this is using an android phone becausean android phone, in this case, is vulnerable to this attack. it will not timeout. it does not increase thedelay between attempts. and so you can just do this-- ithink for like three days, i think, was the caption in this video. after three days, thisfunny looking device will hack into an androidphone that has a four-- maybe it was a six digit passcode.
so beware something like this--you see this on the table near you. >> this though is one mechanism. so what is apple actually asking for? this article's a little longer. and it's the only other articlewe'll read today on paper or online. but let me invite you to takeprobably four or so minutes to take a look at the following. this is a longer url here. but if you have theslides open in a tab,
you can probably just copy and pastethis from the slides themselves. and i have a printout here, if youwould prefer actually looking on paper. >> this is a more technical articlethat'll offer us an opportunity to actually tease apartmore technical jargon, and see what the authors actually mean. so if you need to keep finishing up--but let me toss the question out there, based on what you've read, are thereany buzzwords, sentences, claims, that we should firsttranslate or distill that would make everythingmore straightforward?
anything at all? so if i started to pop quiz uson what certain sentences mean, we should be ok? oh, there we go. audience: [inaudible]building some code into ram. david malan: oh, ram. ram-- let me define it first andwe'll come back to that point. david malan: whatthey're asking for there. so as a definition, ramis random access memory.
this is the type of memorythat all of our computers have. it is distinct from a harddisk or a solid state disk. and a solid state disk or hard disk iswhere your data is stored long term. so when you unplug the cord,even when your battery dies, any data or programs that you have onyour hard drive or solid state drive remain there. >> ram, meanwhile is the type of memorythat, when you double click an icon, or open some file, orrun some program, it's copied from the hard drive orthe solid state drive into ram.
ram tends to be faster,albeit more expensive. and that's where files and programslive while they're being used. >> so we'll come back to theimplications of that in just a moment. but for those unfamiliar,that's what that's all about. and phones have it as well. any other definitions orclarifications we can make? all right. so the pop quiz is whatare the three, at least, things that the fbi is specificallyasking apple for technically?
one of them does indeed relate to ram. so that's the spoiler there. and we'll come back to what that means. but what does the government want? yeah, chris, you wantto give us one other? >> audience: i think the ability toelectronically brute force a password, david malan: yeah, electronicallybrute force the passwords. again, brute force-- quick recap,what does brute forcing mean? >> audience: try thenumber of combinations.
david malan: again. just try it again, and again,and again, via brute force, not via intellect, not via cleverness. just try every darn possibility. so the government wants a wayto avoid brute force-- they want a way to be able tobrute force it electronically, and electronically as opposed to what? >> audience: manually. >> david malan: manually.
so as opposed to an fbi agentphysically typing things in, and as opposed to silly lookingdevices like the one we just saw, automatically punching them, theypresumably want to do this wirelessly. and in fact, if you read thegovernment's request-- the court document-- via bluetooth,wi-fi, whatever is possible-- or maybevia lightning cable that plugs into thephone itself that would be connected via usb to somehacking device that they have. >> so they want the ability to bruteforce the phone electronically
so that they can just do it fasterthan a human or a robot could do it. they want somehow ram--let me read that sentence. "it wants apple to design thiscrippled software, the new operating system, to be loaded into memory,aka ram, instead of on disk so that the data on the phoneremains forensically sound and won't be altered." >> so it's not clear to us, the readers,exactly where the data is stored and where the operatingsystem is stored. but presumably, as amatter of principle in law,
the government doesn'twant to risk mutating any of the bits-- any of the 0sand 1s, or the data on the drive-- by putting a new operatingsystem onto the hard disk itself, lest that open them upto a claim that wait a minute that file wasn't previouslythere when the suspect owned the phone. >> rather they want to put theoperating system in ram, random access memory, which is thisfaster speed place that is distinct, physically, from the actual hard disk. of course, the operating system doesn'ttypically go there in its entirety,
so that's a non-trivial request. so we've got this ram request,we've got this brute force request, and one other at least. what else is the government asking for? ben? audience: remove the timing delay. remove that timingdelay, which in this case is how many seconds, ormilliseconds, or-- 80 milliseconds? which sounds pretty fast.
i mean most humans can only noticedelays of 100 200 milliseconds before something actually feels slow. but 80 milliseconds isroughly 100 milliseconds. and 1,000 milliseconds is a second. so that's like-- you can do 10attempts per second, give or take. >> so that feels pretty fast,but not nearly fast enough if you've got a six digit code. and in fact, the articlemakes mention of that too. so if you've got a four digitcode, as we discussed before,
you might have one, two, three, four. >> and each of these numbers canbe the number 0 through 9. so that's 10 possibilities times 10possibilities times 10 possibilities times 10. and this is where wegot that 10,000 from. if you have a 6 digitcode, you of course just add this here, which isanother 10, and another 10, which means we can just add another 0. and now, we're up to amillion possibilities.
>> so as an engineer, if 6 is toofew, a million-- that still feels relatively low, especiallyif you can do 10 per second. it gets a little boring, butyou can do it via brute force. what might be betterthan a 6 digit passcode? what's better? >> audience: [inaudible] digits or lettersand different combinations [inaudible]. so let's take both of those in turn. so slightly better than a sixdigit passcode might be, of course, a seven digit passcode, which givesus 10 million possibilities, and just
an additional digit. better than that though would be an 8digit passcode, 9 digit passcode, 10 digit passcode. >> but push back, now. now, you're not the engineeror the security person. now you're the product manageror the marketing person. why is a seven digit passcode notbetter than a six digit passcode for some definition of "better"? audience: it takes longer for the user.
