6. Asymmetric Ciphers
In this video, I’m going to be talking about Asymmetric encryption. Now, asymmetric encryption is where you’re going to use two keys, a public and a private key, in order to do the encryption and decryption process. This is in contrast to symmetric encryption, where you use one key to do both encryption and decryption. In this one, we’re going to use two keys in order to do those encryption and decryption encryption process. Now, you have to understand how this thing works.
This can get a little tricky. So in the asymmetric realm, everybody in the room that’s using this type of encryption basically has a public and a private key. And in order to encrypt data, we’re going to use these public and private keys. So here’s how this is going to work. I’m going to draw some diagrams to make it easy. All right? So let’s go back here to my diagram. I’m going to have Andy, and I’m going to have Mary. My handwriting is horrible, right, guys? I keep telling you that. This whole video of course, I’ve been telling you guys that. And I’m going to have Bob. Okay? So we get Andy. We got Mary, we got Bob. Now, in the world of asymmetric, everybody has a public and a private key. Public and a private key. A public and a private key. So everybody has public and private keys, basically. Now, here are the rules that you need to know. Yes, everybody has public and private key pairs. Here are the rules. When you encrypt data with your public key, only your private key can decrypt it. When you encrypt data with your private key, only your public key can decrypt it. In other words, both keys can encrypt and decrypt, but one at a time. Now, you got to remember how this works.
These two keys are mathematically linked to each other. So when one encrypts, the other one decrypts. The public key is called public, because you’re going to give this key to everyone in the world. The private key is key private because you never give it out to anyone in the world. The private key should stay secret. The public key is what you give to everyone. So let’s say I have the public. Let’s say I have my own public private key, and you want to send me data.
So I’m going to say, let’s say your name is Bob. I’m going to say, hey, Bob, you want to send me some data? Here’s my public key. So you encrypted data with that public key. Then who can decrypt it? Only me. Because if you encrypt data with my public key, the only thing that can decrypt that data is my private key. So in this type of encryption, you have to remember, if you encrypt with your public, you can decrypt with your private. But remember now you could encrypt with your private, and then only your public key can decrypt it. But why would you want to do that. So there’s two things here at Play confidentiality and non repudiation, right? Let me explain. So let’s say you want to send me data. So what you do is you want to send me, let’s say, the answers to the test.
You got you want to send me the answers to the test. I’m going to say, hey, here’s my public key encrypted. So you encrypt it. You send it to me. I decrypt it, okay? Now I have it. No one in this room could have read the data as it was traversing the network to me because no one had my private key. But remember something. Now, if I encrypt data with my private key, then who can decrypt it? Did you guess? Yes. If you said everyone, you’re right, because the public key is given to everyone. But what purpose would that serve? Well, it serves a purpose of basically non repudiation, because now all of you guys know it came from me, and you guys are 100% sure it came from me. Non repudiation authentication, because now I can authenticate to you.
I could say, hey, that really did come from me, because you’re using my public key to decrypt it. So you remember you could encrypt with your private key, and then you’re going to decrypt your public. If you encrypt it to public, you decrypt with your private key. Don’t get decent fuse. Let’s take a look at a diagram. I know I’ve been talking there, but let’s take a look at diagram maybe. I want to make sure we drill this in. So let’s say I have data. Let’s say data set one. This is the answers to the exam. So I’m going to say, hey, Mary, I want to give this data to Mary, right? Not to Bob. We never want to give data to Bob. Say, hey, Mary, I want to give you the answers to the test. Mary says, okay, Andy, here’s my public key. So I take her public key, and I’m going to encrypt this data, and then I’m going to send it to her as cipher text. So, look, if Bob is sniffing the line, right, if Bob is sniffing this line here, what does Bob see? The first thing Bob sees the data is the keys being transferred. He sees Mary key going across the line. The next thing he sees is ciphertext, right? So there’s no plain text here. Okay, so Mary receives the cipher text. Then what? Then Mary remember, I encrypted with her public key. Then Mary decrypts it with her private key. Now she has the data set one. So this is basically the way that this type of encryption works. Now, the bad news is the real bad news is it’s not really, because there’s more to this.
We have to incorporate some metric keys in another video. We’ll talk about hybrid encryption. But for now, let’s just say this is the way it works. We’re going to build on this. I just need you to understand the concept of how these public private keys work. And if you’re wondering the math behind it, don’t worry with that. Not for this class. I do teach a class in cryptography at a college like Math cryptography. If you’re wondering how do you know someone cryptography, I teach a math class and this thing. But for now, just know this is how it works. Also for your exam, you’re going to want to know some of the algorithms that does this. Let’s take a look.
