WEBVTT

00:00.520 --> 00:04.650
The world of computing didn't start with encryption being built into it.

00:04.810 --> 00:09.220
We could easily say that computing started in the late 1940s.

00:09.310 --> 00:16.420
So from the 1940s up until the late 1970s the idea of encrypting a mainframe computer just didn't make

00:16.420 --> 00:18.130
any sense whatsoever.

00:18.160 --> 00:23.050
Well over time we began discover you know with the Cold War and things like that that our computers

00:23.050 --> 00:28.000
we didn't want people looking into him and figuring out the data or we were moving data from one computer

00:28.000 --> 00:30.030
to another via phone lines or something.

00:30.160 --> 00:32.230
And we didn't want people to see that information.

00:32.290 --> 00:35.550
So we had to go about the process of encryption.

00:35.560 --> 00:40.640
Now when you're encrypting in the I.T. world you have to develop algorithms.

00:40.810 --> 00:44.080
Now these algorithms if you've been watching other episodes.

00:44.080 --> 00:49.690
Number one they have to be known to everybody everybody understands the algorithm and they have to have

00:49.960 --> 00:54.600
a key of different lengths and then that key has to be kept secret.

00:54.610 --> 01:01.240
So the first generation of encryption that we still see these today used what were known as a symmetric

01:01.270 --> 01:07.210
key algorithm symmetric key simply means that the person who encrypts it needs the key and then you

01:07.210 --> 01:10.810
take that key and the person who decrypts it uses the same key.

01:10.900 --> 01:13.520
It's the same key for encrypting and decrypting.

01:13.570 --> 01:17.650
Now that may seem obvious to you but if you watch other episodes you'll see there's other ways to do

01:17.650 --> 01:18.850
it anyway.

01:18.940 --> 01:23.080
So what we're going to be talking about are symmetric in Krishan algorithms.

01:23.080 --> 01:27.450
And what I want to stress is the idea of something called a block.

01:27.590 --> 01:34.900
Now a symmetric block algorithm simply means that I don't care how much data you have it takes off a

01:34.930 --> 01:35.910
chunk o data.

01:35.920 --> 01:42.010
So if it's a huge word document it takes off X amount of bytes at the beginning and encrypts that sends

01:42.010 --> 01:47.140
it off to the side then grabs another block encrypts that sends it off to the side and keeps going like

01:47.140 --> 01:48.610
that until it's all the way done.

01:48.610 --> 01:50.240
There's other ways to do it.

01:50.260 --> 01:58.150
So the first type of popular symmetric block encryption ever created was known as the data encryption

01:58.150 --> 02:05.320
standard or D.S. This was invented primarily by IBM but other people contributed as well and it developed

02:05.320 --> 02:11.380
as the first open standard used heavily by the United States government and it's still in use today.

02:11.440 --> 02:18.160
Now in other episodes we've seen Cesar Siver and vision and even a simple X or encryption.

02:18.160 --> 02:23.820
Let me show you how hairy a typical encryption is done using D.S..

02:23.950 --> 02:28.990
The first step of D.S. encryption is to grab a 64 bit chunk of plaintext from the data stream we wish

02:28.990 --> 02:29.820
to encrypt.

02:30.070 --> 02:34.970
We perform what's known as an initial permutation a very specific stirring of the data.

02:35.110 --> 02:35.660
OK.

02:35.920 --> 02:40.450
Let's go ahead now that we've done the initial permutation and set the data aside for a moment and let's

02:40.450 --> 02:41.720
look at the key.

02:41.740 --> 02:42.520
So here's our key.

02:42.520 --> 02:45.900
Now the first thing we're going to do is drop the last eight bits off the key.

02:46.000 --> 02:49.630
We split that key into two 28 bit chunks.

02:49.630 --> 02:54.940
We then grab the first 24 bits from each half and put them together and we've created what's known as

02:54.940 --> 02:57.920
a subkey which is 48 bits.

02:57.920 --> 02:58.760
Cool right.

02:58.810 --> 03:00.210
Now let's get back to our data.

03:00.370 --> 03:02.990
We're going to perform what's known as a Feistel function.

03:02.990 --> 03:04.790
It works kind of like this.

03:04.840 --> 03:08.540
We're going to take the 64 bits and split it into two 32 bit halves.

03:08.680 --> 03:12.730
We then set one of the halves aside and we're all going to work on this one right here.

03:13.650 --> 03:20.630
So we're going to expand this half into a 48 bit chunk of data using an expansion function.

03:20.730 --> 03:26.820
We're then going to apply an X or function of this using the subkey we've already generated.

03:26.820 --> 03:34.620
Next we're going to use what are called X-boxes indeed X-boxes take in 64 bits and output for bits.

03:34.620 --> 03:38.900
There are eight different boxes and each one gives a different forbit output.