it takes longer for the user. it takes an additional click. and slightly more compellinglytoo, i would say, is what? it's slightly harder to rememberthe longer and longer it gets. we humans, at least in theus, have kind of maxed out at 10 digits for phone numbers. and even that, i know like threepeople's phone numbers these days. so that's kind of a wash. >> so there's a point where it's just nota good user experience-- or ux would
be the trendy way of saying that. so what's better than just using digits? well, instead of 10possibilities, why don't we just get more clever-- and insteadof using 10 digits, 0 through 9. >> how else could we makea 6 digit passcode-- a 6 symbol passcode more secure? what did you propose? letters. so instead of maybe digits, why don't wejust do letters, like 26 times 26 times
26-- and wow, this is actuallygetting pretty big fast. >> so if i go here-- thisis my little calculator. and if i do 10 times 10 times10 times 10 times 10 times 10. that's where we got themillion possibilities from for a 6 digit passcode. but if instead we're doing 26times 26 times 26 times another 26, 26, 26-- this is now givingus 308 million possibilities. >> and is that reasonable toswitch from numbers to letters and still have it 6 digits?
this means you need a 6 letter word. most of us could probably remember asix digit english or some other language word. that's pretty reasonable. >> but we don't need to restrictourselves to just letters. why don't i get a little more ambitious? what might be slightlybetter than letters here? be the engineer proposingan even better solution. david malan: a combination-- characters.
so not just 26 letters, but if i addback those numbers from before-- well, everything's going wrong-- that's 36. that's still 26. that's 36 times 36 times-- and so forth. so that's getting bigger. >> how much bigger can we get thisaddress space, as someone might say? what else could you add inbesides letters and numbers? i'm up to 36. i'm 26, a through z.
so we can really gocrazy with the keyboard. or even more simply,we can keep it simpler. if we go uppercase andlowercase, now i have 26 plus 26. so that's 52 already-- plus another 10. that's 62. and just to see theimplications of this, now, let's just do another bit of math. so 62 times 62 times 62times 62 times 62 times 62. that now is giving me 56billion possibilities.
>> and it's still kind of reasonable. could a human remembera 6 symbol-- where a symbol is just a letter ora number character password? probably. that doesn't feel all that unreasonable. so what more can we add in? and as an aside, has anyone here,ever heard the phrase base 64? base 64? >> so we'll come back to this tomorrowwhen we talk about representation.
long story short, all of ushumans in the room most likely understand base 10, theso-called decimal system. and all of us in this roomcount using 0s through 9s. we're going to see tomorrow, inmore detail, that a computer counts using only 0s and 1s, theso-called binary system. so dec-- decimal-- is 10. bi-- binary-- is 2. >> turns out there's also base 64 forwhich there isn't, to my knowledge, a really fancy word.
but that means that you havenot 0 through 1 or 0 through 9, you essentially have 0 through 64. but you use letters in that mix. and so we'll actually see that themeans by which computers, for instance, attach files in an email thesedays-- an email, of course, might have an image on it-- maybeeven a sound or a movie file. but email is just text. >> it turns out that you can representthings like music, and videos, and pictures and the likeas text using something
called base 64 where you use not onlylowercase letters, and upper case letters, and numbers, butalso the underscore character and the slash on a keyboard. so more on that to come. so this is just getting really big. and now, as the securityresearcher, how could you make a pass code even more secure? we're now using lower case letters,upper case letters, and numbers. and you proposed, victoria,just a moment ago--
david malan: dots are symbols. and now, we're really justkind of getting crazy. we're using all of thekeys on the keyboard. and let me estimatethat there are 128, give or take, possibilitieson a typical keyboard, depending on your language and such. and there might even be more than that. >> so now, let's still assume thatwe're only using a 6 digit passcode and that's why i have 6 of those 128.
let's see if i can pronounce this now. so that's millions, billions--four quadrillion possibilities, if i counted thiscorrectly-- four quadrillion. let me just double check, lesti be exaggerating our security. >> so that's hundreds of thousands,millions-- sorry, trillions. i overestimated by afactor of a thousand. my apologies. 4 trillion possibilities. so that's more secure, right?
especially when we began this discussionwith 1 out of 10,000 possible codes. now, we're up to 4 trillion. >> now, does this mean aphone is "secure" if it is using a passcode that is 6characters long, each of which can be a number, or a letter, orsome funky symbol on the keyboard? is a phone secure now if this isin fact what the suspect was using? and that's a perfect answer. you conditionally explainedthat by reasonable standards-- probabilistically, you're not goingto get into this phone anytime soon.
however there is a chance, if smallchance-- one out of 4 trillion-- that you might actually get theanswer right on the first time. >> and the reality is, too, that ifthis suspect is like most humans-- probably many of us inhis room-- he probably did not choose some crazy password withfunky symbols on the key because why? most of us wouldn't remembersomething that's so funky as that. and so it probably is maybe someone'sbirthday, or some word, or some phrase, or something more memorable. >> so it's probably not even as "secure"as it might be mathematically.
so where does this leave things? it remains to be seen whatapple is going to agree to here. but it certainly has implicationsmore broadly for society. but the takeaways for todayare not so much the legalities, not so much the ethics, or any of that,but really the understanding of what's actually going on. >> and when you read somethinglike this to think to yourself, is this an author just usingbuzzwords, is there actually technical meat to this comment, andwhat might i go and google in this case?
and in fact, probably one of themore technical things in here was this mention of ram or memory,and that was simply for, presumably, the legal issue to which they allude. >> a secure enclave is,i think, kareem, you mentioned earlier this idea ofexponential backoff, so to speak-- or i put those words in your mouth. and that's a feature not in this phone. it apparently just hasthe 80 millisecond delay so it doesn't get worse, andworse, and worse, over time.
any questions? yeah, dan. >> audience: if you don't mind me asking,where do you stand on the issue? david malan: i would side,absolutely, with apple. i think math is not somethingthat you should poke holes in. and i think the reality is,as even this article cites, you can poke holes in the iphone,you can poke holes in the android, but there will alwaysbe some alternative that a particularlysmart adversary can use.
