Time
10 hours 28 minutes
Difficulty
Advanced
CEU/CPE
15

Video Description

This lesson covers asymmetric cryptography with a focus on PAIN; which is an acronym for:

  • Privacy: always encrypt with the receivers PUBLIC key
  • Authenticity: Sender will encrypt something with the senders PRIVATE key
  • Integrity: Create a message digest with the hashing algorithm (MD5, SHA-1, SHA 256).
  • Non repudiation: sender encrypts hash with the sender's private key

Video Transcription

00:04
Okay, so we talked about asymmetric cryptography. Key change for us to talk about it, being on environment that grow to be a very large environment.
00:14
The next thing we want to talk about this how asymmetric cryptography provides all four security service is looking for.
00:22
I see authenticity, integrity. And
00:27
now I just mentioned how asymmetric cryptography provides us with a price.
00:32
This centre requests the receivers. Public
00:37
receiver gladly provides that,
00:40
and for privacy, we use the receivers public information.
00:46
That way, only the receivers private
00:50
as very important foundational principles get. Don't forget the relationship of keys. Anything encrypted with one cannot be decrypted,
01:00
so crime scene get. Don't forget. When I talk about you, request the user's private. Keep entering public heat.
01:07
When I say you do that again, it really is your application. Whether you're male application, maybe your Web browser. Maybe it's whatever other service you have running, but it's always an application application request. In the end, users should never see that
01:23
that's what some of these protocols some of these mechanisms do forces they make
01:27
west. So with privacy, you will always in crypt with receivers public key to get prices here
01:37
All right, now, we moved down toe authenticity.
01:40
And please remember, authenticity is a totally different security service in price.
01:46
So if we want authenticity, we gotta go about it and entirely what?
01:51
So for authenticity, what I'm gonna do
01:55
is I'm going to put something on my message and get my application
02:00
that you will be able to decrypt with my cold.
02:05
That sounds a little weird, but if you think about
02:07
if you're able to decrypt something with Kelly and her hands public key,
02:14
it has to have been infected with Kelly Canter hands product,
02:19
which only Kelly underhand ***.
02:22
So just the fact that you could use my public key decrypt something
02:25
proves it was encrypted with my private crusade came from
02:30
Okay, Now the thing is, so I'm not gonna encrypt the message with my public, there would be no point. And that message could be very, very long, and I wouldn't creep the whole message.
02:45
I always will use the message, use the receivers public.
02:50
So
02:52
for it. Since let's say I have a message.
02:57
What is down at the bottom?
03:00
I put a full time staff.
03:02
Let's see,
03:04
two o'clock, actually, let's say it's true. 15 here.
03:08
If I had a little time stamp at the bottom of a message, my application does this. I don't care who knows what time it is, right? I'm not trying to protect the club.
03:20
What I do is I want to give you an excuse to decrypt something with Kelly and her hands public.
03:29
So what do I have to encrypt it with?
03:31
I would have to encrypt
03:34
centers,
03:36
right? I'm the singer,
03:38
and I would use my private key to encrypt times.
03:43
What would you decrypt it with my public?
03:46
And when you're able to decrypt it? My politi,
03:51
You know, it was encrypted with my private Julianne.
03:54
Now I'll warm you. A lot of people get confused here because when we hear encryption within codes about privacy, not in this case, I'm encrypting with my private. Doesn't that mean anybody could decrypt it? Because anybody could have access to my public? It does. But the intern, that is I don't care.
04:14
I don't care who knows what.
04:15
Right this I'm not trying to get a visual.
04:18
But what about the message? Maybe my message needs to be protected. Well, that's fine. I can always encrypt the message.
04:28
I think about the privacy of the message. So what key would I use?
04:34
How it used receivers,
04:38
Huh?
04:39
We'll always get priced by using receivers.
04:44
You'll always get authenticity
04:47
from the center. Remember, it's the center I want to verify. The only thing that center has that unique to them is their problem.
04:57
So what you have is you have a message with different pieces, and different pieces could be encrypted differently.
05:02
The taunting, the body of the message, plus encrypted the receivers public.
05:09
I understand.
05:10
The only reason that time stamp is there
05:14
is so I've been encrypted with my private.
05:16
Why? Because you decrypted with your public key Web certain my public will know it
