### CompTIA CASP

Course
Time
10 hours 28 minutes
Difficulty
Advanced
CEU/CPE
15

### Video Description

This lesson discusses the pros and cons of symmetric cryptography. Cons:

• Out of band key distribution
• Not scalable
• No authenticity
• Integrity
• Non repudiation

Pros: - Very fast

### Video Transcription

00:04
Okay, so we've really wrapped up symmetric cryptography. Talk about the basics. We talked about the idea of the same key to encrypt that used to decrypt.
00:13
We look a block and stream ciphers about how blocks were more secure, but they were slow stream ciphers faster with a lesson here.
00:25
So ultimately, when it comes into wrapping it up about symmetric cryptography, we've gotta look at the pros and cons. Why use metric and why we might not. So when we talk about the downsides of cement cryptography, there several things that our problems for us
00:44
the first is that
00:46
there is no means of he exchange in a symmetric out.
00:52
And by that I mean, I'm gonna crypt with a key. You need that same key decrypt how I get the key to you.
00:59
And the answer is, I don't know.
01:00
We've gotta find some way outside of algorithms that air symmetric to do the key distribution. And when we talk about that, we call that out of band key change, key distribution and basically what that means is it has to be done ahead of time. Somehow else it could literally be is basic.
01:19
Is he hiring her go
01:22
hand deliver Yuki.
01:23
Now we know that we don't really do that today's technical world, but there has to be some way to get that he distributed.
01:30
Hey,
01:32
the second problem is that cement truck algorithms you're not scaled.
01:36
They're not good for environments that going to be very large because for every unique conversation that we need to be
01:45
So you know, for instance, you've got multiple parties communicating
01:53
a two parties communicating so big deal.
01:57
But as I add individual, we need he they key
02:01
at fourth person.
02:05
They need a key.
02:07
And as you continue to add, this is only five users. You see a lot of keys.
02:15
So when we talk about symmetric algorithm was not feeling being very stable, that's exactly what we're talking about. It's just not scales profile
02:24
Now the third problem
02:28
with symmetric cryptography is we do not get authenticity, integrity or not repudiation.
02:35
Now, symmetrical powder feet does give me a price, and it gives me a good, strong privacy as long as that he's been distributing secure.
02:45
Okay, so we've got no problem getting price.
02:47
However, if you think about this, let's say that we've used symmetrical cryptography for message. I've encrypted with the key. You've taken that same tea and decrypted the message. So you and I both have the same key.
03:04
Let's say that that same email campaign sensitive information that was leaked to the media house
03:10
and it's encrypted with the key that you and I share.
03:15
Can you cryptographic Lee prove the message came from me?
03:20
No, because you were not share.
03:22
So with symmetric cryptography, you will never get true authenticity,
03:28
as in stand up in court authenticity anytime. Two parties shared the same key. You don't get authenticity. It's like in the back of the classroom.
03:38
You and I have a key to the locker back the classroom
03:42
over the weekend, somebody's left a tuna fish sandwich in there.
03:45
I don't know it was me,
03:46
probably waas, but as long as you have the key, I have someone else to blame. And was both parties share key. You don't get true authenticity
03:57
now. I could get some reasonable authenticity if you and I have a key
04:02
and it's encrypted with key that you have, I could kind of say, Well, sure, I believe that I'm communicating with the proper 40
04:10
so you get kind of okay, authenticity, as in I have a reasonable assurance it came from you and nobody was Impersonating you.
04:17
But it's just not staying the authenticity, which is what we want. And that's not to say you're gonna be taking your employees to court. However, what we want is a good, strong reliance beyond a reasonable doubt that the origin of a message is who reports to me from.
04:35
And we have all seen C e mails, you know, at least,
04:39
and I've got a pretty good spam filter. But I still once a week we'll have something slide through my my spam filter reporting to be from pain, pal, your email has been compromised. Click on this link to reset it
04:54
and you know, better than clicking on links emails. Totally. But ultimately what happens is
05:00
I want to be sure that that message just come from papal. Before I would play, probably or open.
05:06
Just don't get that degree of authenticity with symmetric.
05:13
Now, the next thing we don't we don't get in separate
05:16
just because I encrypted message to you with the key that you and I share.
05:21
Does that guarantee the message hasn't been corrupted across the wire.
05:26
No, there's nothing in cryptography. Answer. There's nothing in encryption
05:30
that guarantees whether or not I must message has been changed.
05:35
Corruption happens in cryptography when used. Let me say that again
05:43
corruption happens. And there's nothing
05:46
about encrypting message that prevents corruption from happening or even detects that corruption has that.
05:53
And with symmetric photography, we don't get that
05:57
just because a message is encrypted with the key that you and I have that doesn't keep packets from being dropped on the wire.
06:03
So no integrity.
06:05
Well, if I have no authenticity, I have no integrity.
06:10
Am I gonna get non repudiation? Because non repudiation, if you'll recall, is a combination of those two. Security service is non repudiation, says the senator. Can't dispute having sent the message north the contents of the message. So no authenticity, no integrity. Therefore, no non repudiation.
06:30
Well, if we have all the straw bags, just a metric photography want in the world. We use it, and I don't know if you can see this is the bottom of the screen. But basically what it says is
06:40
Spencer Cryptography is fast, fast, fast, and that's a very important characteristic that symmetric photography's fast. As a matter of fact, we say fast, you know, question I get. Is it noticeable? Absolutely. You would have a speed improvements in house thousands of times better
06:59
with the symmetric algorithm,
07:00
with a smattering of that has to do with the efficiency of the algorithms and how long the key would have to be in order to provide the same degree of encryption protection. But the bottom line is the hall symmetric photography is that fast. We want to use it,
07:16
but we have to solve some of these problems, okay, and that's where we won't go into. The next section is we're talking about asymmetric cryptography and how asymmetric cryptography, even though it has its own problems, solves the major problems.

### CompTIA CASP

In our online CompTIA CASP training, you will learn how to integrate advanced authentication, how to manage risk in the enterprise, how to conduct vulnerability assessments and how to analyze network security concepts and components.

### Instructed By

Kelly Handerhan
Senior Instructor