>> so these kinds of measuresreally just protect us against the dummies-- the lesseradversaries, which has value, but the reality is adetermined adversary will absolutely keep encrypting hisor her data by some other mechanism, whether it's via a mobileapplication, a desktop application. i think this is inevitable,and i also think this is a good thing asa matter of principle. >> audience: my question is, atthe end of the day, [inaudible] there is the one guy whocan access everything.
>> audience: so is it easyfor fbi [inaudible] or somebody else instead ofother companies [inaudible]? and i think, especially inthis country, at least where there were the recent revelationsas to just how far the nsa has been going that i, especially nowadays,don't buy the argument that we'll just use it in this particular case. i think that sets a bad precedent. >> and already, there is a fundamentalparanoia we should have. all of us, like chumps, ifyou will, are walking around
with cameras, and microphones, and gpsresponders in our pockets, willingly, telling someone potentially, evenif it's just apple or just google, where we are at all times. and there really is nothing stoppingapple or some malicious engineer at apple from somehowembedding in ios a feature that only turns on david malan's microphone24/7, and sends that data up to apple. >> and in fact, an interestingside note here this is kind of sort of alreadyhappening as a "feature." if you read the news about a yearago, samsung started, rightfully so,
to take some flak in the press becausethey have these "smart tvs," where as best i can tell "smarttv" really just means "tv with bad user interface." but a "smart tv," as afunction of hardware, typically has a microphone anda camera these days. and why? why does a tv need amicrophone or a camera? >> audience: skype. >> david malan: skype, whichis reasonable if you
want to use it in a conference roomor at home for video conferencing-- pretty reasonable, pretty compelling. >> audience: voice commands. >> david malan: voicecommands-- if you want to say change channel, lowervolume, raise volume, turn off. that's not unreasonable, a lasiri, and google now, and such. why else? >> audience: to spy on you. so that's what theparanoid in us might say.
and the reality is, whetherby a bug or deliberate intent, this is absolutely possible. let's give them some credit. why might you, as a user, actuallywant a camera in your tv-- or what's the proposed feature there? why is there a camerain your living room or in your bedroomstaring down at you all-- >> audience: security [inaudible]. security.
you could argue that. in this case, it's notso much the consumer tvs that are in the business of security. in this case it's, becauseof a [inaudible] feature. why is there a camera in a tv? audience: video gamesdetecting [inaudible]. closer. and some tvs probably dothat-- have built in games. this-- and i frankly think is alittle stupid-- gesture control.
i think stupid insofaras i don't really think we're there yet where we're livingin the jetsons where it just works. now, i think you probably look like anidiot to your tv when it doesn't work. >> but gesture control, wherebythe world is getting better, incrementing a la xbox kinect, if you'refamiliar with the video game system, being able to detect motion. so maybe this means lower thevolume, this means raise the volume, maybe this means swipe leftto change channel, swipe right to change channels.
>> this is one of the reasons-- thisis the purported reason that they have the thing in there. but what samsung took someflak for just a few months ago was that if you read their privacypolicy, which no one of course is going to do, they encourageyou in their privacy policy not to have private conversationsin the vicinity of your tv. >> [laughter] >> and we laugh, but likeit's actually there. and that is because in orderto implement this feature,
the tv is always listening. it has to be-- or it's always watching. and even if you have somedefense mechanism in place-- kind of like siri where you haveto say, hey, siri, or ok, google, or whatever-- the tv still hasto be listening 24/7 for you to say, hey, siri, or ok, google. so hopefully, that's all staying local. and there's no technical reason whyit couldn't stay local, software updates aside.
>> but in reality, veryoften, siri and google alike are sending thesedata to the cloud, so to speak, where they getprocessed there by smarter, faster, constantly updated computers,and then send the responses back down to the tv. oh and the fun thing here-- we took alook at this for another class i teach. we'll see this a little later today. >> there's something in the worldcalled security and encryption, which we're getting to right now.
and in theory, there's something calledhttp and https, the latter of which is secure. the s is for security, andwe'll come back to that. and then they operateon something called different ports, different numericvalues inside of a computer signifies if this is secure ornot secure typically. >> samsung, i believe, in this case, wasusing the "secure port," so to speak. they were using thesecure address, but they were using it to send encrypted data.
so some security researchers essentiallyconnected a device to their tv and realized when theyspoke commands to their tv, it was being uploaded to thecloud through the correct channel, so to speak, but completelyunencrypted, which meant anyone in the vicinity or anyoneon the internet between points a and b could be seeing and listeningto your voice commands from your living room or your bedroom. >> so there too, not only are we vulnerablepotentially to maliciousness, also just stupidity and bugs, in this case.
so these are the kindsof things to be ware. and again, the goalsfor today and tomorrow are to understand not necessarilyhow you would implement that underneath the hood,but just reason backwards, if my tv is responding togesture control and my words, i'm guessing my tv isnot so sophisticated as to have the entireenglish or the entire spanish or whatever language i speak dictionarybuilt into it constantly updated. it's probably easier justto send those commands up
to some server-- google, orapple, or samsung, or the like. and indeed, that's what'stypically happening. so mind what you say in front ofyour tvs starting tonight perhaps. >> all right. so that leads us then to encryptionwith a more technical look. and we won't go too deep a dive intothis, but this article we looked at did mention something calledaes-- advanced encryption standard, is what it stands for. and it made mention of somethingjuicy, a 256-bit aes key-- secret key.
and i'll just pull it up if you'recurious to see where it was. it was in the-- how would they do that. so somewhere inside of aniphone and an android phone, presumably, is some kind of secret key. and it's this secret keythat keeps data secure. >> and in fact, have any of youand your iphones ever gone to settings-- i think, settings,maybe general, and then erase iphone? it's somewhere under settings. you can erase youriphone, and it tells you
that you're going to erase it securely. and what does it mean, typically, toerase a phone or a computer securely? and actually, let me see if i cangive you just a quick screenshot. we can probably find this. so, iphone erase securelysetting screenshot. let's see if we canjust find a quick photo. erase data-- that's not-- here it is. >> so this is the screen i was thinking of. you can generally, onan iphone, navigate
to a screen that looks like this. and erase all content and settings--if you click that, it tells you it's going to do it securely. what does securely meanin a phone or a computer? >> audience: in a way that's difficultto then go back and actually find it. david malan: good. so in a way that's difficult to goback and find what you've erased. so erasing it truly means erasing it. and the industry does nothave a good history with this.
