WEBVTT

00:00.330 --> 00:08.040
Symmetric algorithms are fantastic ways to encrypt and decrypt data but symmetric algorithms have one

00:08.040 --> 00:09.120
big problem.

00:09.120 --> 00:12.500
You use the same key to encrypt that you do to decrypt.

00:12.630 --> 00:16.760
And in the real world that can cause some very serious issues.

00:16.770 --> 00:18.950
Now in order to show you what those issues are.

00:19.110 --> 00:22.380
Let me introduce you to my friends Alice and Bob.

00:22.510 --> 00:27.840
Now Alice and Bob what to send each other encrypted data of some form or another.

00:27.840 --> 00:30.440
Now it doesn't matter at this point what they're sending.

00:30.540 --> 00:35.880
Alice could be a web server and Bob could be a web browser or Allison Bob could be sending each other

00:35.880 --> 00:38.540
encrypted e-mail or they could be talking on Skype.

00:38.550 --> 00:41.100
I don't care what they're actually doing.

00:41.160 --> 00:44.060
They simply want to send each other encrypted data.

00:44.220 --> 00:49.470
Now if we were to use a symmetric algorithm like eight Yes that's a great algorithm.

00:49.470 --> 00:55.980
The only downside to ABSs is that the same key that Alice is going to use to encrypt has to be used

00:55.980 --> 00:57.440
by Bob to decrypt.

00:57.450 --> 00:59.970
So how does Alice get the key to Bob.

00:59.970 --> 01:07.320
And that's where the problem comes in asymmetric decryption are vulnerable to people like Eve here who

01:07.320 --> 01:12.540
are listening in if elsewhere to send the key via an e-mail or something like that than Eve could get

01:12.540 --> 01:16.110
a copy of it and she could decrypt our encoded information.

01:16.110 --> 01:22.330
So this is always a big problem with symmetric types of encryption.

01:22.380 --> 01:28.890
The secret to getting around this problem is to not just use one key to both encrypt and decrypt.

01:28.920 --> 01:38.310
The secret is is to use two keys one key can only encrypt and one key can only decrypt and this key

01:38.610 --> 01:45.120
can only encrypt in such a way that only this key can decrypt it so you can have a bunch of other keys.

01:45.150 --> 01:50.130
But if you don't have this key pair and you don't have them set up the right way you're not going to

01:50.130 --> 01:51.150
be able to do anything.

01:51.150 --> 01:57.930
So this is a very powerful idea and we call this asymmetric encryption so asymmetric encryption will

01:57.930 --> 02:00.480
always consist of what we call a key pair.

02:00.510 --> 02:03.830
Now one key is one key we just give out to anybody who wants it.

02:03.830 --> 02:09.090
You know even the bad guys go ahead have a copy of the bad guy because the only thing that this can

02:09.090 --> 02:13.180
do is encrypt data that can only be decrypted by this one.

02:13.320 --> 02:18.660
So this one that we send out to everybody we call this the public key so we send this out to whoever

02:18.660 --> 02:19.900
wants it now.

02:19.920 --> 02:21.480
That way somebody could go out there.

02:21.480 --> 02:27.570
If I give them my public key they can encrypt and then send me something or if I've got a web page they

02:27.570 --> 02:31.220
can encrypt it and send it to me or whatever it is they can send it to me.

02:31.230 --> 02:38.610
And the only person who can decrypt from this public key is me with what we call the private key.

02:38.610 --> 02:45.190
So when we talk about asymmetric we're talking about two keys a public key and a private key.

02:45.210 --> 02:50.230
Now there's a whole bunch of ways to do this and I want to go through some of the examples right now.

02:50.220 --> 02:53.430
Let's start with probably the grandad of all good old RSA

02:57.910 --> 03:05.320
RSA stands for Rivest Shamir and Edelman three guys who got together and back in the late 1970s came

03:05.320 --> 03:10.080
up with a whole bunch of algorithms and protocols which are collectively known as RSA.

03:10.090 --> 03:12.870
Now in this point I want to cover the most basic parts.

03:12.970 --> 03:15.810
So RSA is an asymmetric algorithm.

