WEBVTT - What is a digital signature? 0:00:00.160 --> 0:00:02.760 Streaming TV shows and movies directly to your home is 0:00:02.759 --> 0:00:05.560 a breeze with Netflix. As a Netflix member, you can 0:00:05.600 --> 0:00:09.040 instantly watch TV and movies on your PC, mac, mobile device, 0:00:09.160 --> 0:00:12.440 or television. Get a free thirty day trial membership. Go 0:00:12.520 --> 0:00:15.200 to Netflix dot com, slash stuff and sign up today. 0:00:15.840 --> 0:00:19.160 Welcome to Brainstuff from house stuff works dot com where 0:00:19.160 --> 0:00:29.840 smart happens. Hi, I'm our so brain with today's question, 0:00:30.320 --> 0:00:35.520 what is a digital signature? A digital signature is basically 0:00:35.560 --> 0:00:38.760 a way to ensure that an electronic document, like an 0:00:38.760 --> 0:00:42.880 email message, or a spreadsheet or a text file, is authentic. 0:00:43.360 --> 0:00:46.840 Authentic means that you know who created the document, and 0:00:46.920 --> 0:00:49.280 you know that it has not been altered in any 0:00:49.280 --> 0:00:53.760 way since that person created it. Digital signatures rely on 0:00:53.960 --> 0:00:58.640 certain types of encryption to ensure that authentication. Encryption is 0:00:58.680 --> 0:01:01.600 the process of taking all the data that one computer 0:01:01.720 --> 0:01:04.959 is sending to another computer and encoding it into a 0:01:05.040 --> 0:01:08.240 form that only the receiving computer will be able to decode. 0:01:08.720 --> 0:01:13.679 Authentication is the process of verifying that unaltered information is 0:01:13.720 --> 0:01:18.040 coming from a trusted source. These two processes were cand 0:01:18.080 --> 0:01:21.520 in hand for digital signatures. There are several ways to 0:01:21.600 --> 0:01:25.600 authenticate a person or information on a computer. The most 0:01:25.680 --> 0:01:28.840 common way is to use some kind of password scheme. 0:01:29.400 --> 0:01:32.440 The use of a user name and password provide the 0:01:32.480 --> 0:01:36.360 most common form of authentication. You enter your name and 0:01:36.480 --> 0:01:39.720 password when prompted by the computer. It checks the pair 0:01:39.760 --> 0:01:43.280 against the secure file to confirm. If either the name 0:01:43.400 --> 0:01:46.279 or the password don't match, then you're not allowed further 0:01:46.400 --> 0:01:50.600 access to the document. Many text editors, like Microsoft Word 0:01:50.680 --> 0:01:54.840 offer this feature. You simply encode the document before you 0:01:54.880 --> 0:01:57.480 send it, put the password on it, and then the 0:01:57.680 --> 0:02:00.520 recipient who you tell the password to, the only one 0:02:00.560 --> 0:02:05.040 who can read that document. The second idea is a checksum. 0:02:05.080 --> 0:02:07.920 It's probably one of the oldest methods of ensuring that 0:02:08.040 --> 0:02:12.400 data is correct, and checksums also provide a form of authentication, 0:02:12.560 --> 0:02:16.440 since an invalid checksums suggests that the data has been 0:02:16.480 --> 0:02:19.880 compromised in some fashion while it was being sent. A 0:02:20.040 --> 0:02:23.239 checksum is determined in one of two ways. Let's say 0:02:23.280 --> 0:02:26.640 that the checksum of a packet is one bite long, 0:02:27.000 --> 0:02:29.120 which means it can have a maximum value of two 0:02:29.520 --> 0:02:32.640 fifty five. If the sum of all the bites in 0:02:32.680 --> 0:02:35.080 the packet is two fifty five or less, then the 0:02:35.200 --> 0:02:39.160 checksum contains that exact value. However, if the sum of 0:02:39.200 --> 0:02:41.519 the other bites is more than two D fifty five, 0:02:41.880 --> 0:02:45.080 then the checksum is the remainder of the total value 0:02:45.120 --> 0:02:48.280 after it's been divided by two D fifty six. Another 0:02:48.400 --> 0:02:53.160 technique called a CRC or cyclic redundancy check, is similar 