>> back in the day, most of usprobably had pcs in some form. some of you still might. back in the day, when we still hadfloppy disks and certain other media, it was very common to run a formatcommand, or an erase command, or a partition command, which areall generally related to getting a drive-- a disk ready for use. >> and back in the day, ican even visualize it now, the dos-- if you're familiar, thecommand-- the black and white prompt in windows-- or even before windows--would yell at you in all capital
letters, all data will be destroyed orall data will be erased-- complete lie. it was a complete technical andactual lie because, typically, what a computer does-- even tothis day in most contexts is that when you drag a file toyour recycle bin or to your trash can on mac os, or windows, or what not--we all probably know that it hasn't actually been deleted yet, right? you have to actually do whatto actually delete a file? audience: empty the trash. david malan: you have to empty thetrash can or empty the recycle bin.
we've all been taught that,and that's the mental model we have in the real world. that is also a lie. almost always, by default thesedays, when you empty your trash or empty your recycle bin, evenby going to the right menu option, or right clicking, or control clickingand following good human intuition, it's a lie. >> all the computer is doingis "forgetting" your file. in other words, somewhereinside of your computer,
you can think of there asbeing a big cheat sheet, a big excel file, a bigtable with rows and columns that says a file called resume.docis at this location on my hard drive, and a file called friends.textis in this location, and profilephoto.jpeg is atthis location in my hard drive. >> so whole bunch of file names--whole bunch of physical locations inside of your computer. and when a computer "erases"a file, typically all it does is it deletes that rowor crosses that out.
it leaves the file on the disk. it just forgets where it is. and that's useful because ifit's forgotten where it is, it can reuse that space later on. it can just put anotherfile on top of it. and tomorrow again, we'lltalk about 0s and 1s-- that just means changingsome 0s to 1s, some 1s to 0s, leaving some alone-- but generally,reconstituting a file out of bits, 0s and 1s.
>> so what is this actually doing? thankfully, in ios's case, since appleactually is quite good at security, even on mac os, erasing yourfiles does in fact do it securely. but how? well in mac os and windows, ifyou have the right software, what it will-- to erasesomething securely does have some technical meaning. and again, we'll come back tothis in more detail tomorrow. >> but to erase a file securelydoes mean doing something to it
so it can't be recovered. but what does that mean? well, if a file, for today's purposes,is represented with 0s and 1s somehow-- i have no ideahow, more on that tomorrow. but 0s and 1s-- the wayyou erase a file securely is you maybe change all ofthose 0s and 1s to just all 0s or just all the 1s-- just scramblethem up completely randomly so that if someone thereafter looksat those 0s and 1s, it's meaningless. and it's not recoverablebecause you did it randomly,
or you made them all 0's or all 1's. >> that's not actually what apple does. because it turns out whenyou erased your iphone, it doesn't take all that long. no, in fact, if you erase a computerhard drive, it might take an hour, it might take three days toliterally change every 0 and 1 to some other value. there's just a lot of bitsthese days, especially if you have a hard drivethat's one terabyte,
so to speak-- four terrabytes--will take a really long time. but apple does it within a fewseconds-- maybe a couple minutes, but reasonably quickly. >> now, why is that? it all relates to the same discussion. apple, by default, keeps all ofthe data on your phone encrypted-- scrambled in some way. and so to erase a phone,you don't necessarily have to change the data--because the general principle
of encryption-- the artof scrambling information or cryptography as thescience itself is called, is that to an adversarylooking at encrypted data, it should look random-- he or she shouldnot be able to glean any insights. they should not be able to realize--this person seems to use the word "the" a lot. just because i see some patternemerging again and again-- it should look completely randomstatistically to an adversary. >> so by that logic, when apple allowsyou to erase all content in settings,
the data already looks randomto any person on the streets who might look at your phone's data. so they don't have to change your data. all they have to do to erase yourphone is do what do you think? audience: [inaudible]your code incorrectly. well, you could do-- yes. physically, they could just type yourcode in, 7 7 7 7, 10 times incorrectly. but rather, you can justforget the secret key. so encryption is all abouthaving, generally, some secrets.
>> so much like you can't get into abank vault without a combination, much like you can't get into yourfront door without a physical key, you can't get into yourhotel room without one of those magnetic cardsor such, in theory, there is something special somethingthat only you know or have that allows you access tosome secure resource. in the case of your phone,it's the four digit code. in the case of your hotel,it's the little card key. in the case of your home,it's the physical key.
any number of things can be a key. >> but in computing, it'salmost always a number, where a number is just a sequence of bits. and again, a bit is just a 0 or1, but more on that tomorrow. so when apple claims to beusing 256-bit aes secret key. that just means that the secretkey inside of your computer is something like 1011001100000. >> i'm just making this up aswe go, and i won't bother writing out 256 possible 0s and 1s.
and we'll see tomorrow howthis maps to an actual number. but for now, just know it's areally long pattern of 0s and 1s. and that secret-- that's like a reallybig magnetic card key for your hotel room that only you have, or it's likea really special metal key with lots of little teeth that only you have. >> how is this useful? how was it useful to use a key? well, let's do this. let's start with truly a clean slate.