03:15.940 --> 03:21.780
So that means we have to have a public private key the public key encrypts and the private key decrypts.

03:21.850 --> 03:28.420
So RSA number one specifies how do you as an individual host generate your own public and private key

03:28.420 --> 03:29.100
pair.

03:29.290 --> 03:34.480
And then secondly how we go about sending public keys to people that we want to talk to.

03:34.720 --> 03:40.900
Now I don't know about you but I find it utterly fascinating that somebody can use groovey math to take

03:40.900 --> 03:43.480
one algorithm and you take that one algorithm.

03:43.570 --> 03:47.990
You show in a public key you take some plaintext and outcome ciphertext.

03:48.010 --> 03:53.500
Now you take the same algorithm you pull out your public key put in your private key and you take that

03:53.500 --> 03:57.550
ciphertext and it comes out as plaintext Well it absolutely works.

03:57.550 --> 04:04.010
Now the math behind RSA is pretty advanced and you don't need to know it for the exam.

04:04.120 --> 04:08.520
But I want to give you at least a little bit of a tease to get an idea of how all this works.

04:08.530 --> 04:14.300
So what I'd like you to do is talk about factoring a little bit so let's take the number 12 for example.

04:14.320 --> 04:18.370
Now the factors are all the numbers that can be multiplied together to come up with 12.

04:18.370 --> 04:22.590
So just from experience we know three times four equals 12.

04:22.720 --> 04:24.620
We know two times six equals 12.

04:24.760 --> 04:27.070
And of course one times 12 equals 12.

04:27.070 --> 04:32.650
So it's fairly trivial for us for a small number like this to come up with all the factors for the number

04:32.650 --> 04:33.660
12.

04:33.670 --> 04:39.550
Now there are lots of numbers out there that can only be divided by themselves like for example the

04:39.550 --> 04:47.560
number 11 is a number that can only be divided by itself we call that a prime number so a prime number

04:47.650 --> 04:53.410
like a lead that is fairly easy to look at and we can say well we can only multiply that times 1 and

04:53.410 --> 04:54.250
11.

04:54.310 --> 05:01.510
But if you take two prime numbers and you multiply them together so 11 and 17 say we get what's known

05:01.510 --> 05:05.650
as a send the prime number which is in this case 187.

05:05.650 --> 05:10.910
Now if I had taken 11 and 17 away and I said go ahead and factor that.

05:10.990 --> 05:12.680
How long do you think it would take you to do it.

05:12.700 --> 05:14.190
It would take you a while.

05:14.200 --> 05:22.260
There is no easy groovey mathematical way to do factoring all factoring is basically done by brute force.

05:22.270 --> 05:27.260
Now again because 187 is a relatively small number you can figure that out.

05:27.310 --> 05:30.900
But how about if I generate a slightly larger 70 prime number like.

05:31.090 --> 05:32.070
How about that.

05:33.560 --> 05:38.000
I'll take a minute in fact I'll take 15 minutes right now on the video and let you go ahead and try

05:38.000 --> 05:39.360
to figure that one out.

05:39.590 --> 05:41.090
No I'm kidding I'm kidding.

05:41.090 --> 05:43.750
Let me go ahead and generate those answers for you.

05:43.760 --> 05:46.640
The bottom line is that it's very very hard to factor.

05:46.730 --> 05:55.400
So in the world of RSA we start off with values that can be oh so like forty thousand ninety six bits

05:55.400 --> 05:56.160
long.

05:56.240 --> 06:00.090
So how about a number like this and that isn't even 40 96 bits worth.

06:00.110 --> 06:02.060
Do you think you could factor that one easily.

06:02.060 --> 06:06.410
Why don't you go ahead and get your best supercomputer and take a couple of hundred years and you tell

06:06.410 --> 06:09.530
me what the two prime numbers are that generate this value.

06:09.830 --> 06:15.140
That's the cornerstone of our s a is to be able to take two large prime numbers multiplied together

06:15.140 --> 06:17.050
to generate a semi prime number.

06:17.090 --> 06:20.240
The actual math behind this is wildly complicated.