So some of the algorithms that are going to basically be asymmetric algorithms, and you need to know these for your exam, okay? You need to know that these are asymmetric algorithms. The exam is not going to go into the specifics about them. Like, this is an RSA. RSA is a very famous this RSA is going to be the most famous asymmetric algorithm, but followed by the deputy Helman. And the elliptic curve are going to be some of the most famous ones asymmetric algorithm. RSA is used on certificates today. So if I pull up like how do we pass symmetric keys around? So if I go to Amazon, here’s the Amazon site and I go to certificates, this is the Amazon certificate here.
And I’m going to go to details. And here’s the Amazon’s public key. And you notice this is an RSA public key. Okay? So certificates are ways to pass public keys. We’ll get to Certificates and PKI later in the class. But certificates are ways to pass public keys. So is the elliptic curve. Now, I did notice that some website uses elliptic curves. If I go to Wikipedia, for example, and we look at their certificates, you’ll notice that they have an elliptic curve. You see how it says ECC? This is the elliptic curve public key. But I do want you to notice, notice how small the bit strand is.
This is a 256 bit versus the RSA key that we saw on Amazon of a very large key size. See, this is 2048 bit. The elliptic curve is based on a different math, and because it’s based on a different math, it doesn’t require such a big key size in order to provide the same strength as RSA in the world of cryptography. And liptic curve is very quick, uses a smaller key size. RSA though, is still more popular when it comes to doing encryption in today’s world. But just remember, for your exam with the curve is a viable option to RSA, although we see less and less usage of it, I think.
But an RSA is the dominant in all of the asymmetric encryption today. The others that we have here is very popular also is the DeFi Hellman. The DeFi Hellman is a key exchange protocol. The Defihelman is an asymmetric algorithm that was mostly used just to pass symmetric keys. It’s still a very famous algorithm that is out there. The DeFi Hellman algorithm was one of the first. Asymmetric algorithm. I forgot. The two guys named Martin Hellman, I think, was one of them. Martin defend one of them. Those guys then, that created DeFi hellman was known to be one of the first Asymmetrical pioneer. This invention of asymmetric encryption. Now, I do have some others here that maybe, maybe not for your exam. Algamel was one of them. The DSA and the Knapsack. The DSA we’re going to talk about later, but this does use Asymmetric encryption in it. The list here of asymmetric encryption algorithms that you should be familiar with for your exam. Notice I didn’t put any bit size because they come in variety of different bits. Like RSA comes in ten 242-048-4096 bit encryption. Okay, so this is asymmetric encryption. Let’s keep on moving to the other forms of encryption.
7. Hashing
In this video, I’m going to be talking about cryptographic hashes or Hashen. So what exactly is a hash? A hash is basically a cryptographic function that is performed on data in order to produce what is known as a hash, also known as a digest or hash. Some, most people call it digest or a hash. Hashes. Hashen. Basically, it basically represents the data. Now, there’s a couple of things to know about hash. It’s a one way function. In other words, you cannot take the hash and go back to the plain text.
There’s no keys and it does not provide confidentiality. You must remember this for your exam. Hashen is about integrity, not confidentiality. Hashen detects data modification. It does not encrypt data. So any question that talks about all the data is modified. What can they use to detect the modification? Because the hacker broke into it. Hashen is the answer. But some kind of hash and algorithm, which I’ll show you guys in a few minutes. I want to show you guys how Hashen works. And we’re going to use a hashing algorithm such as MD Five.
Now, you saw me use this when we talked about passwords, because passwords are hashed. Let’s take a look at a hash data hashing algorithm at work. So I’m going to type a message. This take off my caps lock. This is my message to you. Now, I want you guys to notice, oops, I put an extra space here. Watch what happens when I delete the space. Watch the hash at the bottom. So if I go and I delete the space, you notice the hash changed. This hash is basically representing this message. So when this message changes, this hash will change. If I go in here and I say, I hope you guys pass your exam, you notice every single time I was typing, the hash was consistently changing.
What is hashing about the text modification. So let’s say somebody breaks into your network and they modify your message, but you have a hash of it. So you know, this hash that ends in this hash represents this mess. Somebody breaks into the network and say, I hope you guys don’t pass your exam. So what happens now is you notice it changed, right? That’s not my message. My message ended in nine one O E or something like that. I forgot already. So what happens when you get old? But it changed completely. So if somebody goes back in there now, we remove that it hash should come back right where it was. So what is hash and doing? It’s basically detecting data modification.
