DEV Community

loading...

Discussion on: What common programming concept has the wrong name?

Collapse
soatokdhole profile image
Soatok Dreamseeker • Edited

Not directly programming, but relevant.

In asymmetric cryptography, we have the terms "private key" and "public key". But the term "private key" is actually wrong.

  • Privacy is something you don't want the whole world to know.
  • Secrecy is something you don't want anyone to know.

Since what academics call a "private key" is something that you don't reveal to anyone else, the term "private" is wrong.

It should be, therefore, "secret key" and "public key".

The "private key" should, instead, be what you agree on with e.g. Diffie-Hellman. It makes more sense than "shared secret".

It also allows you to use sk and pk as variable names in cryptography APIs, instead of having to spell out pubKey and privKey since they both abbreviate to pk.

This is my weird hill okay?

Collapse
sinewalker profile image
Mike Lockhart

There are two hard problems in computing...

Collapse
earroyoron profile image
Ernesto λrroyo • Edited

Secret key is most used for simmetric schemas. I get your point, but I think using private-key is right.

The real epic-fail in cryptography is about the misused "certificate" term:

A certificate is just the public-key plus the proven subject (owner) of the certificate signed by a Certification Authority. The certificate has not the private key but we can find things like
"install the certificate in the web server to configure the TLS...." or "sign with a certificate"

Collapse
edwbuck profile image
Edwin Buck • Edited

Shared key and private key achieve the same goal, without stepping on the historical meaning of secret key.

Collapse
soatokdhole profile image
Soatok Dreamseeker

I get your point, but I think using private-key is right.

From A Cipherpunk's Manifesto by Eric Hughes (1993):

Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.

Thread Thread
earroyoron profile image
Ernesto λrroyo

Yes but... I can be wrong, I am not english native,... but I think privacy and private are not related , they seem to be but are indeed different and unrelated concepts, this is, a private key is not "something for keeping privacy" but "something for keeping confidentiality or secrets"...
Not sure at all about these...

Thread Thread
soatokdhole profile image
Soatok Dreamseeker

I am not english native,... but I think privacy and private are not related

Private is an adjective, privacy is a noun, but they refer to the same thing.

A private matter is one that requires privacy.

A secret matter is one that requires secrecy.