7 hours 35 minutes
Hey, guys. Welcome to another episode of the S S C P Exam Prep. Siri's I'm your host, Peter Simple in This is going to be the third lesson in the fifth Do May.
So far in the fifth inning, we've taken a look at some of the fundamental concepts of photography
basically the two different types of ciphers and basically two basic terminology which applies to cryptography.
You also taking a look at some metric cryptography and ciphers. And now, in today's lesson, we're gonna look att, asymmetric cryptography and hybrid crypt IRS.
Let's get started.
The other time of cryptography that is used today is asymmetric cryptography.
Asymmetric cryptography was male, created to address the practical limitations off. Symmetrical.
As we said this, most of the limitations of symmetric cryptography are that is the key management issue where it's the same key to encrypt at decrypt, so it's tough to get the key from one spot to the other.
Asymmetric ta graffiti fixes this by using two keys that are mathematically related but mutually exclusive,
so the keys are related in a sense that one's used to encrypt and the other is used to decrypt. But they're also exclusive. So they are still two separate keys and you cannot
figure out one key
based on the R.
So since the asymmetric algorithms they are one way functions. So usually you create the private key first. And then from there you create the public. He now private key in public. He doesn't really matter which one you label, but usually be private key is the one you create first,
and you must hold on to that at all times. That belongs to you and only you and only you should know what the private key is.
The public one is for everybody else. The public. He is the one that you give the people that you want to send messages to. You can have it on your website. You can have it on you having a bunch of spots.
And this is usually the one that does the D cryptic. So asymmetric cryptography is really good for confidential messages and non repudiation.
So how does it work?
Asymmetric stocking feet works like this. So So say we have a fella named Bob here and Bob wants has had a message to Alice.
So he says, Hello, Alice. And he encrypts that message with Alice's public key. This is the public. He So this is the key that Bob has easy access to
s o he encrypted and he sends it to her.
Now Alice encrypts the message with her private key,
and then she could read the message. Now this is a confidential message, because once it is encrypted with Alice's public key, the only person that can read it is the person who has Alice's private keep, which is only Alice.
Now, the other way this works is shows approve of origin. Besides non repudiation factor with this, Alice wants to send a message to bomb. So she says a Bob, and she signs it with her private key.
And that's that little little signature down at the bottom of the ramp. Little scramble of characters.
Now, when Bob gets this message
the, uh, the You little message at the end with Alice's public key
and then therefore he knows that the message came from Alice because Alice is the only person who could have encrypted the key to begin with. She's the only one has the private key shoot giggling, one who could encrypt that message at the end.
Asymmetric encryption algorithms. The first is our say so this is an algorithm based on the mathematical challenge of factoring the product of two large prime numbers.
And then we have the defeat Hellman Out room. This is a key exchange algorithm used to enable to users to exchange symmetric keys, which will be then used for message encryption.
Now it's important to note they are not
They are creating a key together, and that is the key that they use for symmetric
encryption. So the way this works is this in this example, Alison bomb. They both have something in common,
and they both have a secret color. So in this example, paint is used to they have their common pain.
They have a secret color,
and then they mix the common paint and the secret color together and said they get two different mixtures
Now. At this point, the mixtures air still different, so they can just swap mixtures
through any type of public transport.
So then once they swapped mixtures, they add their secret colors again, and now they have the common secret out
swap out pain for like information and then you get a key.
And then this is the key you used for symmetric encryption.
A couple of other asymmetric encryption algorithms. Al Kemal, which is based on the work of Defeat Hellman but includes message confidentiality in digital signatures,
and you looked at curve for photography, which is in our algorithm based on the mathematics off elliptical curves.
So were the advantages and disadvantages of asymmetric key algorithms. Well, you can send messages without the key exchange. There's never You won't have this problem off, sending the key from one spot to the other with asymmetric key algorithms. It also offers non repudiation,
All of these things are not offered with symmetric cryptography,
so some of the downside
it's kind of slow and slow to a point where it's impractical for frequent transaction. If you have to encrypt or decrypt many times at a rapid rate, asymmetric cryptography is really not really not the best. The cipher text is also larger than the plane tax, which could be a problem.
So the result
i word cryptography, and this combines the best of both worlds, So asymmetric cryptography support the key exchange NARC Aviation the message authentication, while the symmetrical photography offers the speed and security of our river.
So the way this works is you have symmetrical cryptography,
which will take the plane tax,
um, encrypted with the key. And then you get the cipher text and then to decrypt that you decrypt it with the same key.
And then that's how you get the plain text.
instead of this key being transport, this symmetric key
is encrypted with the public key of the receiver
send over to the person who's getting it. And then the symmetric key is then decrypted with the private key on a receiver. So instead of the whole message being encrypted with a public key and then decrypted with the private key on Lee, the symmetric key algorithm is that,
and that provides an easy way.
I'm sending the key for one spot to the other without slowing down the encryption or decryption process.
Couple more cryptography concepts Message Digest will take this a little bit. Maurine. The last lesson. Just a small representation off the larger message used for authentication integrity. You have the message authentication code, which is the small walk of data that is generated using a secret key
and then appended to message. So when the message
is then read, the person can decrypt it with the public he on then read the message and know it came from them.
Now Hash all message authentication code is the message authentication code, but it's being hashed using asymmetric key value, and this is used for integrity and orginal authentication.
Digital signatures. It's really the same thing is like the message authentication code ensures the authenticity integrity of a message. Through hashing and asymmetric algorithms, the digest is encrypted with the centre's private and obviously non repudiation.
This ensures that the center cannot deny a message was sent by them and that the message is still intact.
In today's lecture, we discussed asymmetric cryptography and hybrid cryptography
All of these are aspects of asymmetric cryptography except
hey, easy key exchange.
Be non repudiation,
see speed or D confidentiality.
If you said see speed, then you are correct. Remember, one of the disadvantages of asymmetric cryptography is that it's slow, and that's why hybrid cryptography exists in the first place.
Thanks for watching guys. I really hope you learned a lot in this video, and I'll see you next time
ISC2 Systems Security Certified Practitioner (SSCP) Practice Assessment
The SSCP exam preparation package helps students prepare for the ISC2 SSCP certification exam. ...
(ISC)2 Certified Information Systems Security Professional 2015
(ISC)2 Certified Information Systems Security Professional 2015 is a practice exam preparing for the CISSP ...