1
00:00:00,990 --> 00:00:03,270
This would be it for theory.

2
00:00:03,270 --> 00:00:05,000
Let's now see it in practice.

3
00:00:06,800 --> 00:00:09,530
The everyday use of the solutions is as follows.

4
00:00:10,480 --> 00:00:12,750
Symmetric ciphers have their shortcomings.

5
00:00:14,730 --> 00:00:19,650
The biggest limitation they have is they require managing a huge amount of keys and don't offer the

6
00:00:19,650 --> 00:00:21,130
option to exchange them

7
00:00:23,890 --> 00:00:31,290
repudiation and authenticity cannot be assured either asymmetric ciphers on the other hand are not useful

8
00:00:31,290 --> 00:00:34,810
for encrypting long messages.

9
00:00:34,870 --> 00:00:40,680
There are slow and inefficient basaltic key exchange problem and provide for the ability to prove ascenders

10
00:00:40,680 --> 00:00:48,870
identity and establish the authenticity of a message by combining the best of the two solutions you

11
00:00:48,870 --> 00:00:51,430
can arrive at a hybrid cryptographic system.

12
00:00:55,210 --> 00:01:07,240
All systems today in fact use a hybrid scheme SSL FS and H TTP has all these hybrid cryptography.

13
00:01:07,320 --> 00:01:13,250
The idea behind it is that while messages are encrypted using symmetric cryptography The key is used

14
00:01:13,250 --> 00:01:18,570
for encryption or encrypted using asymmetric cryptography.

15
00:01:18,740 --> 00:01:23,990
The keys are put in a digital envelope and sent along with the ciphertext.

16
00:01:24,170 --> 00:01:27,870
The word send is used in a broad sense.

17
00:01:27,940 --> 00:01:33,870
It doesn't require for example sending data over a network between users A and B.

18
00:01:33,870 --> 00:01:37,880
The data can also be put on a disk.

19
00:01:37,950 --> 00:01:50,530
The message circulates in time until someone finds it and decrypts it.

20
00:01:50,550 --> 00:01:55,210
So let's take a look at the encryption process in a hybrid system.

21
00:01:55,250 --> 00:01:59,980
You have a message that must be encrypted using symmetric cryptography.

22
00:02:00,200 --> 00:02:07,280
For example using the advancing Christian standard to do this you need a key.

23
00:02:07,400 --> 00:02:10,140
Let's call it a symmetric session key.

24
00:02:10,220 --> 00:02:12,210
It will be pseudo random and secure.

25
00:02:14,420 --> 00:02:17,470
You have successfully generated.

26
00:02:17,640 --> 00:02:24,710
Next you should asymmetrically encrypt the generated symmetric key using for example RSA or El-Gamal

27
00:02:26,650 --> 00:02:30,650
the output is saved with the ciphertext.

28
00:02:30,650 --> 00:02:35,450
This will allow you to include copies of the key that are encrypted using other system user's keys.

29
00:02:36,790 --> 00:02:42,230
If the ciphertext is intended for 6 recipients you should repeat the operation six times.

30
00:02:43,990 --> 00:02:50,810
The recipient's public keys will be used for encrypting the session key the number of session key copies

31
00:02:50,810 --> 00:03:01,010
matches the number of recipients each copy is encrypted using a different public key.

32
00:03:01,030 --> 00:03:02,790
How do you decrypt this message.

33
00:03:03,830 --> 00:03:12,340
You get a cipher text to start to decrypt anything you need to have a key an encrypted session key has

34
00:03:12,340 --> 00:03:18,610
to be taken from the envelope decrypt it using a private key.

35
00:03:18,730 --> 00:03:23,470
There's a private key that corresponds to the public key which means that only an authorized user can

36
00:03:23,470 --> 00:03:25,270
perform this operation.

37
00:03:27,020 --> 00:03:30,830
The user is the intended recipient of the message.

38
00:03:30,890 --> 00:03:36,590
If you have a session key the remaining process is straightforward decrypt the message using symmetric

39
00:03:36,590 --> 00:03:49,860
cryptography the output is the original text of the message.

40
00:03:49,890 --> 00:03:54,520
By the way of ending this module let me say a few concluding remarks.

41
00:03:56,250 --> 00:03:59,680
Remember that developing a cryptographic system is always difficult.

42
00:04:00,470 --> 00:04:05,870
And creating a cryptographic system that is secure and not vulnerable is perplexing and nearly unfeasable

43
00:04:08,270 --> 00:04:11,890
don't use algorithms you designed yourself in a production environment.

44
00:04:13,510 --> 00:04:18,760
While developing or modifying cryptographic algorithms can be a great intellectual diversion if you're

45
00:04:18,760 --> 00:04:24,520
not a professional cryptographer if your work hasn't been entered into a competition and tested by experts

46
00:04:24,520 --> 00:04:32,710
in the field don't even think of using it and their computer system the same reservations can be applied

47
00:04:32,710 --> 00:04:36,940
to using classified ciphers following Kirchhoff's principle.

48
00:04:41,650 --> 00:04:47,270
And even if you decide to use a well known untested algorithm that has an appropriate strength don't

49
00:04:47,270 --> 00:04:53,950
experiment with implementations of the algorithm modes of operation don't fall into the trap the electronic

50
00:04:53,950 --> 00:04:55,120
codebook fell into

51
00:04:58,870 --> 00:05:04,300
the Modu uses the Advanced Encryption Standard long plaintexts inputs that is split into blocks on your

52
00:05:04,300 --> 00:05:06,750
own and then apply encryption.

53
00:05:06,940 --> 00:05:10,300
Don't do this.

54
00:05:10,510 --> 00:05:15,640
Even the relatively weak algorithms like R-S.C. for that are vulnerable to adaptive known plaintext

55
00:05:15,640 --> 00:05:20,230
attacks if implemented correctly are resistant to the threats.

56
00:05:22,440 --> 00:05:30,150
Even a slight modification for example adding an additional round or an additional permutation don't

57
00:05:30,150 --> 00:05:31,860
modify things on your own.

58
00:05:33,740 --> 00:05:41,630
Apart from this keep in mind at all times the crucial rule your system is only as secure as the weakest

59
00:05:41,630 --> 00:05:42,390
element.

60
00:05:44,460 --> 00:05:49,800
System vendors often try to obscure this by claiming for example that their solution guarantees total

61
00:05:49,800 --> 00:05:55,710
security because connection to some banks service requires using a four kilobyte RSA key.

62
00:05:55,800 --> 00:06:02,700
What they hide is that a formula by key is then used to encrypt a 56 bit key and that the following

63
00:06:02,700 --> 00:06:08,310
transmission which is symmetric since a hybrid scheme is used proceeds with the weak and vulnerable

64
00:06:08,310 --> 00:06:09,150
DSL.

65
00:06:09,160 --> 00:06:17,730
Rhythm of potential attacker will not try to crack for kilobyte RSA key there will directly target the

66
00:06:17,730 --> 00:06:21,330
D.S. encryption.

67
00:06:21,410 --> 00:06:22,840
Thank you for your attention.