# Symmetric Cryptography

Video Activity

Join over 3 million cybersecurity professionals advancing their career

Sign up with

Required fields are marked with an *

or

Already have an account? Sign In »

Video Transcription

00:00

>> Hello. We talked about

00:00

the basic elements of cryptography,

00:00

and in the last section we talked about algorithms.

00:00

We said that algorithms are

00:00

the math functions that are used to provide

00:00

the substitution from plaintext to ciphertext,

00:00

and then we said an algorithm

00:00

>> has to be used with the key

00:00

>> because a key provides

00:00

the instructions on how to

00:00

use the mouth of the algorithm.

00:00

Now we're going to talk about two different types of

00:00

cryptography: symmetric and asymmetric.,

00:00

and these terms refer to the key that is used.

00:00

It has to do with what key is,

00:00

how you get the key, and how you

00:00

use the key, and so forth.

00:00

The first type we're going to talk

00:00

about is symmetric cryptography.

00:00

With symmetric cryptography,

00:00

the same key is used by both parties.

00:00

Encrypt data with that key and when you get it,

00:00

you have to decrypt it with the same key.

00:00

It's like your house key you, use it to

00:00

lock the door and unlock the door.

00:00

Now let's take a look at some of

00:00

the drawbacks to symmetric cryptography.

00:00

It's really important with symmetric cryptography that

00:00

we find a way to securely distribute the keys.

00:00

Let's say I need a person to watch my dogs

00:00

this weekend and you offer to do it.

00:00

I have two puppies and a 14-year-old dog.

00:00

As you can imagine the 14-year-old dog

00:00

is not amused by the puppies at all,

00:00

but anyway the problem is that I

00:00

need to find a way to give my house key to you.

00:00

I could hide it under my little garden or

00:00

my front porch, but that's not secure.

00:00

How can I get it to you in a secure fashion?

00:00

The most secure way is to walk

00:00

over and give it to you in-person,

00:00

but that's not practical.

00:00

Since I will be giving you the key in

00:00

a different environment that are normal communications,

00:00

we call this an out-of-band key distribution.

00:00

That's one of the downsides of symmetric cryptography.

00:00

Symmetric cryptography is usually

00:00

pretty easy to understand

00:00

because most of the logs we work with in

00:00

our lives use symmetric cryptography.

00:00

The hardest thing about symmetric cryptography

00:00

is to remember all the different names it can go by;

00:00

secret key, private key,

00:00

shared key, or in some cases session key.

00:00

Now going back to my need for a dog walker, Let's see,

00:00

I've chosen one person to walk my dogs,

00:00

and let's see that I do find a way to

00:00

get that person the key security.

00:00

As long as we're both trustworthy, it can work.

00:00

Next, let's say we decide

00:00

we're going to join in dogs and in club,

00:00

and at any given moment you could ask one of

00:00

us to come over that evening and walk your dogs.

00:00

They would be able to do it because we are

00:00

all going to share our house keys.

00:00

Everyone would have everyone's house key.

00:00

Can you imagine how many

00:00

keys we would have to keep up with?

00:00

That's just not possible, that's crazy.

00:00

Well, that's the second problem

00:00

is symmetric cryptography.

00:00

As your numbers increase you need a key for

00:00

each communication channel but

00:00

also they need a key for each communication channel,

00:00

so this is not a solution that scales well.

00:00

Then the other problem with

00:00

symmetric cryptography is that

00:00

it does not provide non repudiation.

00:00

Remember when we talked about pain and

00:00

the security services you want with

00:00

cryptography: privacy,

00:00

authenticity, integrity, and non-repudiation,

00:00

we said that those are security systems

00:00

that we want with cryptography.

00:00

Well, the only one of those services that you get

00:00

with symmetric cryptography is privacy.

00:00

There is nothing that guarantees

00:00

non-repudiation because the key is shared.

00:00

If you and I share a key to

00:00

some data and that data gets leaked to media,

00:00

I can only say that you leaked

00:00

it because we both share the same key.

00:00

Or as another example,

00:00

if you and I share a locker

00:00

>> in the back of the classroom

00:00

>> and one of us leaves a [inaudible] damage

00:00

in the locker over the weekend,

00:00

even though we all know it was me I could

00:00

see it was you because we share the same logger.

00:00

With all the issues in symmetric cryptography,

00:00

why do we even talk about it?

00:00

Because it's fast.

00:00

We want speed, so just put

00:00

it in the back of your mind for future use

00:00

that we want to send bulk data with

00:00

symmetric cryptography due to its speed.

Up Next

Similar Content