# Encryption Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
or

Time
4 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:04
>> Let's take an example
00:04
here and we're going to do some math.
00:04
I'm going to keep it as simplistic
00:04
as possible and keep in
00:04
mind that this isn't
00:04
the actual math that's used in today's algorithms.
00:04
This is just an example.
00:04
What I want to show you here,
00:04
the idea is here,
00:04
is how you need to choose
00:04
an encryption algorithm that's strong,
00:04
that's a more complex and
00:04
a stronger algorithm than others.
00:04
Let's take a very basic formula here.
00:04
What have we have an algorithm of K plus
00:04
3 equals C. That means we're saying K is the key,
00:04
that's the secret and C is the cipher text.
00:04
C is just the result of the algorithm.
00:04
We take that and we use that to
00:04
encrypt data and we transmit that.
00:04
We'll see our cipher text is 8.
00:04
If we have an intruder who's listening
00:04
in on the wire and he sees
00:04
that C equals 8 and he knows what algorithm's being used.
00:04
Well, now he can reverse engineer it.
00:04
He knows the algorithm is K plus
00:04
3 equals C. In this case, C is 8.
00:04
He knows that our key plus 3
00:04
equals 8 and he can figure out pretty easily
00:04
that our key is 5 and now he can use
00:04
that key to decrypt
00:04
anything else that we sent across the wire.
00:04
This would be an example of a weak algorithm.
00:04
When you choose an algorithm,
00:04
you want to choose one that's much stronger.
00:04
Here's a fictitious example of a stronger algorithm.
00:04
In this case, we've got an algorithm that's
00:04
actually two different parts.
00:04
The equation is broken into two different parts.
00:04
On the left side, we've got 5
00:04
plus K1 and K1 is part of our key.
00:04
Maybe our key is 12 characters long,
00:04
and we're going to use the first six characters
00:04
as our partial key and
00:04
use that in the first part of the equation.
00:04
So 5 plus partial key minus
00:04
the data itself equals some variable, which is X.
00:04
Since we know what the key
00:04
is and we know what the data is,
00:04
we can solve for X,
00:04
and then we can take X and we can put it into
00:04
the second equation and say X plus
00:04
45 minus the second part of
00:04
the key equals our actual cipher text.
00:04
There's much more layers to
00:04
this algorithm than they were to
00:04
the other one and this is a much more
00:04
complex way to encrypt data.
00:04
Now we take that and we transmit that data.
00:04
Our cipher text is still 8.
00:04
But this time if we have somebody listening on
00:04
the wire and they see
00:04
that our cipher text is 8 and they say,
00:04
we're going to try to reverse engineer this.
00:04
I know what the algorithm is that they're using.
00:04
I know the cipher text.
00:04
We're going to replace our cipher text with eight.
00:04
Now the intruder says,
00:04
"Well now I can reverse engineer and X plus
00:04
45 minus a part of the key. I don't know.
00:04
I don't have any idea.
00:04
It's too complicated. I can't decrypt it.
00:04
It remains a secret."
00:04
It's important to choose
00:04
a strong algorithm whenever you're choosing one.
00:04
The two most common algorithms today are RSA.
00:04
RSA stands for Rivest-Shamir-Adleman and those are
00:04
the last names of
00:04
the three mathematicians that invented that algorithm.
00:04
Chances are today, if you type in https colon slash
00:04
slash something and you're going to make
00:04
a secure connection to some Internet site,
00:04
it's using the RSA algorithm.
00:04
It's one of the most widely used algorithms on
00:04
the Internet today, still very secure.
00:04
Another one is AES,
00:04
which stands for Advanced Encryption Standard.
00:04
That's one actually that the military uses,
00:04
that's been recognized by the military as
00:04
the strongest encryption algorithm out there today.
00:04
There's a lot of other things happening today.
00:04
There's quantum encryption that's
00:04
being talked about and things that are very complicated.
00:04
Encryption can be an entire subject by itself.
00:04
I put an example down below here on this slide,
00:04
this is the actual RSA encryption algorithm.
00:04
You can see it's much more complicated than
00:04
that A plus B equals C that we were talking about,
00:04
which is what makes it such a strong algorithm.
00:04
It's why it's been around for decades.
00:04
A little bit about symmetric versus
00:04
asymmetric encryption.
00:04
Symmetric encryption, as we said,
00:04
is when both parties use the same key.
00:04
Both sides have to know what that key is.
00:04
We've talked a little bit about that in our VPN lesson
00:04
00:04
or point-to-point tunneling protocol.
00:04
In that case, both sides had
00:04
the same key and they just use that to
00:04
encrypt the data or create that tunnel.
