I'm writing a paper on encyrption for a software communications class which is due on Weds. After conducting a LOT of research, I'm still somewhat confused on a few issues.
1) For a asymmetric algorithm, which uses both a public and private key. Are these keys generated at the same time? I would assume two users would share their public key, and keeping their private keys secret. How are these private keys stored? In memory or on their hard drive? If in memory, how can the key be replicated when the comptuer is restarted? Also, if the key is stored on the harddrive, this leads to a major security risk.
I'm not encryption expert here, but from my own experience (using ssh on linux) both keys are created at the same time. Then you store the public on the computer you want to connect to and you keep your private key on your HD. When you try to connect to the other computer, it will check if the public key and private key match.
The private key being stored on the HD is not really a security risk since in theory only you can access your HD. So nobody can read the key.
In ancient times they had no statistics so they had to fall back on lies
it is a security risk, you have to take precautions if it is really a problem. what a lot of people do with the certificate authority servers, is just stick the hard drive in a safe. completely offline and secure.
Thanks for the info! The paper turned out to be pretty good, and it really didn't need to explain all the technical details perfectly since the prof is an artise...Now I just need to prepare for my presentation!
So, is there anything stopping a hacker to steal your public key over the initailization process of an SSH connection and generate a working private key?