and let me propose, just as in alittle experiment here for say, a moment-- how about wetake the word "hello." >> and suppose that you'reback in middle school and you want to send theboy or girl across the aisle that you have a crush ona secret message, "hello," but you don't want to beembarrassed if the teacher picks up the scrap of paper that intercepts thenote that you're passing to him or her. >> you want to encrypt this information. you want to scramble it so it justlooks like you're writing nonsense.
and probably, it's somethingjuicier than "hello," but we'll just take the word "hello." >> how could we go about encrypting thismessage between the two little kids on a piece of paper? what should he or shewrite instead of "hello"? >> david malan: what's that? >> audience: number ofletter in the alphabet. >> david malan: the numberof letter in the alphabet. ok, so if it's a b c d e f g h, i couldmaybe do something like 8 for that.
and a b c d e-- and ican do the 5 for that. and similarly, i can just come up witha numeric mapping that would presumably just confuse the teacher. and he or she probablydoesn't have enough-- doesn't care enough toactually figure out what it is. so let's consider though, is it secure? why not? >> audience: because it's easy to guess it. if in case someone is really interested.
if they are really interestedand if they have more numbers to go with than just five-- ifthere's like a whole paragraph-- and it just so happens that all ofthe numbers are between 1 and 26, that's kind of an interesting clue. and you could brute force that. let's see if a is 1,and b is 2, and c is 3. and if not, maybe let'stry some other pairing. but a determined teacher--an adversarial teacher-- could certainly figure this out.
so what else could we do? a simple encoding-- and thistruly is called a code-- not to be confused with programmingcode or programming languages-- a code. and in fact, if you recall storiesfrom yesteryear, especially in the military, a code book--a code book might literally be a physical book that's gottwo columns, one is a letter, one is a number-- or some other suchsymbol-- that just maps to the other. and a code is a mappingfrom one thing to another. >> so that would be a code.
encryption though-- or a cipher as youmight say-- is more of an algorithm. it's a process. it's not just something you look up. you have to apply some logic to applyencryption, or a cipher in this case. so what's slightly more sophisticated,do you think, than that? what else could we do to sendthe word "hello" semisecretly? so we could write it backwards. so we could do somethinglike o-l-l-e-h or such, and it starts to look alittle more complicated.
so it's kind of scrambled. and you have to know thesecret, and the secret is "backwords" or "reverse" orsome sort of mechanism there. >> but that is an algorithm. that is a process where you haveto move this letter over here, this letter over here,this letter over here, and you have to repeatit again and again. and we'll see tomorrow that thisrepetition is something called a loop, which is fairlyintuitive, but it's
very common in computer programming. what else might we do? >> audience: you could increase thefirst letter by 1, second letter by 2, third letter by 3 [inaudible]. david malan: very nice. so we could do somethinglike-- and increase them-- you mean like h becomes i. and let me keep itsimple for the moment. maybe e becomes f.
and this becomes m m, and this is p. >> now, i'm kind of liking thisbecause now it doesn't jump out at you what has happened. and it looks like nonsense. but in terms of the securityof this cipher, and the cipher here is kind of like a plus1 algorithm of just adding 1 letter to each of my own letters. and just as a corner case,what should i do if i hit z? >> audience: a.
probably just go back to a. but what if i want an exclamation point? well, we'll have to comeback to that sometime. so there's some cornercases, so to speak-- things you need to anticipate ifyou want to support those features. but what is attackable about this? it's obviously not that securebecause we sort of thought of it and wrote it down super fast. so presumably, a smartadversary could do the opposite.
but what information is leakedin this particular ciphertext? computer scientistswould call this cleartext and this ciphertext-- ciphertextmeaning just scrambled or encrypted. we're leaking information, soto speak, with this ciphertext. i know something about theoriginal word, right now. >> audience: same number of letter. david malan: same number of letters. so that's leaking information. i have sent my crush a fiveletter word, it would seem.
and what else? >> audience: yeah. there are letters. >> david malan: they're still letters. >> audience: third andfourth characters repeat. david malan: yeah, the thirdand fourth letters repeat. and this is verycommon-- this realization for what's called a frequency analysis. and i used the word "the,"anticipating this earlier.
"the" is a very common english word. and so if we actually had aparagraph or a whole essay that was somehow encrypted, and i kept seeingthe same patterns of three letters, not t-h-e, but like x-y-z or something likethat, i might just guess, on a hunch, based on the popularityof "the" in english that maybe i should start replacingevery x-y-z with t-h-e, respectively-- and you chip away at the problem. >> and in fact, if you've ever seena movie about cryptographers, especially during military times,cracking codes-- a lot of it
is this trial and error, and leveragingassumptions, and taking guesses, and seeing where it goes. and in fact, m-m-- we sometimessee m-m in the english word, so maybe this is unchanged. we see e-e, we see o-o, we seel-l, we don't really see y-x. and there's bunches of others i couldprobably contrive that we never see. so we've narrowed oursearch space, so to speak. in other words, if the probleminitially feels this big, as soon as you start rulingout possibilities or ruling
in possibilities, starts to get a littlemore tenable, a little more solvable. and in fact, this is anexample actually of something called a caesar cipher, where a caesarcipher is a rotational cipher where one letter becomesanother and you just add uniformly the same numberof changes to each letter. and dan actually hinted at somethingslightly more sophisticated earlier, which we might add, for instance,1 letter to the first letter. e-f-- maybe this becomes g, two away. maybe this becomes m-n-o--this time it becomes p.
and then so forth. >> we add incrementing valuesto each of the letters, which is harder because, now notice, l-ldoes not look like m-m, anymore. we now need to be a little fancier. and this is what's called, aftera french guy, a vigenere cipher, where you're using disparatekeys, different values. and in fact, let's tiethat back together. >> we used the word "key" before,both in the physical sense, for hotels and homes.
