Learn Why Keybase.io is Awesome!

Learn Why Keybase.io is Awesome!

It's likely you have never heard of Keybase.io, but I'm guessing that you soon will!

Most people don't understand or care about encryption, and that's fine. But, if you care, I'm going to cover a few basic concepts - in less than 500 words.

  • Public Keys
  • Malleable Encryption
  • Authenticated Encryption

With the recent success of Zoom and their recent purchase of Keybase... they're set to bring authenticated encryption to the masses.

Public Keys

Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.
  • The Public Key is used to encrypt a message that can only be read by the Private Key. You already use this technology every day. This website is encrypted with HTTPS!
Comic about HTTPS from howhttps.works

Look for https:// in your address bar anytime you send sensitive data!!!

Public Key Cryptography was first discovered by the British Government and kept secret until Diffie and Helman brought it to the public - a fascinating story!

Without this discovery the internet would not be very secure because all encryption would require sharing a key over a secure channel (like the US Postal Service).

whoami?

Keybase makes public keys out of everything, sortof.

My Keybase Identities

If you want to send me an encrypted message, but only have my Facebook, Twitter, Github, or whatever... you can use Keybase to send me a message using my Facebook name. And, if my Facebook get's hacked, I can revoke that link.  

ID Fraud has become a really big issue. So far, there is no silver bullet for authentication in our post modern technological civilization. But, Keybase will bring great gains.

You should be using a Password Manager as well. Regardless of anything else, please do that!!!

Two types of encryption

Encryption can be malleable (Signal), or not (PGP, Keybase). This not a matter of good, bad, or better - it's a matter of usecase.

Malleability is a property of some cryptographic algorithms. An encryption algorithm is "malleable" if it is possible to transform a ciphertext into another ciphertext which decrypts to a related plaintext.

Malleability == Changablity

Malleable Encryption, like in Signal, is great because it offers plausible deniablility, but that's not ideal for every use case.

Authenticated encryption (AE) and authenticated encryption with associated data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data.

Often, we want to proof that a communication happened exactly as we have it recorded. This has been possible for years with PGP, and Keybase now brings authenicatable communication to everyone!

If you are doing illegal things Keybase might not be ideal for you. The thought brings to mind when PGP encrypted communication with police led to the downfall of the Silk Road.

Techy?

Keybase uses Saltpack. If you already know about PGP you will enjoy reading about it.