Hybrid Cryptography SSL and TLS
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Now we'll talk about hybrid cryptography.
00:00
We've talked about
00:00
>> how symmetric cryptography has speed,
00:00
>> but it also has a number of faults.
00:00
Then we talked about how asymmetric cryptography
00:00
solved a lot of those problems, but it's slow.
00:00
Ultimately, what I want is the speed of symmetric,
00:00
and all the other service of asymmetric.
00:00
In this section, we'll combine them into
00:00
hybrid cryptography to get the best of both worlds.
00:00
Again, what we'd like to achieve is
00:00
privacy, authenticity,
00:00
integrity, non-repudiation, and speed. We want it all.
00:00
Now in my mind, the best way to
00:00
see this is what I have on this slide.
00:00
But let me draw it out for you,
00:00
so you can follow along.
00:00
I will be honest with you,
00:00
I'm not the best artist on the planet,
00:00
so I use PowerPoint to draw,
00:00
and even that is not the greatest,
00:00
[LAUGHTER] so bear with me.
00:00
First that's my client. This is the computer
00:00
it that is going to want to
00:00
>> connect and send information.
00:00
>> We'll use a scenario with SSL and TLS.
00:00
We also have the web server for Bank of America.
00:00
My client wants to have a secure connection
00:00
to the Bank of America.
00:00
To have a secure connection,
00:00
it would use the protocol https.
00:00
The client is going to send a command
00:00
specifying the protocol https,
00:00
and that says, let's have a secure connection.
00:00
The bank server is going to say, okay,
00:00
and it knows that the client wants
00:00
the server's public key.
00:00
The bank server sends the public key to the client.
00:00
What we're looking at so far is
00:00
>> asymmetric cryptography.
00:00
>> But here's the problem.
00:00
In addition to the fact
00:00
that asymmetric cryptography slow,
00:00
but the bank's public key
00:00
only the client can send
00:00
>> encrypted messages to the bank.
00:00
>> The client doesn't have a public
00:00
key to send to the bank,
00:00
so the bank can send
00:00
encrypted messages back to the client.
00:00
Many people don't have public keys.
00:00
This asymmetric cryptography by
00:00
itself won't work for this situation.
00:00
The third step is where these things get interesting.
00:00
In the third step, the client
00:00
generates a symmetric session key.
00:00
Remember, with the symmetric session key,
00:00
the client generated the key,
00:00
and the client knows what it is.
00:00
But the trick is that the bank needs
00:00
the key so that a secure session can be established.
00:00
Is there anything the client has that can
00:00
be used to encrypt the session key,
00:00
set only the bank can decrypt it?
00:00
Yes, is the bank's public key.
00:00
Four, the client encrypts
00:00
the sessions key with the bank's public key.
00:00
In the end, we've exchanged
00:00
a symmetric session keys securely,
00:00
so that way we can communicate
00:00
with symmetric cryptography,
00:00
because both parties know the symmetric key
00:00
that is going to be used to
00:00
encrypt data for the bank server,
00:00
and also for the client.
00:00
It took a little bit of back and forth,
00:00
but there is not an easy way
00:00
to distribute a symmetric key.
00:00
So we use asymmetric key exchange,
00:00
and then we add symmetric data exchange.
00:00
If on the test they ask,
00:00
is SSL or TLS symmetric or asymmetric?
00:00
Well, the best answer is that it's hybrid.
00:00
But they may not let you choose that answer.
00:00
If you have to choose between symmetric and asymmetric,
00:00
then call it asymmetric.
00:00
That's because we start with the
00:00
process with the public key,
00:00
which is asymmetric cryptography.
00:00
They could ask what type of cryptography SSL use
00:00
, and that's asymmetric.
00:00
If they ask what type of cryptography SSL
00:00
uses to encrypt data,
00:00
in that case, it's symmetric.
00:00
The key exchange for SSL is asymmetric,
00:00
the data exchange is symmetric.
Up Next
Similar Content
