Jon Udell is opening a can of worms, I must not look...

I always knew there were ways to encrypt information and I accepted that. Then I was assigned the task of revamping our software licensing process. This required me to choose an encryption method. Choosing an encryption method required me to justify my selection against its alternatives. Justifying my selection required me to understand both my selection and the alternatives that I did not choose.

So I did some reading, and once I understood the difference between Private Key Encryption and Public Key Encryption, I changed my mind. Public Key Encryption surely seemed like the better choice.

If some rogue ex-employee were to take the private key and issue passwords for a discounted price, we could throw out the old key pair and replace it with two new keys. Because one of the keys of the pair is public, we could simply distribute it along with the encrypted information. No need to hard-code the private key in the software, right? No need to require customers to reinstall existing software, right? No need to maintain legacy password generation programs, right? (Anyone who has done this before, please comment...please throw me a clue...)

Yes, I thought I finally had gotten it. Public Key Encryption provides more convenience, more security, more robustness than Private Key Encryption.

I am trying to resist looking at Jon Udell's post. He is questioning his long-held assumption that Public Keys were the way to go.

Remind me why I need a public key. Dick Hardt, founder and now CTO of ActiveState, was prowling around the digital ID conference asking a deceptively simple question: "Why do I need a key pair?" ...

[Jon's Radio]

2:05:29 PM  comment [] | Categories: JobFish Homework, My Profession, Work Projects| Topics: Cryptography XML