Comments by "Lawrence D’Oliveiro" (@lawrencedoliveiro9104) on "What are Digital Signatures? - Computerphile" video.

  1. 9:41 Remember, none of these public keys is confidential. The problem is, you have to trust they are authentic, that they really came from the people they say they’re from.
    27
  2.  @akashchoudhary8162  You could get fooled into accepting messages from a fake sender instead. So you need to obtain the public key from a trusted source.
    10
  3. 0:38 “Not that quick” as in “a thousand times slower than secret-key encryption such as with AES”.
    6
  4. The private key never leaves your custody.
    2
  5. That’s called “remote attestation”. It’s impossible to trust a PC that is under the control of someone you don’t trust. Unless it has something like a TPM chip in it. And that gets controversial.
    1
  6.  @tristunalekzander5608  The public/private key pair are mathematically related in a way that anything encrypted with one can be decrypted with the other, but anybody in possession of the public key cannot (feasibly) determine the corresponding private key. Thus, the public key can be freely redistributed, without compromising the private key.
    1
  7.  @tristunalekzander5608  You use them one way round for confidentiality, the other way round for authenticity (digital signatures). Being able to decrypt something with a given public key guarantees that it had to have been encrypted with the corresponding private key -- in other words, that it came from the only party in possession of that private key.
    1
  8. As a cryptographer, you would have learned at some point that encryption and digital signatures are two inseparable sides of the same coin.
    1
  9.  @MrFair  You are the one who is not understanding basic things about the maths.
    1
  10. 1) Avoid using Microsoft Windows.
    1
  11.  Dusty 99  If avoiding unnecessarily complex OSes is “lazy”, I don’t wanna be hardworking!
    1
  12.  @WujuStyler  So far the only ones insisting on using Windows are gamers.
    1
  13.  @666Tomato666  I remember seeing a factor of 3000 times, so you’re not too far off. Also remember you’re not comparing like with like: hardware acceleration for AES versus none for RSA.
    1
  14. Actually, I think they all do. Wasn’t DSA designed as an alternative to RSA that was only useful for signatures, not encryption? And didn’t somebody discover that you could use it for encryption, albeit very clumsily and inefficiently?
    1
  15.  @PauxloE  Any maths that can work one way, can work the other way. It may not be efficient or practical, but it’s possible.
    1
  16. You can do both encryption and signing of communications, to provide both privacy and authenticity.
    1
  17. SHA-256 is just 32 bytes, or 64 hex digits. How many characters do you need to put in a tweet?
    1
  18. Nevertheless, they are sufficiently related that what works for one can be made to work for the other.
    1