00:04
It is faster than asymmetric encryption,
00:04
but it's faster because both sides know the key.
00:04
They don't have to negotiate to figure out
00:04
what key to use for encryption. They already know it.
00:04
It's one less step that has
00:04
to happen during transmission.
00:04
Therefore, it's faster,
00:04
but it requires each party to keep those keys secret.
00:04
Not only does that key exists in two places,
00:04
but now there's a bunch of other people that
00:04
know what those keys are so it's
00:04
a lot more likely
00:04
that those secrets are going to get dispersed,
00:04
are going to get found out somehow.
00:04
Asymmetric encryption is a method by
00:04
which each party has a different key.
00:04
The keys are mathematically
00:04
related and we're going to talk
00:04
about that in a little while.
00:04
But one party has one key that encrypts the data,
00:04
the other side has a completely different key that's
00:04
mathematically related to the first key to decrypt it.
00:04
But even though they're mathematically related,
00:04
you cannot derive one from the other.
00:04
If you get your hands on this key and you steal it,
00:04
you can't figure out what this other key is.
00:04
You need both keys to see the whole conversation.
00:04
You may see a conversation one way
00:04
with key encrypted and this one decrypted.
00:04
Where the conversation the other way is vice versa,
00:04
so you need both keys to steal the data.
00:04
They are mathematically related
00:04
but can't be derived from each other.
00:04
Let's talk about public key encryption.
00:04
In a public key encryption system,
00:04
the best way I can describe this is to use an example,
00:04
and most of the Internet uses public key encryption.
00:04
Public key encryption is used
00:04
mainly because it wouldn't be
00:04
very efficient to use
00:04
a symmetric key encryption system on the Internet.
00:04
00:04
a separate key for
00:04
every human being that might connect to them,
00:04
they would have billions of keys
00:04
that they would have to maintain,
00:04
and that's just not very
00:04
efficient and not very effective.
00:04
So in public key encryption, the way that works,
00:04
let's say Bob over here on
00:04
the left wants to send an email to Jack,
00:04
but he wants to do it in a secure manner.
00:04
He wants to encrypt that email,
00:04
so if somebody intercepts
00:04
along the way, they can't read it.
00:04
In a public key encryption system
00:04
both parties are going to have a pair of keys.
00:04
They're each going to have their own pair of keys.
00:04
Bob is going to have both a public and a private key.
00:04
His private key, he's going to keep private.
00:04
No one but Bob will ever know Bob's private key.
00:04
His public key is public.
00:04
Anyone can see Bob's public key, same with Jack.
00:04
Jack is going to have a public and a private key.
00:04
Now remember these keys are mathematically
00:04
related to one another.
00:04
In the beginning of a transaction,
00:04
what they're going to do when they set up encryption is
00:04
they're going to exchange public keys.
00:04
Bob is going to send Jack his public key.
00:04
Jack is going to send Bob his public key.
00:04
Now Bob has his own initial key pair,
00:04
his public and private key,
00:04
but he also has Jack's public key and vice versa,
00:04
Jack has his initial pair plus Bob's public key.
00:04
Now once a key exchange happens,
00:04
Bob can now create a message.
00:04
His message at first is unencrypted.
00:04
When he wants to encrypt that message,
00:04
he can apply, he can encrypt it using Jack's public key.
00:04
Bob created the message.
00:04
He's going to use Jack's public key
00:04
to encrypt that message.
00:04
When he transmits it,
00:04
it's encrypted, it's copper text on the wire.
00:04
If someone intercepts it, they can't read it.
00:04
00:04
Jack is the only person on
00:04
the planet that has Jack's private key.
00:04
Bob encrypts the message with Jack's public key,
00:04
which is mathematically related to Jack's private key.
00:04
So therefore, when Jack received the message,
00:04
he could decrypt it with his own private key.
00:04
When Jack wants to respond to that message,
00:04
he's going to encrypt it with
00:04
Bob's public key and the same thing happens in reverse,
00:04
goes across the wire, encrypted,
00:04
Bob receives it and in order to decrypt it,
00:04
he's going to use his own private key to decrypt it.
00:04
He's the only one that can do that
00:04
because he's the only one that has the key.
00:04
That's how public key encryption works.
00:04
Encryption can be a very deep subject.
00:04
There's a lot of math,
00:04
there's a lot of subtleties.
00:04
We're not going to get into any of that today,
00:04
but I wanted you to understand at
00:04
a very high level how encryption works,
00:04
what some of the different types of encryptions are,
00:04
how they're applied in
00:04
the environment and just a general idea of encryption.
00:04
That wraps up this session on encryption.
00:04
Next up, we're going to talk about web proxies.
Up Next