The end of HACKING? Cryptography breakthrough could make computer programs impenetrable to cyber criminals | |
DREAM MERSHANT
(OP) User ID: 43045081 United States 02/04/2014 01:23 PM Report Abusive Post Report Copyright Violation | |
MaybeTrollingU
User ID: 48692360 Brazil 02/04/2014 01:40 PM Report Abusive Post Report Copyright Violation | Re: The end of HACKING? Cryptography breakthrough could make computer programs impenetrable to cyber criminals Code obfuscation is used since ages ago. It DOES NOT make any program "impenetrable", only make it more difficult. However, when it comes to internet, things change drastically. The tricky thing here is to understand what a "page" is: Suppose you have this: {if user is logged in then show this} Hello, {Name of the user}! Today is {current date} and you have {total messages for looged in user} {if user is NOT logged in then show this} You are not logged in, please do your login The parts in italic are code run in the server, also called "code behind" the rest is normal text. When you go to the website where this document is located, the parts in italic will be run and evaluated and the result of the evaluation will be put in their places. Then this result will replace the parts in which they are in the document, this process is called renderization. Of course what I put there are not actual commands, I just put it the way they are supposed to work, this is called "pseudo-code". In the example, "Name of the user", will generate a query to a database. This query is the same as asking to the database: "Hey, the user with login 'dude_from_bronx', what is his actual name?" The database will answer: "Corey" The render process will get the response from the database and put "Corey", in the place where "{Name of the user}" is. When it comes to web, everything must be somehow interpretable by the browser engine. It means it cannot be pure encrypted text, otherwise, the person will not understand it either. The browser(Chrome, Firefox, Internet Explorer...), is just a program to access the web document(as above) and show it. Unless there's a specific plugin to decrypt whatever it is in the web document, the user will not be able to read it. In other words, web documents must be the way they are supposed to be read. Now, some more cool info: Why "secure websites" are not as secure as we think? Its actually quite simple. When you connect to whatever website and it says "This website is secure, by certificate bla bla bla", it means your connection, from your device to the website is encrypted. It means, that the text sent from the server(where the web document is), will be encrypted, sent to you and decrypted back to readable text in your computer. No one in the middle can decrypt it, at least not without a LOT of effort. However, from the webhost(where your webdocument is) to wherever else, this connection may not be encrypted at all. To picture the situation: You and Sue have a secret code to say "My dog just barked". But you need to tell Brian that your dog just barked and you cannot talk with him, only Sue can do it. So, you tell sue using your secret code for "My dog just barked" and Sue will tell it to Brian, however, Brian doesn't know the code, making Sue obligated to tell it in a regular fashion. That's more or less what NSA can do. Your connection to the said website is secure, but they have an access lower than yours, inside the server where your webdocument is. So, the cryptography is pointless. |
DREAM MERSHANT
(OP) User ID: 43045081 United States 02/04/2014 01:41 PM Report Abusive Post Report Copyright Violation | Re: The end of HACKING? Cryptography breakthrough could make computer programs impenetrable to cyber criminals Code obfuscation is used since ages ago. It DOES NOT make any program "impenetrable", only make it more difficult. However, when it comes to internet, things change drastically. The tricky thing here is to understand what a "page" is: Quoting: MaybeTrollingU Suppose you have this: {if user is logged in then show this} Hello, {Name of the user}! Today is {current date} and you have {total messages for looged in user} {if user is NOT logged in then show this} You are not logged in, please do your login The parts in italic are code run in the server, also called "code behind" the rest is normal text. When you go to the website where this document is located, the parts in italic will be run and evaluated and the result of the evaluation will be put in their places. Then this result will replace the parts in which they are in the document, this process is called renderization. Of course what I put there are not actual commands, I just put it the way they are supposed to work, this is called "pseudo-code". In the example, "Name of the user", will generate a query to a database. This query is the same as asking to the database: "Hey, the user with login 'dude_from_bronx', what is his actual name?" The database will answer: "Corey" The render process will get the response from the database and put "Corey", in the place where "{Name of the user}" is. When it comes to web, everything must be somehow interpretable by the