03:39.090 --> 03:45.360
So we apply the eight S-box to the data creating a 32 bit output and then we're going to do what we

03:45.360 --> 03:47.620
call a final permutation.

03:47.730 --> 03:51.720
We then put the two 32 bit chunks back together but backwards.

03:51.720 --> 03:54.070
And that completes a single Feistel function.

03:54.150 --> 03:54.910
That was fun.

03:54.990 --> 03:56.400
So let's do it again.

03:56.520 --> 04:01.150
We'll shift a few bits on the subkey we'll split the data set aside we go ahead and expand it.

04:01.150 --> 04:02.520
We are the subkey.

04:02.600 --> 04:08.370
We've applied this S-box is one more time we throw in a permutation we put the data back together get

04:08.370 --> 04:09.080
the idea.

04:09.120 --> 04:16.960
Great let's do it 14 more times Wow seems a little complicated right now.

04:16.970 --> 04:24.260
Keep in mind that what you just looked at was a very very simplified overview of Des's itself.

04:24.260 --> 04:29.150
It's actually a lot more complicated than that but that will at least get you to the idea that they

04:29.150 --> 04:35.540
cool that we can go through this wildly complicated process and using the same key we can decrypt basically

04:35.540 --> 04:38.430
reverse the process and and encrypt.

04:38.450 --> 04:41.000
We can go either direction it's absolutely fascinating.

04:41.240 --> 04:46.690
Now as wildly complicated as that was there were a couple of issues with Dell's.

04:46.760 --> 04:52.490
Number one the big problem with Des's more than anything else was its short key now 56 bits.

04:52.580 --> 04:58.520
Sounds like a wonky to you and me but in reality it's actually kind of short and it allowed it to become

04:58.550 --> 05:01.290
exposed to certain types of attacks.

05:01.310 --> 05:11.030
So by the early 1990s people were saying that we could hack Des's and now in the post 2010 2020 not

05:11.030 --> 05:14.920
that far away Des's can be hacked in certain circumstances.

05:14.960 --> 05:21.240
So even way back in the 90s they started to come up with alternatives to the alternatives you may see

05:21.470 --> 05:23.090
one of them is called Blowfish.

05:23.180 --> 05:25.700
And the other one is called Triple Des's.

05:25.700 --> 05:30.350
Now the thing I want to stress to you is that what we're talking about symmetric block encryptions there

05:30.350 --> 05:35.780
are three things we tend to talk about more anything else we talk about the key size how long the key

05:35.780 --> 05:41.420
is we talk about the number of rounds how many rounds does it go through in its encryption process.

05:41.420 --> 05:43.710
And then we also talk about the block size.

05:43.730 --> 05:48.700
So let's go through Blowfish and trippled as compared to D.S..

05:49.160 --> 05:53.820
OK so let's go ahead and put DSN we know D.S. is a block cipher.

05:53.990 --> 05:56.580
Now it uses a 64 bit block size.

05:56.630 --> 06:00.900
It runs 16 rounds with the key size of 56 bits.

06:01.040 --> 06:07.690
That way I know we say 64 but we take at 8 bits for overhead so it's really 56 bits now.

06:07.910 --> 06:13.970
Triple Des's was also a block encryption also with a 64 bit block size.

06:14.030 --> 06:15.960
It also had 16 rounds.

06:16.070 --> 06:23.500
But basically what it did is it repeated the days process three times so you had 3:56 bit key.

06:23.510 --> 06:29.840
So in essence we had 168 that key Blowfish had a 64 bit block size.

06:29.900 --> 06:31.550
It ran 16 rounds.

06:31.550 --> 06:33.250
And the key size was variable.

06:33.250 --> 06:39.050
It could be as low as 32 bits as high as 448 bits.

06:39.050 --> 06:46.220
By the early 1990s it was obvious to the United States federal government that Des's was a very good

06:46.760 --> 06:52.030
Blowfish wasn't under their control and triple Des's was really just kind of patched together.

06:52.220 --> 06:58.610
And so the National Institute of Standards in the very late 1990s and continued into the early 2000s

06:58.940 --> 07:00.880
started a big competition.

07:01.070 --> 07:06.620
They called it a competition but it was really almost more of a like a like a conference like a big

07:06.620 --> 07:12.530
get together because we'd have people from the private sector in the public sector and from academia

07:12.560 --> 07:18.500
all submitting these new symmetric block encryptions which were going to replace all this stuff and

07:19.130 --> 07:23.420
they kind of work together so they called it the competition but there was a lot of teamwork and we

07:23.420 --> 07:28.620
started off with a few hundred submissions and they got a down to like 12 then they got it down to five.

07:28.760 --> 07:33.180
And then from the top five they basically took a vote because all the top five were very very good.

