Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
23

Video Transcription

00:01
I welcome back to the course. So in the last video, we went over some basic cryptography terminology. We also talk about government access to keys, and then we started in on our different encryption algorithm. So we wrapped up that video with RC four R c five RC six, which are the river ciphers. Now, if you haven't watched you go in, pause this video, go back to that one because we're going
00:21
through these in a step by step ordered.
00:23
So in this video, we're gonna wrap up our discussion on different encryption algorithms, and then we're gonna talk about some hash.
00:30
So one of the changes with the newer version and again Easy Council's not Colin it at new versions anymore with the anti accreditation that they have now. But most people in industry just call it every time they come out like new content or or like, exam content seems to change. Everyone's just gonna keep calling a different versions, etcetera. So I'm gonna keep calling aversion 10 if
00:50
Ben Calder that throughout this course that's what's comin
00:53
in industry. But this this year to fish is one of the changes that they've made. So, uh,
00:59
This is our first actual change. So this is on the new content here.
01:03
So two fishes of symmetric block, cipher block size 126 as we've seen with other ones and then the key size up to 256 bits
01:12
and then ah kee dependent on s boxes. So we're not gonna really dive into what s boxes are. But just know that they help obscure the relationship between the actual key and the cipher. So that's kind of the purpose of the next block.
01:25
I mean, if you guys don't know Grumpy cat do a quick Google search, I think there's even I think there's even a movie. I want this little cat with a little grumpy face.
01:34
So de ESA or digital signature algorithm. So there's two phases here to the key generation. It starts off with a lonely to choose the algorithm parameters, and then those were shared between different users and then face to you, there is going to compute the public and private keys for each individual user.
01:49
You might have heard about this in the media. Back in, I think it was 2012. The Sony PlayStation
01:55
three the little hack. And basically what this fail overflow hacker group did is a published information about how you could bypass Sonny's signature here that they were using for their software signature.
02:08
So Sonny was using a form of the D S, A. So basically elliptical curve. So you regional elliptical curve algorithm.
02:17
RC stands for Rivest, Shamir Edelman. That's an asymmetric form of encryption. So I've got a little example here. So basically, let's pretend that I'm sending you something and you're receiving it, right? So So I contact you first and you share with me your public keys. You're like, Yeah, here's my Here's my public heat
02:36
and that for me. I take whatever message I want to send you with the information. I'm gonna encrypt that with your public. He
02:42
now that I'm gonna send it to you,
02:44
and then what you do is you have your personal private key, right? So that's your secret key that nobody knows about. And then what you can do because that's your public. He so when I send that to you, you're gonna go ahead and you're gonna decrypt that information with your private keys. So only your private key can decrypt that information. And then you could see my message if I try to decrypt it
03:01
with my private key is not gonna work right. So
03:04
again, just keep that in mind. The public hears something shared. We both know about it. And then the private key is something that only you know,
03:12
Diffie Hellman. That's another change for the material. So this is the new portion on the exam. You might see this Test it on there.
03:20
So I'm gonna explain this was with a screen shot here I found on the Internet. And this is basically a paint example. So it helped me understand it when I was and I should I study Diffie Hellman on the I took version nine of the GAM when I studied that for that because I thought I might need to know it. So it's actually cool that they're coming out with that because I already know. It's so good deal.
03:38
Anyways, I'm digressing there a bit,
03:40
but
03:42
here, we're gonna do kind of a pan example so you can understand the concept behind it. So you'll when you see it on the exam. If it's tested a little more in depth. You'll know what we're talking about.
03:51
So we got two people here. Alison, Bob. So they both pick a common paint colors. So with this example, they're gonna pick yellow. They say, All right, this is our common culture we're going to use. And then what they do is they go mix that yellow with their their secret color. So they each pick their favorite color, whichever color that is, and they mix it with their secret color. So that's what we see here. And then we have that output there.
04:10
So Alice is Alice mixes a yellow in the red, she gets kind of, ah, like a light, brownish looking color there. And then Bob mixes the yellow with what looks like kind of a green or a teal color, and he gets a blue as his final product.
04:21
Then what they do is they exchange those cans of paint. So, Bob, after he mixes, he gives us the chalice. And then Alice. After she mixes, she gives her can of paint Bob.
04:30
And then what they both do is a mixed at that new can of paint with their secret secret color. So again, Alice mixes that new can of paint with her red. And then Bob mixes that new can of paint with his kind of green or teal whatever color that is there.
