Cryptography Definitions: Initialization Vectors

Video Activity
Join over 3 million cybersecurity professionals advancing their career
or

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hello. Now we're going to
00:00
talk about some of the terms
00:00
>> we use within cryptography.
00:00
>> We'll start out by looking at
00:00
encryption for the purpose of privacy.
00:00
We start out with plain texts
00:00
and that's the data we want to protect.
00:00
Ultimately, what we want to do
00:00
is confine that to the ciphertext.
00:00
If anyone is able to access it,
00:00
they won't be able to read it or find meaning.
00:00
00:00
use an initialization vector,
00:00
an algorithm and a key,
00:00
that's what takes us from plain to ciphertext.
00:00
We want to talk about what an initialization vector,
00:00
an algorithm, and a key.
00:00
Let's talk about an initialization vector.
00:00
The job in the initialization vector
00:00
00:00
the encryption process. Randomness is good.
00:00
We want our ciphertext as far
00:00
removed from the plain texts as possible.
00:00
Even though the encryption process is going to
00:00
change our data from plain text to cipher,
00:00
00:00
we'll make the process more complex
00:00
and that makes it more difficult to reverse.
00:00
00:00
your digital music collection and digital music player.
00:00
Onetime l lend a friend of mine my iPod and she
00:00
00:00
Now, I know I can erase that,
00:00
but I never think about it until it's too late.
00:00
I pull up to stop play and I'm feeling cool and
00:00
playing the music that was popular
00:00
when I was in high school.
00:00
Then next thing you know,
00:00
the song, The Sun Will Come Out Tomorrow,
00:00
starts playing on my stereo and I'm thinking,
00:00
got to be kidding me.
00:00
My question is this,
00:00
I've got over a thousand songs on my iPod,
00:00
why does the same song keep coming up
00:00
time and time again when I'm playing it in random mode?
00:00
I do find that there are a handful songs that you can't
00:00
count on hearing when I put my music player on random.
00:00
Well, if you look at what I have on
00:00
the screen, in the second bullet,
00:00
I just came up with some random numbers
00:00
and I came up with some random math.
00:00
But even though I've got
00:00
>> random numbers and random math,
00:00
>> the question becomes, do I have to randomness?
00:00
Well, if I always start at the track zero and I
00:00
00:00
and jump three tracks and so forth,
00:00
I really don't get randomness because it
00:00
keeps starting at the beginning of the zero track,
00:00
but if I can randomize the beginning point,
00:00
then I add more randomness to the process.
00:00
Now the thing about the initialization vector
00:00
is that it needs to be long enough,
00:00
just like everything else.
00:00
But you can't have an initialization vector that is
00:00
too long because when you use security,
00:00
00:00
You want an initialization vector that is
00:00
just long enough, but not too long.
00:00
Let's go back to what we talked about with WEP.
00:00
Remember, WEP stands for wired equivalent privacy
00:00
and it was one of the first means of
00:00
encrypting Mi-Fi communication for our local networks.
00:00
With WEP, one of the starting problems was that WEP had
00:00
a very short initialization vector
00:00
and that IV was 24 bits.
00:00
When WPA came along to replace WEP,
00:00
WPA increased the initialization vector substantially.
00:00
It went from a 24-bit IV to
00:00
a 48-bit IV, significantly better.
00:00
WPA settled on the 48-bit initialization vector
00:00
and that gave us more security than we had with WEP,
00:00
but still performing it enough to be acceptable.
00:00
That 48-bit Initialization vector continues
00:00
today with WPA2 even WPA3.
00:00
Now, a couple more things to consider with IVs.
00:00
First of all, have you heard of the term seat insole?
00:00
It's very comparable to a initialization vector.
00:00
00:00
when we're encrypting data.
00:00
00:00
it's a one-way mechanism to protect our passwords.
00:00
00:00
00:00
00:00
it makes them harder to compromise.
00:00
You could also hear the term soul.
00:00
A seed at the beginning of
00:00
>> the process. A soul is leader.
00:00
>> All these things, seed, salt,
00:00
and IV's have the same purpose, to add randomness.
00:00
Now, the second thing to think about is how
00:00
computers really aren't good at true randomization.
00:00
You and I can think of a random number like 1,043,007,
00:00
pretty easily on top of our head,
00:00
but computerized systems are logic-based.
00:00
There aren't very predictable.
00:00
The challenge becomes that we need
00:00
randomness and allotting incursion functions
00:00
that we perform on a day-to-day basis
00:00
are dependent on randomness.
00:00
Computers need something to base
00:00
the randomness on in order to come up with it.
00:00
It could be based on internal CPU cycles,
00:00
temperature, date, and time variables.
00:00
There could be a million different variables to
00:00
come up with an initialization vector.
00:00
We just have to remember that it's not truly
00:00
random, it's pseudo-random.
00:00
Something cool here.
00:00
Have you heard of a company called CloudFlare?
00:00
They're an Internet web organization.
00:00
They provide infrastructure support
00:00
and security for massive amounts of
00:00
data and information and
00:00
services at organizations across the Internet.
00:00
They use lava lamps as a basis for the random numbers.
00:00
They have a wall of 100 lava lamps
00:00
and they have a camera that takes
00:00
pictures of the lava lamps
00:00
periodically and sends those images
00:00
to the servers that analyze
00:00
the configuration at any given time
00:00
and it's always going to be
00:00
>> different and unpredictable.
00:00
>> They create a value for the initialization vector
00:00
based on the lava lamps.
00:00
It's pretty fascinating.
00:00