07:33.380 --> 07:39.740
And one particular algorithm called rainfall became the new what's now known as the Advanced Encryption

07:39.740 --> 07:41.540
Standard in the early 2000s.

07:41.540 --> 07:44.220
Now the Advanced Encryption Standard or alias.

07:44.240 --> 07:46.820
Yes of course it's a symmetric block encryption.

07:46.940 --> 07:52.590
But what's most important about it is that it is even though it's well over 10 years old in fact maybe

07:52.610 --> 07:57.630
getting closer to 20 These days it is in essence still unhappy of.

07:57.650 --> 07:58.950
Knock on wood on that.

07:59.060 --> 08:03.440
And it is an incredibly powerful symmetric encryption.

08:03.440 --> 08:08.140
Now I'm not even going to bother to try to show you the details of how ABS works on the inside.

08:08.210 --> 08:13.640
So let's just put that on our chart so that we know the key sizes and we know the block sizes and we

08:13.640 --> 08:15.030
know the number of rounds.

08:15.410 --> 08:22.790
So yes obviously as a block algorithm it has a block size of 128 bits.

08:22.790 --> 08:26.420
Now let's jump over to key size because you can have three different key sizes.

08:26.420 --> 08:30.940
You can have 128 192 or 256 bit keys.

08:30.930 --> 08:33.670
Basically the bigger the key the more secure you are.

08:33.830 --> 08:40.910
And now going back to round's we would have either 10 12 or 14 rounds depending on whether you had 128

08:40.910 --> 08:44.620
192 or 256 bit key sizes.

08:45.390 --> 08:53.150
Now there is one exception to the world that sounds pretty much dominated by symmetric block ciphers.

08:53.190 --> 08:58.430
There is another way to do it using what we call streaming ciphers.

08:58.440 --> 09:04.260
So instead of taking a chunk encrypting that and sending off taking a chunk encrypted it and sending

09:04.260 --> 09:08.690
it off you can do what's known as streaming in a streaming scenario.

09:08.940 --> 09:15.750
What you'll do is you'll have as each bit comes out of your through a wire or something like that so

09:15.760 --> 09:17.670
we use this in communication a lot.

09:17.670 --> 09:22.520
It literally will encrypt one bit at a time randomly making it a 1 or 0.

09:22.530 --> 09:28.680
Well it's not random it's called pseudo random but it will create it in such a way that it literally

09:28.680 --> 09:31.230
encrypts one bit at a time.

09:31.230 --> 09:38.760
So to make this easy for us there really is only one type of streaming symmetric encryption out there

09:39.030 --> 09:40.660
and that's known as RC 4.

09:40.680 --> 09:42.360
So let's throw him on the list too.

09:42.660 --> 09:48.770
So RC 4 is a streaming type of encryption.

09:48.780 --> 09:52.110
It really doesn't use block sizes it's one bit at a time.

09:52.170 --> 09:56.970
And because it only gets to see that bit once there's only one round when you're using that stream and

09:56.970 --> 10:02.310
kept encryption and the key size and this is often the case if you don't have a lot of rounds you often

10:02.310 --> 10:03.830
want to use really big keys.

10:03.870 --> 10:09.610
So the key size can be as small as 40 bits and can go up to 2048 bits.

10:09.840 --> 10:15.340
You have gone through a lot of different types of symmetric encryptions here.

10:15.390 --> 10:22.230
Now the thing about algorithms you need to understand is that at no time are you going to have to set

10:22.230 --> 10:23.850
these things up.

10:23.970 --> 10:28.860
Really we live in a world where we have these already programmed it and we're going to cover this and

10:28.860 --> 10:29.940
other episodes.

10:29.940 --> 10:33.410
But to give you one example we've probably all done wireless networks.

10:33.540 --> 10:40.080
If you set up your wireless access point to use WPA encryption you're actually using RC for Whereas

10:40.080 --> 10:44.390
if you set up for WPA too you're actually using abs encryption.

10:44.430 --> 10:51.090
So it's not so terribly important to me that you know the real complete detail difference between say

10:51.090 --> 10:57.430
Des's and triple Des's what is important is that you have a rough understanding of these types of encryptions

10:57.450 --> 11:01.420
you need to understand that they are all symmetric they all share the same key.

11:01.560 --> 11:08.100
And then also they can either be block most of them or block and with the exception of RC 4 can be streaming.

11:08.100 --> 11:11.430
So you're gonna want to take a moment to memorize that type of stuff.

11:11.610 --> 11:17.460
But the cool part is is that while we understand that we take advantage of systems that are pre-built

11:17.460 --> 11:18.000
in.

11:18.000 --> 11:23.280
So when we make choices at a higher level it's going to help determine the type of encryption that we're

11:23.280 --> 11:38.190
going to use.