Thread replies: 19
Thread images: 2
Thread images: 2
File: mountainwizard.jpg (77KB, 665x498px) Image search:
[Google]
77KB, 665x498px
Hi /g/. I'm a noob when it comes to how technology works but I've been trying to gain a basic understanding to get a better feel for how the Internet works from an infrastructural level.
I'd like to try to explain my current understanding with the hopes someone will correct/validate it, and perhaps point to more sources to learn from. I don't have the time to dedicate time to something like a college course, but I'd like to get a good enough feel to understand how crypto plays a role in basic browsing (I'm in number theory so there's a connection for me).
Here's how I see it in summary:
>Have magical connection to world wide web via router
>Computer can send requests through this router to (somewhere???) some server for information, i.e. typing 4chan.org means asking to receive the data of the front page from their server, which is constantly updating based on user input around the world according to their programmed rules
>Connecting with https means that this request is first encrypted on my computer before being sent to the router, meaning anyone listening in just sees gibberish, and then the 4chan server receives it and decrypts it using some public-key protocol
>They encrypt the data of the front page and send it securely to me, so no one knows what information I'm receiving, just I'm receiving SOMETHING from them with size ~ x kB.
>If it's just HTTP without the S, then this process is the same without the public-key protocol.
Am I missing anything important? My first questions are: can the ISP read the encrypted information if they REALLY wanted? If so, how? Are there backdoors or something else I've misunderstood?
>>
that post is really long can you summarize it in 140 characters or less
>>
>>57184644
My question is really: is my understanding of how the Internet works accurate? If not, please help correct/fill in the gaps. My understanding is in greentext.
>>
>>57184608
mostly correct
no, they cannot read it unless they possess the private keys of the website you are communicating with
no backdoors known
>>
>>57184653
thats too long im not reading that
>>
>>57184655
>mostly correct
Any points you'd like to fix/expand upon? I'd really like to have as clear a picture as possible.
So hypothetically if someone was able to watch my Internet traffic (meaning - they saw my router communication, but didn't have direct access to my computer) they wouldn't be able to tell which shitposts were mine, just that I was posting on 4chan?
>no backdoors known
That is interesting to me. One of my interests in NT is applications to encryption (I believe people have the right to privacy). Do you know what mathematical protocols underly HTTPS?
Thank you for your time answering things that I'm sure everyone here thinks is babby level and could probably be learned in the first few weeks of a proper course. I'd take one if I wasn't neck deep into math now.
>>
File: Denied.webm (888KB, 720x404px) Image search:
[Google]
888KB, 720x404px
>>57184694
Yes, you do have the gist of it.
On the server you want to communicate with sits the server's private key - this never leaves the server. On your end, sits the Certificate Authority store in your browser which allows your browser and you to tell which certificates are authentic (if they aren't, you get a warning that the certificate is bad etc.etc.) The certificates which are exchanged hold the public key for whatever server you wish to communicate with. You browser sets up the encrypted session which the server responds to.
If someone was sniffing your traffic, all they'd see is the source/destination of the packets but they would be encrypted, so, they could not tell what the packets contained. Same with your ISP -- they would see the destination and source (your modem/router, not which computer). This is how it is supposed to work when everything is fine. There is potential for a man in the middle attack which substitutes the valid server certificate for an intermediary certificate (the man in the middle) which intercepts your traffic, reads it, and then sends it to the server as if nothing has happened. Your browser will likely warn you off this, however, so don't panic yet. There are stories of intelligence agencies having got around web encryption but that's a whole other story.
>>
>>57184961
Thanks friend! Glad I'm not the only one looking to understand here.
>>
>>57184973
Thanks, I just read up a bit more on SSL. It's a bit of a relief to learn about this now after years of wondering just how many people have seen everything I've done on the Internet.
I have no doubt a few three-letter agencies must have more specific information in this regard, but I suppose that is quite another story.
One more question: how does using a VPN affect the picture? People have described it as much greater privacy, but how? In order to connect to a VPN, don't you need to send some information through your router to make the request to connect to the VPN? And then once the connection is established, how does making requests work (what's the order of "travel" for a request)?