but in the electronic sense, a keyis just a secret value, typically. and a secret value in thisearlier case, i-f-m-m-p-- what is the secret key i'm using forthis cipher that dan proposed earlier? audience: plus 1 [inaudible]. the key is just the number 1-- notthe most secure, but it's simple. but all of these security mechanismsrequire what-- that not only i know the secret is 1, but also what? who else has to know it? audience: the recipient [inaudible].
david malan: therecipient has to know it. and just for clarity,who must not know it? audience: the teacher. david malan: the teacher-- right? unless he or she has the time and energyto brute force it or figure it out. so super simple idea, but itmaps to what you're reading about and hearing about every day in the news. but the 256-- this is essentially 1 bit. 256 bits is much bigger.
and again, we'll get a quantitativesense of that tomorrow. any questions then on apple, security,encryption, in these building blocks? yeah, roman. >> audience: [inaudible]. do you have any insights [inaudible]? david malan: oh, it's good question. i don't know internally--and apple, of all companies is particularly quiet when it comes tothose kinds of implementation details. but i can say more generally, afundamental tenet of security,
at least in the academiccommunity, is that you should never have what's calledsecurity through obscurity. you should never do something toprotect data, or users, or information, whose security andprivacy is all grounded on no one knowing how it works. >> in other words, whatthe article alludes to, aes, advanced encryption standard-- thatis actually a global, public, standard that you can open up a math bookor go on wikipedia and actually read what the algorithm is.
and much like the algorithmhere is the super simple plus 1, this is more complicated mathematics,but it's public knowledge. and this has a number of upsides. one, it means anyone canuse it and implement it. but two, it also means thatmillions of smart people can review it and make sure tospeak up if it's flawed in some way. >> and so in fact, one of the best defensesagainst governmental back doors, whether in this country or anyother, is to just publicly discuss these kinds of algorithmsbecause it's very unlikely
that the entire worldof academic researchers is going to collude and actuallytolerate hidden back doors in algorithms like that. >> however, you do need tokeep something secret. and so just to be clear, whenyou're using a cipher, like aes, or something like caesar, or vigenerethat we alluded to there, what does have to be kept secret? not the algorithm, not the process. audience: the code.
david malan: the code, right--and the key, to be clear. and so to be super clear, even thoughthis is a trivial example, the cipher, or algorithm, that we've generallybeen using in this discussion is this thing here, the plus. so addition is our supersimple cipher or algorithm. aes would be a much morecomplex equivalent of the plus. you do a lot more math, a lotmore additions, multiplications, and so forth. >> but the key is not thesame as the cipher.
in this case, it's also supersimple-- just the number 1. in apple's case, it's some256-bit pattern of 0s and 1s. so i'm not really answering yourown question because i can't really speak to what apple knows,but the apple engineers have disclosed that they implementthis algorithm to some extent. we have to trust thatthey're being true, and we have to trust that theydidn't, nonetheless, build in some secret backdoor for the nsa. and that's fundamentally hard to do.
>> in fact, the frighteningthought i can leave you with on this particular subject is,much as we might all talk about this and much as tim cook might assureus that these phones do not already do what the fbi wants them to do, it'snearly impossible to verify or audit as much. do we even know that mycamera's not on right now? do you know that your own macbook'scamera's not on right now? well, most of you might knowintuitively or from experience, well, if the green light'soff, what does that mean?
audience: it's not on. david malan: it's not on. you've been taught that,but why couldn't you write software that turns off thelight but turns on the camera? there's really no fundamentaldefense against something like that. >> so even we humans canbe socially engineered by our computers to trustone truth-- one reality, when really we canthen be taken advantage of because of that exact sameassumption that a green light means
the camera's on. that's not necessarily true. so actually, i always kindof smile, but i appreciate it when you see real diehards aroundcampus-- you have tape on yours. so putting tape on it isa more surefire thing. of course, there's still amicrophone that you can't really tape over as effectively. but these are the kinds of trade-offs. >> and in fact, one takeaway hopefully for today
should be absolute terror whenit comes to these kinds of things because, at the end of theday, we have to trust someone. and that too is a fundamentaltenet of security. ultimately, you have to trust someone. you have to trust that theperson you have a crush on is not going to tell his or her bestfriend what that secret code is, and then disclose that same informationthat you're trying to keep secret. let's take a look-- yeah, dan. >> audience: what does the acronymcbc stand for under the latest aes?
>> david malan: oh, cbc is block-- what'sit stand for-- block [inaudible] cbc. cypher block chaining. so cypher block chaining isan acronym that refers to, i believe, the processof what goes on inside of an algorithm for cryptography, inthis case, whereby it's iterative. you do something again,and again, and again. and you take a previousoutput, and feed it into your process as a subsequent input. so you keep feeding theresults back into themselves.
>> and an analog here might be-- i shouldbe able to come up with a good metaphor here. let me try to think ofa better example here. let's see if we can comeup with a quick picture. let's see if wikipediagives us a picture that would explain-- no, that's good. this is a more pictorialcomplexity than we really want. but the idea here is that if you areenciphering something, it gets fed in, then the output gets fed inagain, then it gets fed in again,
so that your iterativelyscrambling information using previous output as a subsequent input. let me see if i come upwith a better explanation. give me lunch time tonoodle on that one. let's come back here. i want to encourage you-- your onlyhomework for tonight, if you'd like, and you haven't seen it, is towatch a 20 minute video, if you have internet access and go on youtube. last week tonight is a brilliant showby john oliver from the daily show.