06:20.240 --> 06:25.130
There are wonderful resources on the Internet that you can look at if you really want to get into the

06:25.130 --> 06:30.140
math but that is the process we use to generate our initial key pair.

06:30.140 --> 06:31.860
Now once we had that key pair.

06:31.970 --> 06:37.160
Let's go ahead and use Alice and Bob and show you how an RSA key exchange takes place.

06:37.160 --> 06:41.830
Now Allison Bob want to communicate via RSA asymmetric encryption.

06:41.990 --> 06:46.250
So the first thing they're going to do is generate each of their own key pairs.

06:46.400 --> 06:50.380
And this is done through whatever software is supplied for that particular application.

06:51.110 --> 06:55.160
And then they go about the process of exchanging their public keys.

06:55.160 --> 07:00.500
Now keep in mind if each grabs one of these public keys it doesn't really make any difference because

07:00.770 --> 07:05.540
the only thing Eve could do would be encrypt something and then send it to somebody else for them to

07:05.540 --> 07:06.320
decrypt.

07:06.590 --> 07:13.160
But there is a problem and that is what if Eve pretends to be Alice or Bob.

07:13.400 --> 07:20.030
Well the RSA guys thought about that stuff ahead of time and s a includes all kinds of protocols that

07:20.030 --> 07:24.020
do things that include what we call authentication.

07:24.020 --> 07:30.050
Now we have entire episodes that cover all of this stuff in fact boils down to digital signatures and

07:30.050 --> 07:32.000
certificates just to give you an idea.

07:32.120 --> 07:36.100
But that even goes beyond the basics of what I want to cover in this episode.

07:36.110 --> 07:41.690
So go ahead and check out those episodes if you really want to get into the details of what makes this

07:41.690 --> 07:43.500
a very very powerful.

07:43.640 --> 07:47.870
Now RSA is great but it's been around for a long long time.

07:47.900 --> 07:57.080
When RSA first came out it had very short keys 256 bit keys 512 bit keys 1024 bit keys and in the last

07:57.080 --> 08:03.560
few years the Internet folks have said if you're going to use RSA use at least a 2048 bit key as your

08:03.560 --> 08:09.050
absolute minimum size because computers are getting better and people are figuring out how to crack

08:09.230 --> 08:10.730
the smaller keys.

08:10.790 --> 08:16.420
So even though RSA goes up to 40000 ninety four thousand ninety six.

08:16.490 --> 08:22.430
The problem that we run into is that these become big keys and people have to keep copies of keys and

08:22.700 --> 08:30.080
it becomes kind of a bit of a pain and that's why we came up with a new type of methodology called ECAC

08:35.000 --> 08:41.420
elliptic curve cryptography or ECAC is probably about the hottest thing that's going right now in terms

08:41.420 --> 08:43.220
of asymmetric algorithms.

08:43.490 --> 08:52.550
The power of ECAC is that it can provide us very very small keys that we can transfer around that have

08:52.550 --> 08:55.820
the same robustness as much larger RSA keys.

08:55.830 --> 09:02.160
So write down don't hold me to this because there's differences of opinion but basically a three thousand

09:02.160 --> 09:09.130
seventy two bit are as a key can now be replaced with roughly a 256 bit ECAC key.

09:09.140 --> 09:15.500
So that is one of the biggest benefits of A.S.C. also generated these keys and going through the encryption

09:15.500 --> 09:20.690
decryption process is a lot faster than an RSA even That's arguable though.

09:20.900 --> 09:25.110
The bottom line is that ECAC is based on an elliptic curve formula.

09:25.130 --> 09:26.820
It looks basically like this.

09:27.810 --> 09:30.780
So this formula when plotted on a graph.

09:30.870 --> 09:35.190
Well look well in one of many iterations will look something like this.

09:35.460 --> 09:42.090
So you can actually do as you can plot a point on the curve and through a lot of fascinating mumbojumbo

09:42.300 --> 09:49.770
can generate a key pair that is extremely robust extremely fast and extremely small compared to RSA

09:50.580 --> 09:54.340
A.S.C. is only now starting to come out in a big big way.

09:54.360 --> 09:58.900
But we're seeing it take over more and more everyday.