04:46
And then what they both end up with is they both end up with the exact same color of painter there can write. So they've got that common paint, and the reason they get that is because Alice mixed her. Alice mixed a common paint with her secret color, and then she gave it away to Bob,
05:00
and then Bob makes his secret color in. So it's all that same stuff. That right, they're combining all their colors.
05:06
And there were bobbed as he makes his,
05:09
you know, the common color that yellow with his secret color. And then he gave that to Alice, and then she did it. She added her secret color. So both those cans of paint now contained Alison Secret color
05:19
Bob Secret color and then also the common color that yellow they talked about. So you'll see here at the bottom. That's the common secret color. So if we think of the context of a key, that's a secret key that they're ending up with because you're agreeing upon all these things. They're swapping the information on the cans of paint so that they can add their secret key again
05:39
to get a common key that they can use for the communication.
05:43
So hashing is what will move into next so empty five, which we're actually gonna do a lab on a little later in the section on. And we we touch on some images there with with MP five. When you talk about that, it's a weaker thing. We'll talk about in just a second,
05:56
uh, shot our secure hashing algorithm, right? M d Dash 1 60 So that's in addition for this newer content for the sort of political hacker Sam, and same with H Mac, which will talk about as well. That's a newer addition. Thio this version of the material
06:12
So MD five or Message Digest function 28 value and and one of the issues that were collisions can occur. Non identical messages can actually have the same hatch value. So that's where the That's what the collision basically means, like right, you know, because traditionally, with a hash, it shouldn't I shouldn't be able to like put, you know,
06:30
two different finals in and get the same actual output.
06:33
I shouldn't because it files a different right. So you know the five sides with file content, et cetera. They're different files, so I should get different things each time. But with us with the, uh with MD five there is at risk of those collisions. Where I may put in two different values in my output is exactly the same.
06:50
So here's a guy screenshot here, but again, we're gonna go over that in the lab of what it looks like. You'll be able to do some hands on and you'll you'll understand it a lot better when you conduce things. Hands on
07:00
shots, we got secure. Hashing algorithm is actually three different ones of this most most places. We're moving away from shot one. They should be a shot, too. And with that, it should be the 256 bit. And then you might see occasionally shot three out there as well. So Shahwan basically has 100 60 bit hash value.
07:17
That's something you'll want to just memorize for your
07:20
certified ethical hacker exam. Just remember, shot 168 bit. You'll be good to go shot to. Probably what you might see tested is that either to 56 or 5 12 bits just keep both of those in mind that has both of those on and then shot three. I don't remember that really being covered in
07:39
two in much death. And conversely, I can't tell you what's on the exam, but
07:42
a star is like study material. Remember? Shot three really being covered and stuff. I was doing a mike CM. So I don't know that the updated the exam to that extent where you might see that one tested. But just know the differences between all these. So shot 160 bit shot 2 to 56 or 5 12 bits on the shot. Three does 5 12 it,
08:00
but it also offers a sponge construction. So the way sponge construction works, in a nutshell, is think of it like a sponge, right? So then I turned on by water faucet and basically, you know, essentially putting in, you know, any amount of data, right? Or any amount of water in the sponge. Like, no matter what, this pond is still gonna get water on it until I turn the faucet off.
08:18
And then what the sponge allows me to do is that I can from there I could squeeze out any amount of information or any amount of water I want, right? So I could just take the end of the spines of Little Corner and squeeze it. And then I just get a little water out where I can ring it with both hands. You know, I could bring that sponge and squeeze it and get most of the water out. So it's variable, right? Depending on how I squeeze that sponge,
08:37
I'll get different outputs
08:41
right then me m d Dash 1 60 So again, this is one that's added to this newer material that stands for race integrity. Primitives Evaluation, Message Digest. You know, say that five times fast when you've had a few drinks and then it's 160 bits.
08:56
So it basically, you know, like like most like most things that we want with a hashing algorithm. It offers that avalanche effect behavior. So all that means is that if we change like one character so you here we see here everything's the same in our little sentence except for we change dog Takagi and it should give us a totally different output. You shouldn't have any of that
09:16
original hash India. In the
09:18
second output, we get
09:22
H. Max dance for hash based message authentication code s. So basically it offers a cryptographic hash function and a cryptographic key. So advantage, it offers integrity and the authentication, and it could be used with these different hashing other things as well. So you see here I've got examples of empty five shahwan and shot 2 56 were shot, too.
09:41
That's what that one is.
09:43
And it shows you the different length outputs there.
09:46
So in this video, we wrapped up our discussion on different encryption algorithms and are different hash functions. And the next video, we're gonna talk about some different cryptography tools.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor