WEBVTT

00:00.870 --> 00:07.230
Let me introduce you to my friends Alice and Bob now Alice and Bob want to send each other encrypted

00:07.230 --> 00:07.990
data.

00:08.400 --> 00:15.180
Now if you've been watching the episodes in order you've seen examples of encryption where we take some

00:15.180 --> 00:23.040
piece of plain text we use a key and then we encrypt it with that key and then we decrypt it with the

00:23.040 --> 00:25.270
exact same key.

00:25.290 --> 00:28.010
That's what we call symmetric encryption.

00:28.050 --> 00:34.920
So if Alice wants to encrypt something she's going to encrypt it with a key and then in order for Bob

00:34.920 --> 00:35.970
to decrypt it.

00:36.030 --> 00:37.950
He's going to need the same key.

00:38.130 --> 00:44.100
And that is a big problem with symmetric encryption you see with symmetric encryption it's easy to send

00:44.100 --> 00:46.760
the encrypted stuff from one person to another.

00:46.890 --> 00:48.540
But how do you send the key.

00:48.720 --> 00:50.220
And this is always a big problem.

00:50.220 --> 00:57.450
So the key that Alice and Bob are using right now to deal with this one particular bit of thing they're

00:57.450 --> 01:00.800
doing is going to be called a session key.

01:00.840 --> 01:05.730
They might use a different key later but for this one piece of encryption and decryption they're going

01:05.730 --> 01:07.180
to have one session key.

01:07.180 --> 01:08.980
So how does Alice get it to Bob.

01:09.290 --> 01:11.160
And well you've got some choices.

01:11.160 --> 01:17.770
The big thing we use when we talk about these forms of symmetric keys is the words in-band out-of-band

01:18.300 --> 01:22.680
when we say in-band we're basically saying well I'm going to send the key with the encrypted data.

01:23.430 --> 01:24.950
Doesn't sound very smart does it.

01:24.990 --> 01:30.930
Well then it isn't because if we were to send the key with the encrypted data assuming that Kirchhoff's

01:30.930 --> 01:35.070
principle is involved somebody could figure out the algorithm and decrypt it on their own.

01:35.070 --> 01:38.480
So sending stuff in-band is risky.

01:38.490 --> 01:44.010
Now we could go to out-of-band for example Alice could get on her bicycle and ride over to Bob's.

01:44.130 --> 01:47.520
But then we almost kill the whole concept of wanting to do encryption right.

01:47.520 --> 01:52.380
Because in that case she could just send a letter or something put it in her back pocket and hand it

01:52.380 --> 01:53.580
to Bob.

01:53.580 --> 01:58.470
So this is a big challenge that we run into with symmetric encryption.

01:58.470 --> 02:04.890
Now what I need to stress to you right now is that symmetric encryption is the primary way that we encrypt

02:04.890 --> 02:12.750
data and I'm about to show you some very clever ways that we do things that allow us to exchange a session

02:12.750 --> 02:16.310
key without anybody being able to figure out how this works.

02:16.530 --> 02:24.210
So another term we run into is the concept called ephemeral key and ephemeral key simply means a key

02:24.480 --> 02:27.410
that's temporary in this particular case.

02:27.570 --> 02:32.770
Alice can invent a key out of the blue and she'll never use it again.

02:32.880 --> 02:36.090
And that way the key is simply temporary and never used.

02:36.090 --> 02:45.360
When you set up keys in such a way that knowledge of a key used in a previous session keeps you from

02:45.360 --> 02:51.810
being able to crack in a current session we call that perfect forward secrecy.

02:51.990 --> 02:58.860
So the beautiful part about ephemeral keys assuming that Alice can generate keys that are arbitrary

02:58.860 --> 03:00.690
to the outside person.

03:00.780 --> 03:03.180
Is that an ephemeral key.

03:03.270 --> 03:04.140
Done right.

03:04.140 --> 03:10.710
Always provides perfect forward secrecy so if somebody cracked a session six months ago it's not going

03:10.710 --> 03:12.000
to do him any good today.

03:12.000 --> 03:14.290
So that's an important concept.

03:14.370 --> 03:21.120
So we still have the problem though of how do we exchange a session key and to do that we do something

03:21.120 --> 03:23.210
that's absolutely fascinating.