That’s all it does. Now, the other thing here I want to mention is there are different algorithms that does this. And the other algorithms supports bigger hashes and smaller hashes. For example, one of the most famous one is Shot 256, the secure hashing algorithm, Sha. Here you go to Sha 256. And I’m going to type in a message. This is my message in there. There you go. You can see that this is just a bigger hash. In other words, this is 256 bits versus 128 bits. All right? So you get 256 bits, 128 bits. The 512 one I have here, this one is very large. Look at how big that is. I think you guys can see that. You’re probably going to see that. But it starts all the way from here because it’s 512 bits. Now, why does these bits matter? And why is it so important? Why are there so many different hashing algorithms? And this is going to bring me here to hashing algorithms.
So before I get into that, I want to talk about these bit size. So let’s talk about Hashen. What did you see? You saw hash of data. Now, hashing, by its rule, by its definition, can take data of any length. I’m talking a few sentences to files, to folders, and it creates cryptographic hashes of depth. If the files are modified or the folders are modified or whatever it is, the hash will tell you that. Now, the thing to remember about this is that it takes data of any length and it outputs to a fixed length hash, right? It takes data of any length and it outputs it to a fixed length hash.
Now, what does that mean? Well, that means that we could take data from 1 millions and millions and millions of bytes. That’s not a lot, right? That’s just a couple of megabytes. You can get terabytes, 5 billion terabytes, whatever it is, it’ll always produce a fixed length hash. Remember this data modifies, the hash modifies. Now, there is something very important I want to talk about this. It’s something called hash collisions, which I’ll talk about in a minute, all right? But the bigger the length of the hash is, the more the less likely you have collisions.
So collisions is when, notice term for your exam. Hash collisions occurs when two different messages produces the same hash. All right? Remember that for your example. Collisions, two different messages produce the same hash. Now, it’s a probability of that happening, but remember the way hashtag works. It’s data of infinite length to data to hash, a fixed lens hash. Now, how many hashes can you have? Well, with MD Five, you had 128 bit, which means there were two to the 128 bit number of hashes. If you remember from the symmetry, we were talking about algorithms, video two to the one two, and it’s a giant number. So what’s the probability that your data, two different data, produces the same hash? It seems small, but it’s actually very probable, especially on MD Five. That’s when you shouldn’t use MD Five.
There is an attack that I want to mention to you guys called a birthday attack. And I’m going to explain to you why that’s important in a minute. But just remember, collisions is basically when two different messages produce the same hash. That sounds like it’s not probable, but the world of statistics says it actually is. Let’s take a look at this table here that I have.
You guys take out a pen and paper and make some notes on this. Make sure you know that these are hash and algorithms. Realistically, in today’s world, we really shouldn’t be using things like MD Five, MD Two. These are different hashing algorithms. What we should be using, maybe H Mac is fine. Not even sha one. All right? We should not be using these. We should be using things like shot. This is known as Shar Two. Shot tension secure hash algorithm. Shot two comes in 256, 34, or 512. We saw the 256 one. This is a very famous one. If you look at certificates. Now, I know we haven’t got the certificates yet, but when we get to it, you’ll see why. But you notice this signature hash algorithm, shot 256, that they’re using on these certificates. Okay? So we’ll come back to that there in a little while. Okay, so shot 256 is basically the standards of almost all hashing algorithms that we use today. There are others that we’re not mentioning here, but these are basically the main hash functions that are going to be out there. Now, what I did want to talk to you guys about today is an attack against passwords.
It’s called a birthday attack. Why did he bring that up now? Because in order to understand a birthday attack, you need it to understand hash. That’s why we bring it up now. Make a note of this. What exactly is the birthday attack? A birthday attack is when you have two different messages that produce the same hash. Write a hash collisions. The birthday attack tells us what’s known as the birthday paradox. The birthday paradox is basically, if you put two people, if you put 30 people in a room, or you put a certain number of people in a room, what’s the probability that any two people have the same birthday? Let me ask you a question.
If I put 30 people in a room and 30 random people put them in a room, what’s the probability that any two people have the same birthday? Now, you’re probably thinking to yourself, not a lot. I mean, it’s probably 1%, 2%, 100%, 80%. What do you think it is? So the birthday paradox tells us that this number is actually pretty high. I’ll show you guys what I mean. So most of you guys, most people that I ax will say 1% or less than a percent, right? Because remember, you got to get 30 people. You got to get 30 people. You’ve got 30 people. It’s probably two of them now has the same birthday. Not a year, just a month in the day. The birthday attack.
