When reviewing the WireGuard VPN last fall, one of the things that came up was WireGuard’s support for an optional, additional PSK (Pre Shared Key) layer of security. Like most modern crypto, WireGuard’s basic encryption is asymmetrical, meaning you encrypt the data with one key and decrypt it with another. PSKs, by contrast, are symmetric cryptography—the same key used to encrypt the data is also used to decrypt it.
The fundamental problem with symmetric cryptography is practical, not mathematical: how do you get the key to your communication partner in the first place? The whole reason you want the encryption is because you don’t trust the medium in between you and your partner, so you can’t use that medium to share a key. The ever-present fear is that an MITM—Man In The Middle—will intercept the key, destroying your secrecy.
That pitfall is what makes asymmetrical cryptography—the kind used for everything from SSH keys to SSL/TLS for websites to you name it—so attractive. With asymmetric cryptography, you send your public key to your communication partner in the clear. Your partner encodes a message with your public key, which you can then read with your private key because that was never shared. You can do the same thing in reverse to send data the other way—get your partner’s public key, and use it to encrypt a message to send to them to be decrypted with their private key.
- Blackmagic eGPU Pro mini-review: Quiet, fast, and extremely expensive—like a Mac
- Systems with small disks won’t be able to install Windows 10 May 2019 update
- Apple reportedly discussed buying Intel’s smartphone-modem chip business
- Intel stockpiling 10nm chips, warns that 14nm shortages will continue
- Samsung embraces vertical videos with a $16,000 vertical TV