>> and at this url here, you can actuallylook at his look-- his humorous, but simultaneously seriouslook at the same issue. and hopefully, even more ofthat video will make sense. and this is in the slides, too. so if you have the url up withthe slides, this is here, too. and we'll get you onlineduring the break as well. >> so in our concluding minutes,let's take a quick look at one other example of a technologythat's ever present these days, file sharing, both in consumerand in corporate contexts.
and that is by way of, for ourpurposes, something called dropbox. so for those unfamiliar, in asentence or two, what problem does dropbox solve? >> audience: [inaudible] and then getit on your iphone or ipad anywhere. it allows you to sharefiles often with yourself so that if you do have an iphone,an android phone, a mac, a pc, multiple macs, multiple pcs,home computers, work computers, you can have a folder that in turn hasits own sub folders that automatically get synchronized acrossall your devices.
and it's wonderfully useful. >> for instance, in the morning,if i'm preparing for class, i might get my slides, orvideos, or pictures ready, drop them in a folder on a homecomputer, then walk to school, and open up a work computer here,and voila, it's magically there-- unless i screwed up, whichhas happened sometimes, and there's nothing more stressful thanhaving done all that work hours prior and you have nothing to show forit when it comes time for class. so it fails sometimes,or the human fails,
but in theory that's exactlywhat it's supposed to do. >> more compellingly, for otherusers, is that i can very often then control click orright click a folder or file that i'm usingwith this service, and i can send a url that resultsfrom that click to a friend, and he or she can thendownload a copy of that file. or better yet, we can sharefolders so that if i make a change, then victoria can see my changes inher folder, and kareem later in the day can edit it and see thatsame file and folder as well.
so there's a lot of implications here. and we'll just scratchthe surface, and try here to spook you a bit into not takingfor granted how all of this works and what the actual implicationsare for things that you're using. >> in particular, let's considerhow dropbox must surely work. so if i'm over here-- let'sdraw a quick picture of me. if this is little old me-- this islittle old me on my laptop here. and let's say this is victoriawith her tape on her camera. and here we have kareem,with his laptop here.
and then somewhere is this thing calledthe cloud, more on that this afternoon as well. >> so how does dropbox work? suppose i create afolder on my computer, and i install thissoftware called dropbox. but we could also be talkingabout onedrive from microsoft, or we could talk about the googledrive, or any number of other products. it's all fundamentally the same. >> if i've got a folder calleddropbox on this computer,
and i've just created a powerpointpresentation, or an excel file, or an essay, and i dragit into that folder, what must happen in order to get it tovictoria's computer or kareem's computer? so somewhere in here, there's a company. and we'll call this dropbox. and this is david. this is victoria. and this is kareem here.
>> so somehow, i must have an internetconnection that leads to the internet-- more on that after ourbreak-- that gets stored on servers in dropbox's headquarters,or data center, wherever it is. and then victoria's computer andkareem's computer get that data how? david malan: have to say again? i have to share it with them. so i have to have sentkareem to victoria a url, or i have to click some menu optionand type in their e-mail address so it automatically gets shared.
let's suppose i've done that. what then happens interms of this picture? >> audience: you need a user accountand a way to authenticate-- we're going to need a priorisome kind of user account. so i've got to register for dropbox. each of you probably has to registerfor dropbox, at least in this scenario. but then ultimately, that file getstransmitted down in this direction, just as it went up frommy direction there. >> similarly, if we've used acertain feature of dropbox,
you can either make copies of filesor actually share the originals. if you guys start to makecopies, then in theory those should propagate back to me. >> so if you're aparticularly paranoid user, or you're the cto or chiefsecurity officer at a company, what kinds of questions should you beasking here about this whole process? so i am now the head of dropbox. yes. we use industry standardencryption to secure your data.
satisfied? ok, i'll be more specific. i use 256-bit aes encryption justlike our friends at apple do. >> audience: but all that dataexists on all those machines, and all those machinesare a vulnerability. true. so suppose there's a whole bunch ofservers in dropbox's headquarters, or data center, or all of theirdata centers, and it's the data-- and this is a feature-- is replicated--copied-- across multiple servers
because, god forbid, onecomputer, one hard drive dies. these days very commonis to replicate data across at least two computersor two hard drives-- sometimes as many asfive or more so that, statistically, eventhough, yes, lightning might strike all of dropbox'sdata centers simultaneously, or they might get physically attacked,or compromised all at the same time, the probability of that happeningis very, very, very low. so for all intents and purposes,my data is backed up safely.
>> but it's encrypted. so what? doesn't matter if every copy getsstolen, doesn't matter if the data center gets infiltrated,my data is still encrypted so no one can see what it is. what questions shouldyou continue asking? audience: is it all encryptedthe same way across [inaudible]? >> david malan: embarrassingly, yes. we use the same key to encryptall of our customer's data.
audience: but then it's very easy tounencrypt and decrypt [inaudible]. david malan: it is. and that's a feature. we can do this super fast for you,which is why the file syncs so quickly. we use the same encryption--the same key for everyone. it's a feature. >> and i said it sheepishly--and this actually, i believe, is stillactually technically true. they do use the same secret key,whether it's 256 bits or more,
for all customer's data. and this is partlyfor technical reasons. one, if i am sharing a filewith victoria and kareem, and they want to beable to access it, i've got to somehow decrypt it for them. but i don't really have a mechanism togive victoria and karim a secret key. >> if i email it to them, i'm compromisingit because anyone on the internet could intercept my email. i certainly am not going to callthem with a sequence of 256 0s
and 1s or more, andtell them to type it in. >> it could just be a password,but i'd still have to call them. and in business, this isn'tgoing to work very well. if you want to sharea file with 30 people, i'm not going to make30 darn phone calls. and i can't send out an emailbecause that's insecure. >> so there's really thisfundamental problem of sharing it. so you know what, it's just easier ifdropbox does the encryption for us. but if they do it for us,only they know the key.
and if they reuse the key,that means that all of the data could be compromised if thatkey itself is compromised. now, having asked at least onebuddy at dropbox, they do have-- and i think they havewhite papers that testify to this fact-- they do have very, veryfew people who have access to that key. the computers have to haveit in memory, and it's got to be locked up insome vault somewhere so that, god forbid, the computerscrash or need to be rebooted, someone does have to typein that key at some point.