03:23.280 --> 03:30.240
We do something that's called asymmetric encryption asymmetric encryption doesn't use a key.

03:30.240 --> 03:33.520
It uses the ready a key pair.

03:33.540 --> 03:41.530
So what else is going to do is on her computer she's going to generate two completely separate keys.

03:41.550 --> 03:48.990
Now these two keys are known as a public key and a private key and the cornerstone of asymmetric decryption

03:48.990 --> 03:50.470
works like this.

03:50.730 --> 03:53.760
The public key is given to anybody.

03:53.760 --> 03:54.450
All right.

03:54.510 --> 03:57.510
And the private key is kept by Alice.

03:57.510 --> 04:02.550
In fact it's put on a protected part of her harddrive so that nobody can accidentally get to it it's

04:02.550 --> 04:03.950
very protected.

04:04.170 --> 04:12.780
The public key is only used to encrypt and the private key is only used to decrypt.

04:12.780 --> 04:14.640
So let's watch how this works.

04:14.640 --> 04:20.610
So what'll happen is that Alice will generate a key pair and then she will send this public key she

04:20.610 --> 04:24.690
can set it and band can do anything she wants over to Bob.

04:24.690 --> 04:29.700
Now Bob with that public key he can take whatever he wants to encrypt.

04:29.730 --> 04:37.230
He will encrypt it with Alice's public key and the only person who can decrypt it is Alice because she

04:37.230 --> 04:38.760
has a private key.

04:38.760 --> 04:41.700
So it's actually fascinating where we have this public and private key.

04:41.700 --> 04:50.160
Now the downside to asymmetric encryption is that you use these is that Bob can only encrypt and send

04:50.160 --> 04:51.460
stuff to Alice.

04:51.570 --> 04:57.210
Now if we want to reverse that process Bob is going to have to generate himself a public and a private

04:57.210 --> 05:01.510
key and we'll say the yellow is the public key.

05:01.680 --> 05:07.620
I'm going to put his private key over here and he can send this to Alice and send it to anybody who

05:07.920 --> 05:08.770
wants to.

05:08.940 --> 05:18.090
And now Alice can now encrypt stuff for Bob and that way we can actually go through this process of

05:18.090 --> 05:20.850
creating these forms of encryption.

05:20.850 --> 05:26.940
Now the important thing you need to understand here is that it sounds that this asymmetric is going

05:26.940 --> 05:33.930
to be a lot better than symmetric and in many ways it is the big problem is is that asymmetric encryption

05:33.940 --> 05:38.880
First of all it requires these key generations these keys have to be exchanged somebody has to keep

05:38.880 --> 05:40.620
track of where these keys are.

05:40.620 --> 05:45.900
So asymmetric while it works very well and it certainly protects your keys.

05:45.900 --> 05:49.620
The downside is that it is slow and a little bit onerous.

05:49.620 --> 05:55.650
So in other episodes we're going to see that we use asymmetric encryption not really so much to encrypt

05:56.070 --> 06:00.750
but to simply be able to exchange a session key in a secure way.

06:00.750 --> 06:05.000
And once that session is generated we go back to good ole symmetric encryption.

06:05.010 --> 06:12.510
So what you start to see is that we develop these fairly complex what we call crypto systems a crypto

06:12.510 --> 06:19.900
system is a very very defined piece of cryptography that programmers can use to actually get stuff done.

06:19.980 --> 06:25.290
If we were looking at that X or encryption we talked about another episode you would say stuff like

06:26.070 --> 06:33.430
the key has to be at a very thick size and you only run one X or encryption.

06:33.480 --> 06:40.230
If we were doing symmetric keys a crypto system would define the key must be so long what are the different

06:40.230 --> 06:43.470
types of communication that go back and forth between Alice and Bob.

06:43.550 --> 06:45.240
To properly do the exchange.

06:45.240 --> 06:50.670
What's actually going on on Bob's Shien or Alliss machine to encrypt and decrypt.

06:50.760 --> 06:58.560
So cryptography may be algorithms and keys but it cryptosystem is a highly defined process that programs

06:58.770 --> 07:03.180
do that actually make cryptography work in the I.T. world

07:03.960 --> 07:08.250
in

07:10.950 --> 07:15.930
an

07:19.230 --> 07:22.860
open.