It's a bit confusing to me because I imagine you're still at the mercy of the VPN now to keep your browsing secret rather than your ISP, to an extent.
>>
>>57184977
Quite interesting thread!
Also how do you approach the math subject? It's something i really want to start but i don't know how to begin with...
google, right?
>>
>>57185182
Thanks. And I've always been into math. I'm getting close to the research level in NT (working towards PhD right now). It's hard to say if anything I do will ever have an intersection with crypto, but I'd be happy if there was at least a loose connection I could make with my work.
My advice depends on what you're looking to learn. Do you want to have a solid foundation, dedicating loads of time to understand it? Or do you want a superficial understanding (like me in this thread)?
In the theme of this thread, I can recommend An Introduction to Mathematical Cryptography by Hoffstein et al. It was my first exposure to the subject, and part of what piqued my research interest in NT in the first place. I remember the stuff there being quite low-level for me, but could be more challenging for those without a math background.
>>
>>57185073
>One more question: how does using a VPN affect the picture? People have described it as much greater privacy, but how?
VPNs are considered greater privacy because it encrypts your information and also hides your destination from your ISP. All your ISP sees is your encrypted VPN traffic -- nothing else. Also, VPN providers can allow you to choose which server your traffic exits onto the internet. So, you could be in Australia and your exit could be in New York. When you connect to websites/servers etc., they see your traffic originating from somewhere in New York -- they never receive your actual IP address, only the exit of the VPN provider.
>It's a bit confusing to me because I imagine you're still at the mercy of the VPN now to keep your browsing secret rather than your ISP, to an extent.
This is the crux of the matter as to why you should choose a good VPN. It is why you see people recommend VPNs that advertise that they keep absolutely no logs. This is how some of the hackers from Lulzec were caught -- they trusted a VPN which later coughed up all the subscriber information when the cops came knockin'.
>>
>>57185263
Thank you m8 for the answer... Well I want a solid foundation. And to begin with i've no background in science or shit
>>
>>57185279
Got any good writeups on the lulzsec stuff?
>>
>>57185368
The Story:
https://en.wikipedia.org/wiki/LulzSec
VPN:
http://www.securityweek.com/vpn-service-snitched-alleged-lulzsec-member
>>
>>57185279
Interesting. Are there any standards by which one can try to judge what a "good" VPN is? It seems impossible to tell if they'll sell you out or not.
>>57185336
What are your end goals? Your interests?
The first thing to understand about math, which is already a lot to handle for most, is that it is absolutely massive. It is as large as "science" as a whole is. Mathematics has so many subfields, abstract topics, and obscure definitions/methods that one simply CANNOT master all of mathematics (nobody does). Many people can master the basics (i.e. roughly a Bachelor's degree in math) but to truly dig deeply into any one subject, especially to the modern bounds of research, takes many years. Math is one of the few academic disciplines where graduate students don't jump right into research, simply because it's STILL inaccessible after years of studying. They still take classes and study a bunch.
This is not to discourage you, but to encourage you to first explore the math landscape. Get a feel for what exists. For example, many mathematicians consider basic set theory to be the common language for most applications (now debatable at some higher levels, but not an issue for you currently). However set theory is too boring without motivation to care about. Other major fields include analysis (calculus & more), algebra (linear, groups, etc.), and topology (like geometry but more flexible). These have quite a lot of terminology to them, but the important thing to try to understand is: what are the underlying questions people want to understand in any given area?
For example: at a beginner's level, analysis is the study of functions of real numbers. As you learn more, this understanding will mature and become abstracted, allowing greater flexibility. But the central questions do not change: i.e. measuring rates of change, averaging values of functions, etc.
I can try to go into more detail if you provide more info.
>>
>>57185498
>Interesting. Are there any standards by which one can try to judge what a "good" VPN is? It seems impossible to tell if they'll sell you out or not.
That's the dilemma :^)
>>
>>57185521
Oh no, every answer creates new questions!
Shall I go all out and ask about how Tor fits into this? Aren't they a VPN of sorts?
>>
This seems like the right thread to ask about ssh. Can it be used to connect to random websites like 4chan for privacy or only to your own private servers?
Thread posts: 19
Thread images: 2
Thread images: 2