05:23
now. The next piece, isn't it?
05:26
And I told you earlier they're different types of integrity that were concert delicious modification, accidental modification. We're just gonna focus on the most basic where you focus on what a hash is because the hash does give me technique protection. Now, one thing I will tell you is
05:44
even though we're talking about a spectra cryptography,
05:46
technically, ah, hash is not symmetric or basement.
05:51
Symmetrical, asymmetric. They both required
05:57
hashes. Do not use their simply let me give you might have 1/2.
06:02
All right. So let's say that you and I are communicating across the unreliable
06:10
and we're worried about packets being dropped. What I care about is your Simply knowing what I've sent you has not been corrupt.
06:17
I'm not trying privacy. I'm not trying to guarantee authenticity. All I want you to know is what I said. You know what?
06:27
So I had a time when you and I have a great to do is to figure out the numeric value for each letter
06:32
separates h is the eighth letter of the offense. Is the fifth else 12 12?
06:42
Okay,
06:43
so we've agreed to figure out the value in the adult numbers. Up
06:49
eight slash 13. 25. 37.
06:56
Right.
06:57
So before I send you the message, I jot down the middle 50 to the bottom.
07:01
I said, you're a mess.
07:03
You get that message what you do
07:05
exactly
07:09
if you come up with the number 52
07:12
which matches the number I came up with, we get that assurance of the message is not
07:17
now. Let me tell you what I'm doing here is very, very basic. It has a lot of common with real hash algorithms, and we'll talk about that with the real hashing out. Brothers are much more sophisticated,
07:30
but the idea's safe.
07:32
Before you send your message, you perform some sort of malfunction. You come up with the value, call the hat. That could also be called a message.
07:43
I did the exact same man on my end. If the message judges I come up with matches, the one you can come up with, then we know we've got a match and we have that assurance. The messages Not awful.
07:55
The two main hashing algorithms that we use honestly, MP five's really kind of dropping off the face of the Earth. It's been compromised years ago, actually shot one has also been compromised, but Indy five was 128 That hash Charlotte
08:11
12 160 bid before shot 50 sixes
08:16
shorter.
08:18
But the idea is these are the algorithms that
08:26
what's really important to understand about a hat.
08:28
There is no key, right? There was no take this and here's the key that you used it simply, man, I said at these numbers together, so that's a math function.
08:39
But The important thing about that is a hash is always, always holds what white man.
08:48
Now that's kind of interesting, because we always think about math being able to be reversed. I understand that.
08:54
But take a look at this. Let's say
08:56
that I had encrypted the message with the receivers public. Eat. So all the sons. You have no idea what that message originally. Waas. Right? It's encrypted. Let's just say it's It's out of your way.
09:11
You have the half
09:13
and not only you have the hash. You know how I created the
09:18
but I don't know which has 50 to appear said to ease you already solved yet. So let's say the hash brown was one, eh?
09:26
One.
09:28
Now remember, it's not that we're replacing character by character, but we're taking every character's numeric adding
09:37
adding them together.
09:39
So all you have in plain text is the hack 18 14.
09:43
What numbers did I add together
09:48
to get 18 40?
09:50
Because if you know what numbers, I had it together. You know my messages, but they're so many possibilities for what could be here.
10:00
It's one way in there. It's very easy to before. One way it's really easy to add those numbers together. But when you look at the results and trying to figure out what numbers went into this next to impossible
10:11
and to make it even harder with real hash is not this silly little cash that I used with really Hash is you're gonna have 100 28.
10:20
You're gonna have 100 60 half you have 256 big hat and those hashes will not change in size based on the content of the message. So you're gonna have this fixed size indicator of the contents of the message
10:35
and the beauty of the hash back it out.
10:41
The reason that's so important is because I do not need a hash to be
10:46
my hash for my message. Could be on the network in clear text any time I want. Why? Because you can't reverse it.
10:54
It means nothing to attack.
10:58
So, for instance, if your attacker you capture 13
11:01
for s,
11:05
why
11:05
see
11:07
039 know what can you do with that?
11:13
There is no way I can reverse this hatch and figure out the actual message. Waas. So I needed to be.
11:22