This is a real thing, the birthday attack. I’m going to zoom in on this and make this a lot easier to read. This is a Wikipedia article that’s showing us this. The number is actually 70%. So it says, consider a scenario where the teacher has a class of 30 students and they ask everyone for their birthday to determine the same birthday. This may seem small if the teacher picked a specific date, that’s about 8%, but that’s not what I’m asking. However, the probability that one student has the same birthday as any other is actually 70%. 70%? Yeah, that’s a pretty big number.
So what does that mean? You’re probably thinking, what does that have to do with passwords? Here’s why the Birthday Attack is nothing to do when people are born, it’s just 365, two people in a room. It’s just the way the statistics work. That 70% likely. By the way, when you hit about 60 people or 64, 65 people, it’s 99%. It’s actually something called the Birthday Attack calculator. Check that out online. So what does this have to do with passwords? Well, one of the password attacks I didn’t cover in Data Attack section was called Birthday Attack. And Birthday Attack is really not something that you can really do about you can just use a bigger you can use a bigger hash.
An algorithm supports a bigger hash. So let me explain how this works. So Birthday Attack basically specifies that I don’t need to guess your password. I just need to guess a word that has the same hash as yours. Remember, hash collision is when two different messages produce the same hash. So let’s say your password is car and I want to break into your computer. So what I do is I come and I type van V-A-N. Boom, logs me in. But what just happened? How is Van logging me in as you? And your password is car. So you come back and you say, I’m going to log in, and you log in a car and I log in and use van. Notice how car and van is now producing the same hash? That’s the birthday attack. You see, the Birthday Attack basically says, we don’t need to guess your password, we just need to guess a word that has the same hash. Now if you’re using MD Five, you’re in trouble because MD Five has a lot of hashing. MD Five is subject to the birthday. It is subject to collisions. So what you want to use is use a bigger hash, right? You want the birthday attack to go down.
Don’t have 365 days in a year with birthdays. Make it 3000. Then the 70% would have gone down a lot. So basically, instead of using a small hash of 128 bit, use a giant hash of 256 bit would have really to defeat the collision on a hash function. Okay, so that is the Birthday attack. This is what hashtag is all about. Hopefully you found this interesting, right? See, cryptography I thought was pretty interesting. Let’s keep going.
8. Hybrid cryptography
In this video, we’re going to be talking about hybrid cryptography. And what I’m about to teach you is going to be pretty exciting at the end when you see where it all adds up to. Yes. It’s pretty exciting stuff. Cryptography is really good stuff. Let’s get started. Right. So hybrid cryptography is how I’m going to combine symmetric and asymmetric encryption to create the perfect encryption system that we use today all around us. And you’ll see where? At the end of the video. But here’s what it basically is.
We’re basically going to use asymmetric keys to transport symmetric keys because symmetric keys is good at encrypting data and asymmetric keys is good at moving keys around or moving data across networks. Remember, the problem with symmetric encryption was that getting the symmetric key to the intended recipient was the difficult part. But asymmetric solved that problem very easily with his public private key combination. Now, I’m hoping you watch the symmetric and asymmetric videos before watching this one because you need to know that before you get here. So basically what we’re going to be doing is we’re basically going to be encrypting our data with symmetric keys and then we’re going to use the asymmetric keys to move the symmetric keys. Did you get that? Listen Again.
We’re going to be encrypting data with symmetric keys and then we’re going to be using asymmetric keys to pass those symmetric keys. It’s best shown with a diagram. And then you’ll see then you’re going to say that’s how that works at the end of the video or more towards the end of him. So let’s go back here. To me, Andy. And I’m always talking to Mary. You guys are probably seeing. His wife’s name is probably Mary. Not really, but me and Mary always together.
So here’s the deal. I have data set one. I have data set one. What’s data set one. The answer is to the test. I only want to give it to Mary. So here’s what I do. I’m going to use this hybrid system. I’m going to combine symmetric and asymmetric into one system. Now. So Mary has her public and her private key. So here’s how this works on my computer. I am going to generate a symmetric key. This symmetric key is going to be called a session key. All right. I’m going to generate a symmetric key. And this here is going to be like an AES key. Okay? Just know it’s. AES and these keys that Mary is using here. All right. Legislator RSA keys.
So I remember we’re using two of the famous ones here. AES and RSA. Okay. So I generate a symmetric key and I say, hey, Mary, I want to send you some data. Mary, can you send me your public key? So Mary sends me her public key. But instead of encrypting the date, here’s what I’m doing. I’m going to encrypt that symmetric key, and then I’m going to send it back to Mary as Watt Ciphertext. Mary then uses her private key to decrypt that cipher text. And now she has the symmetric key. So remember, the public and private key was only used to encrypt that symmetric key. Why is that? You see, the problem with asymmetric encryption is that it’s very, very slow. It has a lot of benefits, but it is very slow.