browser engine. It means it cannot be pure encrypted text, otherwise, the person will not understand it either. The browser(Chrome, Firefox, Internet Explorer...), is just a program to access the web document(as above) and show it. Unless there's a specific plugin to decrypt whatever it is in the web document, the user will not be able to read it. In other words, web documents must be the way they are supposed to be read. Now, some more cool info: Why "secure websites" are not as secure as we think? Its actually quite simple. When you connect to whatever website and it says "This website is secure, by certificate bla bla bla", it means your connection, from your device to the website is encrypted. It means, that the text sent from the server(where the web document is), will be encrypted, sent to you and decrypted back to readable text in your computer. No one in the middle can decrypt it, at least not without a LOT of effort. However, from the webhost(where your webdocument is) to wherever else, this connection may not be encrypted at all. To picture the situation: You and Sue have a secret code to say "My dog just barked". But you need to tell Brian that your dog just barked and you cannot talk with him, only Sue can do it. So, you tell sue using your secret code for "My dog just barked" and Sue will tell it to Brian, however, Brian doesn't know the code, making Sue obligated to tell it in a regular fashion. That's more or less what NSA can do. Your connection to the said website is secure, but they have an access lower than yours, inside the server where your webdocument is. So, the cryptography is pointless. thanks for your input, well written |
MaybeTrollingU
User ID: 48692360 Brazil 02/04/2014 01:45 PM Report Abusive Post Report Copyright Violation | Re: The end of HACKING? Cryptography breakthrough could make computer programs impenetrable to cyber criminals Code obfuscation is used since ages ago. It DOES NOT make any program "impenetrable", only make it more difficult. However, when it comes to internet, things change drastically. The tricky thing here is to understand what a "page" is: Quoting: MaybeTrollingU Suppose you have this: {if user is logged in then show this} Hello, {Name of the user}! Today is {current date} and you have {total messages for looged in user} {if user is NOT logged in then show this} You are not logged in, please do your login The parts in italic are code run in the server, also called "code behind" the rest is normal text. When you go to the website where this document is located, the parts in italic will be run and evaluated and the result of the evaluation will be put in their places. Then this result will replace the parts in which they are in the document, this process is called renderization. Of course what I put there are not actual commands, I just put it the way they are supposed to work, this is called "pseudo-code". In the example, "Name of the user", will generate a query to a database. This query is the same as asking to the database: "Hey, the user with login 'dude_from_bronx', what is his actual name?" The database will answer: "Corey" The render process will get the response from the database and put "Corey", in the place where "{Name of the user}" is. When it comes to web, everything must be somehow interpretable by the browser engine. It means it cannot be pure encrypted text, otherwise, the person will not understand it either. The browser(Chrome, Firefox, Internet Explorer...), is just a program to access the web document(as above) and show it. Unless there's a specific plugin to decrypt whatever it is in the web document, the user will not be able to read it. In other words, web documents must be the way they are supposed to be read. Now, some more cool info: Why "secure websites" are not as secure as we think? Its actually quite simple. When you connect to whatever website and it says "This website is secure, by certificate bla bla bla", it means your connection, from your device to the website is encrypted. It means, that the text sent from the server(where the web document is), will be encrypted, sent to you and decrypted back to readable text in your computer. No one in the middle can decrypt it, at least not without a LOT of effort. However, from the webhost(where your webdocument is) to wherever else, this connection may not be encrypted at all. To picture the situation: You and Sue have a secret code to say "My dog just barked". But you need to tell Brian that your dog just barked and you cannot talk with him, only Sue can do it. So, you tell sue using your secret code for "My dog just barked" and Sue will tell it to Brian, however, Brian doesn't know the code, making Sue obligated to tell it in a regular fashion. That's more or less what NSA can do. Your connection to the said website is secure, but they have an access lower than yours, inside the server where your webdocument is. So, the cryptography is pointless. thanks for your input, well written My pleasure! If you want I could talk more about this... |
RMS Olympic
User ID: 19767135 United States 02/04/2014 01:53 PM Report Abusive Post Report Copyright Violation | |