>> so that is really the secretsauce if there were any. but this definitely hasimplications for my data. it's disclosable, if someone compromisesthat key or that data center. >> but it also allowsdropbox another feature. it turns out-- and this iskind of a business cost-- if you used a differentkey for every customer, or even more so for everyfile, mathematically, every file, when encrypted, wouldlook different from every other file. >> so even if i had two copies ofthe same powerpoint presentation
on kareem's computer and on mycomputer, if those files were encrypted with different keys, theciphertext-- the scrambled thing-- would look different. this is not a goodthing because it doesn't let dropbox realize that thosefiles are the same, as we've kind of discussed earlier. why might dropbox want to knowwhen two users or more are sharing the exact same file? why is that useful information fordropbox from a business perspective?
>> audience: space. >> david malan: space. a powerpoint presentation'snot that big, but people commonly share bigmovie files, video files-- maybe really bigpowerpoint presentations. and if you have two users withthe same file, or 10 users, or maybe a million userswith the same popular illegally downloadedmovie file, it's kind of wasteful to store a million copiesof the same gigabytes of information,
the same gigabyte sized video, andso dropbox, like a lot of companies, have a feature called "deduplication--deduplication, which is just a fancy way of saying store onecopy of the same file, not multiple, and just keep track of the factthat a million people, or whatever, have that same file. >> so just point all millionpeople or so to that same file. and you still back it up a few times. so this is separate fromthe issue of redundancy in case you have hardwarefailures or the like.
but deduplication requires thatyou not encrypt files individually if you want to be able todetermine after the fact if they're still in fact the same. >> so there's some trade-offs here. and it's not necessarilyclear what the right call is. personally with dropbox, i'll useit for anything related to work, certainly anything related to class,certainly for any files that i know are going to end up on theinternet anyway by choice. but i don't really useit for financial stuff,
nothing particularly privateor family related because, as a matter of principle, notsuper comfortable with the fact that it might beencrypted on my own mac, but as soon as it goes out of the cloud,it's on little old dropbox's servers. and i'm pretty sure no oneat dropbox has it out for me and is going to gopoking around my files, but they absolutely could in theory,no matter what policies or defense mechanisms they put in place. it just must betechnologically possible.
>> and god forbid they arecompromised, i'd rather my file not end up in some big zip that some hackerputs online for the whole world to see. so let's push back on that. what's a solution then? could you continue using aservice like dropbox comfortably and assuage my kinds of concerns? >> audience: private cloud. david malan: private cloud. what does that mean?
>> audience: well, you secure itsomehow so that it's available only for a particular group. so you need to partition the cloudinto something a little more narrowly defined. and we'll talk about-- audience: internet. >> david malan: an internet. so i could just backup locally to my ownhome, backup server, or cloud server, so to speak.
unfortunately, that meansthat victoria and kareem need to visit more often if iwant to share files with them but. that might be one way. >> there are also thirdparty software that i could use on my mac or my pc thatencrypts the contents of a folder, but then i do have to callvictoria or karim, or email them, or something to tell them that secret. and that's a bit of a white lie becausethere are types of cryptography that do allow me and kareem,and me and victoria,
to exchange secret messages withouthaving to, in advance, share a private key-- a secretkey with each other. it's actually something calledpublic key cryptography. >> and we won't go into technicaldetail, but whereas we today have been talking aboutsecret key cryptography, where both sender and recipienthave to know the same secret, there's something calledpublic key cryptography, which has a public key and a privatekey, which long story short have a fancy mathematical relationshipwhereby if i want to send victoria
a secret message, i ask her for herpublic key, which by definition she can email me. she can post it on her website. >> it is meant mathematically to be public. but it has a relationship withanother really big number called the private key such that when iencrypt my message to her, "hello," with her public key,you can perhaps guess what's the only keymathematically in the world that can decrypt my message-- her privatekey or corresponding private key.
>> it's fancier math than we'vebeen to talking about here. it's not just additioncertainly, but that too exists. and in fact, and we'll come backto this when we talk about the web, odds are you've nevercalled someone at amazon.com when you want to check out with yourshopping cart and type in your credit card number, and yet somehow or otherthat padlock symbol is telling you your connection is secure. somehow or other yourlittle old mac or pc does have an encryptedconnection to amazon
even though you've neverarranged with them for a secret. and that's because the web isusing public key cryptography. why don't we pause here, take our 15minute break after olivier's question. audience: i just have a dumb question. david malan: no, not at all. audience: if you have the original file,and the key's the same for dropbox, for everyone, and youhave the encrypted file. can you [inaudible] the key? david malan: say that once more.
audience: if you have the originalfile and the encrypted file, and you have both of them,can't you just [inaudible]? a good question. if you have the plaintextand the ciphertext, can you infer the secret key? depends on the cipher. sometimes yes, sometimes no. it depends on how complexthe actual algorithm is. >> but that does not help your situation.
it is a fundamentaltenet to, if you have access to the original fileand the resulting file, you should no longer usethat key because now you have leaked information. and an adversary coulduse that and exploit that to do what you're alluding to,and reverse engineer what that key is. >> but in this case, presumably when you'resending something to the recipient, you already have a trustrelationship with them. and so by definition, they shouldhave or know that key already.
it's when someone in themiddle gets in the way. good question. >> all right, why don't wepause, take a 15 minute break. rest rooms are that way. i think there's probably somedrinks and snacks that way. and we'll resume at 5after 11, how about? 11:05.