Asymmetric encryption is not used to encrypt data. Really? Why? Because the encryption is too slow. Because the the size of the keys are very big. RSA is a giant key size 2048 bit massive numbers. So we’re basically using the asymmetric to transport the symmetric key. Now, for the rest of the communication session, me and Mary, we’re just going to use that symmetric key. Watch what happens now. So I want to pass data to Mary. Now data has, mary has the same symmetric key. I’m going to encrypt this data and I’m going to send it to Mary. Mary receives this as cipher text.
She then uses that symmetric key to decrypt this. Now she has the data set one. That’s it. Let’s say Mary wants to send me back a message. So Mary wants to tell me thank you for the test answer. So we call that data set two, right? Data set two basically says thank you in it. Mary encrypts that with the same symmetric key, sends it to me as ciphertext. I received the cipher text. I’m going to use the same symmetrical key to decrypt that. Now I have data set too.
So in this scenario, all communication now between Andy and Mary, between me and Mary, is all done using the symmetric key. So you guys can watch me do it now. Okay, look, there’s me and there’s Mary right over there. Okay. There’s me and Mary. Actually, the camera guy is over there watching me and you, okay, standing right there. So me and Mary, here’s what we’re going to do. Hey Mary, I want to send some data. Can you send me your public key? So Mary sends me the public key. I quickly make a symmetric key on my computer.
I then encrypted with her public key and says, hey Mary, look, I encrypted this with your public key. Then I give it to Mary. Mary then takes her private key and decrypts it. Now she has a symmetric key that I created, because I have the symmetric key too. Now anything that she wants to send me and I want to send her, we’re going to use that symmetric key. Basically, once the asymmetric keys, the public private keys had passed that symmetric key, it didn’t serve any purpose any more. Other than that, its job is done. Now all the data communication between me and Mary is basically going to be done using the symmetric key. So hopefully you got that.
If not, watch the video again, replay it, make sure you understand it. Now, would you guys like to see this in practice. Would you guys like to see that in practice? Sure. Okay, you guys are probably saying, yeah, let’s watch that in practice. I know you guys want to see this in practice. I know taught this class enough time. When I say you want to see this in practice, I’m going to show it to you. But it goes really quick, okay? So you got to have a quick eye on this. All right? So to see this in practice, I’m going to open a browser and I’m going to go to Amazon and I’m going to press Enter. OK, that’s it. Did you see it? That was it. Did you see that? Did you see all those key exchange now? I didn’t see anything. Okay, so what I just explained to you was the TLS handshake, the TLS SSL is based on the usage of hybrid cryptography, right? So for this to work in the scenario that I explained to you, it really is me, but it’s not Mary. You see, in this scenario, Mary is actually Amazon. Mary is Amazon. A-M-A-N-A-Z-O-N my spelling again. Okay, so me and Amazon. So this is exactly what happens when I go to Amazon. When I want to set up an SSL session. I’m going to say, hey Amazon, I want to set up a session with you.
Can you send me a notice how Mary had to send me a public key? How does Amazon send me their public key? Where is the Amazon’s public key? The answer is right here in this certificate. Remember this thing? Certificates. You see, if I go here and I go to details, this is the Amazon certificate. So here’s what’s really happening in a nutshell, okay? In a nutshell, here’s what’s really happening when I go to Amazon, amazon basically sends me their certificate with their public key. I’m going to verify, which we’ll keep for another video, how this all works, how to hold that says just know for now they send me their public key with the certificate. I have to verify it.
We’ll talk about that later. So I get the certificate. Public key. I’m going to generate a symmetric key, a session key. Key. Remember, for your exam, symmetric and session keys are the same thing. I’m going to generate a symmetric key. I’m going to encrypt it with this public key, and then I’m going to send it over to Amazon. Amazon then decrypts it with their private key. Now they have a symmetric key and I have a symmetrical key. Now all communication, all communication is done between me and Amazon, including sending this web page to my browser. Encrypted with that session key. When I want to send my username and password, I encrypted the session key.
When I want to send my credit card and stuff, encrypt session key. Amazon wants to send me search results and order information. Send my session key. So this is basically what’s known as the SSL. Handshake in a nutshell, is really what this is. I’m going to come back to this a little bit later when I talk more about certificates and so on, but this is the concept of what is known as hybrid word cryptography. All right. Hopefully you found this interesting. Hopefully you find this whole encryption thing interesting. Let’s keep going.