0:02:53.200 --> 0:02:58.240 in concept to checksums. Neither checksums or CRCs really provide 0:02:58.280 --> 0:03:00.720 any protection of the data. They just tell you that 0:03:00.800 --> 0:03:03.440 it hasn't been tampered with as it made its way 0:03:03.480 --> 0:03:08.480 to your computer. Then there's private key encryption. Private key 0:03:08.560 --> 0:03:12.320 means that each computer as a secret key or secret 0:03:12.400 --> 0:03:15.520 code that it can use to encrypt a packet of 0:03:15.560 --> 0:03:18.680 information before it's sent over the network to the other computer. 0:03:19.400 --> 0:03:22.960 Private key requires that you know which computers will talk 0:03:23.000 --> 0:03:25.480 to each other and install the key on each one 0:03:25.520 --> 0:03:29.000 ahead of time. Private key encryption is essentially the same 0:03:29.040 --> 0:03:32.240 as a secret code that the two computers must each 0:03:32.440 --> 0:03:36.040 know in order to decode the information when it arrives. 0:03:36.560 --> 0:03:39.840 The code would provide the key to decoding the message. 0:03:40.280 --> 0:03:43.240 Your friend gets the message and then decodes it. Anyone 0:03:43.280 --> 0:03:47.160 else who sees the message will see only nonsense because 0:03:47.160 --> 0:03:50.920 they don't have the key. Then there's public key encryption. 0:03:51.400 --> 0:03:54.960 Public key encryption uses a combination of a private key 0:03:55.000 --> 0:03:58.120 and a public key. The private key is known only 0:03:58.160 --> 0:04:01.800 to your computer, while the public key is given by 0:04:01.880 --> 0:04:05.400 your computer to any computer that wants to communicate with it. 0:04:05.840 --> 0:04:09.640 To decode an encrypted message, a computer must use the 0:04:09.720 --> 0:04:13.680 public key provided by the originating computer and its own 0:04:13.880 --> 0:04:18.680 private key, and then there are digital certificates. To implement 0:04:18.800 --> 0:04:21.640 public key encryption on a large scale, such as a 0:04:21.800 --> 0:04:26.400 secure web server might need, requires a different approach. This 0:04:26.480 --> 0:04:30.320 is where digital certificates come in. A digital certificate is 0:04:30.400 --> 0:04:33.440 essentially a bit of information that says the web server 0:04:33.680 --> 0:04:39.080 is trusted by an independent source known as a certificate authority. 0:04:39.120 --> 0:04:43.560 The certificate authority acts as a middleman that both computers trust. 0:04:44.000 --> 0:04:46.760 It confirms that each computer is in fact who they 0:04:46.800 --> 0:04:49.720 say they are, and then provides the public keys of 0:04:49.839 --> 0:04:54.359 each computer to the other. The Digital Signature Standard is 0:04:54.520 --> 0:04:58.200 based on a type of public key encryption that uses 0:04:58.320 --> 0:05:03.000 the digital signature out gorhythm. The Digital Signature Standard is 0:05:03.040 --> 0:05:06.200 the format for digital signals that's been endorsed by the 0:05:06.279 --> 0:05:10.919 US government. For more on this and thousands of other topics, 0:05:11.080 --> 0:05:13.479 visit how Stuff Works dot com, and don't forget to 0:05:13.520 --> 0:05:15.360 check out the brain Stuff blog on the house stuff 0:05:15.400 --> 0:05:17.920 works dot com home page. You can also follow brain 0:05:18.000 --> 0:05:21.320 stuff on Facebook or Twitter at brain stuff hs W. 0:05:25.040 --> 0:05:28.359 Audible dot com is the leading provider of downloadable digital 0:05:28.400 --> 0:05:32.080 audio books and spoken word entertainment. Audible has over one 0:05:32.120 --> 0:05:35.000 hundred thousand titles to choose from to be downloaded to 0:05:35.040 --> 0:05:38.560 your iPod or MP three player. Go to audible podcast 0:05:38.680 --> 0:05:41.040 dot com slash brain stuff to get a free audio 0:05:41.080 --> 0:05:43.480 book download of your choice when you sign up today.