They could be right there in plain text. Hey, so that's important. Obviously wanted to work. All right, so Hash
11:31
Message Digest Another work one way, Mac. Two main hashing algorithm. Shot one and shot 2 56 Really today, 75 was the predecessor. It's still around, but mostly were shot.
11:45
All right, so let's look to protect our message.
11:48
So there's one message
11:52
I want you to hear in T that hasn't been modified.
11:56
I want, you know, it hasn't changed, so I have should.
12:00
There's my little hats
12:03
now. I want to protect the confidentiality of the message.
12:07
So what? I could encrypt the message with the message. It's incredible
12:13
with and think it through. Sender. Receiver, receivers,
12:18
public or private.
12:24
What's the only thing that will decrypt the message? Receivers Private key, which only they
12:30
great I get. How did you all the best?
12:31
I have integrity. Well, they just put the security service is there so that this week
12:37
that just means separate.
12:39
But now I want authenticity. I want you to know this message came from me. All right. Well, what would happen
12:48
if I took this hash
12:50
and encrypted
12:54
senders?
12:56
What? A crypt in the hash with the centre's private key.
13:01
The receiver gets it,
13:03
and the receiver can decrypt the hat
13:05
with the singers.
13:07
They know it was in with
13:11
job they have.
13:13
So I've just taken a temporary
13:15
and I add authenticity.
13:18
And when you get the two together, you have non deviation.
13:22
And that's what's called digital signature.
13:24
So all additional signature is is a hash
13:28
encrypted with the sitter's private.
13:33
So when your email application tries to open up, that hatch with Kelly understands public.
13:39
If it's successful, it knows it painful.
13:43
My product.
13:46
Mom, if, as the center
13:50
I've encrypted the hat with my private right down to sit with my problem,
13:56
doesn't that mean anybody on the network decrypt that hash with my public? It does.
14:01
So what's the interest
14:05
here?
14:07
Why? Because you cannot. First,
14:11
they fact that just a minute,
14:13
even if so, the message is protected it with shakers Public.
14:18
This is encrypted with Kelly
14:22
with my private
14:24
anybody that intercepts. That message could decrypt the hat because anybody could have access to my problem. He protected
14:33
with again with you decrypt that hash. What can you do with it?
14:37
Nothing.
14:39
You can't rebuild my message looking hat. All that hatched US security has changed.
14:46
So, yeah, you could decrypt the hash with the answers are here. Does
14:50
I hope that makes sense? Is this really a foundational building block with cryptography? Is understanding How did Prods and its distance jewel signature? That gives me that
15:07
That true assurances that message comes from reports from
15:11
and that it has not been a lot of fighting treats.
15:15
And again, if you're doing this with an email and you're sending to somebody within your organization, all of this is cable through the local dress list, all with this scene.
15:26
Now, if you're trying to do this, step out some somebody outside of your organization. I don't know if you've ever tried to encrypt a message for somebody at another company. What you've lovely had to do was to sit them digitally signed message.
15:39
They sent you a digitally signed message back, which just happens. Kate Ship just exchanged public keys. So once again, it's very seamless to the users. Is its integrated Well,
15:52
If users know about it, it's not in every way. So these were the security service is we get through asymmetric
16:00
crabs
16:03
through receivers, public
16:04
authenticity with sinners
16:07
integrity through passing
16:11
in the non appreciation. We take a hat. Shopping centers property in that potential.
16:18
So
16:18
all those problems with veteran photography
16:22
we just solved with a suspect. But think about it. I would like to trade off be trade office
16:29
performance. We would much rather use metric cryptography because it's fast.
16:36
What asymmetric solves all those problems, like stale ability.
16:41
So you really like to do? Ultimately,
16:45
yes, We'd like to get the benefit Space Metric
16:49
Deficit Snatcher
16:52
and, uh,
16:52
really the best way to see that it's five looking at criticism called SS else your soffits later and what you'll see. You'll see asymmetric being used for these benefits. Symmetric for dad exchange speed,
17:08
which is that gives the best.

Up Next

CompTIA CASP

In our online CompTIA CASP training, you will learn how to integrate advanced authentication, how to manage risk in the enterprise, how to conduct vulnerability assessments and how to analyze network security concepts and components.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor