I have been doing a lot of thinking about public key cryptography lately.  It is a topic that a lot of people don’t understand, even those with a technical bent.

Every time you connect to a secure site a lot of stuff, there is a lot going on in the background.

Myth 1: As long as things are encrypted, I’m secure.
This one is kind of obvious, but I bring it up to help point out a problem I see all the time.  People focus on the encryption part of TLS without realizing that public key crypto does more for you besides encryption.  The other major thing that you get with public key crypto is authenticity(verification that you are talking to who you think you are taking to).  If you are securely communicating with an attacker, you are not communicating securely.
Read Full Article