WEBVTT

00:00.480 --> 00:04.860
If you've been following along on my videos you should be pretty comfortable with a lot of different

00:04.860 --> 00:08.810
encryption algorithms that we use in today's I.T. world.

00:08.810 --> 00:15.120
What I want to do now is take these algorithms and actually plug them into the real world to see real

00:15.120 --> 00:21.760
protocols and real applications that use a yes or RSA or whatever it might be.

00:21.930 --> 00:28.620
Now before we do that I want to make sure you're comfortable with something when we talk about networking

00:28.710 --> 00:30.240
and technology today.

00:30.330 --> 00:37.140
We're pretty much talking about the world of TZP IP and the Internet as a whole so when we're doing

00:37.140 --> 00:43.590
encryption we're usually talking about the Internet and everything on the Internet runs on top of TCAP

00:43.590 --> 00:43.840
IP.

00:43.840 --> 00:50.940
Now that's important because TCAP IP and the Internet really kind of predate encryption the whole world

00:50.940 --> 00:57.000
of TZP IP and what eventually became the Internet was invented by a bunch of arguably hippies.

00:57.000 --> 01:02.550
I'd like you guys are nice hippies but they never really thought about encryption or security or anything

01:02.550 --> 01:04.020
like that it was open and free.

01:04.020 --> 01:05.470
Man it was all cool.

01:05.610 --> 01:12.360
Well the first time somebody logged in to eBay to buy a pair of sneakers suddenly motivated us to get

01:12.360 --> 01:13.550
into the world of a cripple.

01:13.560 --> 01:17.470
Now encryption predates the World Wide Web.

01:17.700 --> 01:23.970
But the important thing I need you to get in your head right now is that we had all kinds of applications

01:23.970 --> 01:24.760
out there.

01:24.780 --> 01:26.820
Email the web.

01:27.340 --> 01:32.040
Telenet all kinds of stuff out there that really didn't have encryption.

01:32.070 --> 01:40.260
So we spent a lot of the 80s and 90s and we still do it today taking unencrypted applications and either

01:40.260 --> 01:46.590
completely rewriting them so that they are encryption capable or inventing protocols that we slid under

01:46.680 --> 01:49.790
unencrypted applications to make them secure.

01:49.830 --> 01:56.550
So the best place to start is to understand a very very famous encrypted protocol called S-sh.

01:56.550 --> 01:58.770
Now to give you an idea what's happening here.

01:58.950 --> 02:05.920
I've got my little laptop here is running an S-sh server called free as SAHD wonderful free S-sh server.

02:06.000 --> 02:12.570
And over here on my main machine I'm running the very popular puttee program puttee is a client for

02:12.570 --> 02:13.840
all kinds of stuff.

02:13.920 --> 02:18.980
But in this case we're going to be running puttee as an S-sh client and connecting to this guy.

02:19.080 --> 02:20.700
So let's watch all this in action.

02:23.620 --> 02:28.120
So to connect to my S-sh I'm going to go ahead use good old putty here.

02:28.120 --> 02:31.040
Everybody knows about puttee if you don't know about it you should.

02:31.150 --> 02:36.280
So what I need do is just type in the IP address of the machine I want to connect to.

02:36.280 --> 02:39.660
Now I want you to look very carefully here you see I typed in an IP address.

02:39.670 --> 02:42.420
It uses port 22 that's at S-sh port.

02:42.550 --> 02:45.720
And you'll notice that puttee can do all kinds of other connections.

02:45.850 --> 02:49.720
But in this case I want to do S-sh so I have s s h.

02:49.960 --> 02:51.600
Clicked on radio button.

02:51.700 --> 02:52.820
So I hit open.

02:52.900 --> 02:55.450
Now the first thing I want you to notice is right here.

02:55.630 --> 03:00.130
This is a standard function of S S H S S H.

03:00.130 --> 03:05.980
Always has the server first pass you his it's really they call it a certificate but it's really just

03:05.980 --> 03:06.820
a key.

03:06.970 --> 03:12.880
And this particular key is going to be used to make the initial key exchange so that we can go ahead

03:12.880 --> 03:14.920
and start sending each other encrypted data.

03:15.130 --> 03:21.420
So if we take a look at this I'm going to go ahead and say yes and if I want to I can go ahead and log

03:21.420 --> 03:21.560
in.

03:21.570 --> 03:26.220
Now I'm going to get the log in for right now not because I don't want to log in but because I want

03:26.220 --> 03:31.780
to show you how we set all this up within an encrypted application like S-sh.

03:31.770 --> 03:34.760
So let me bring the backup now.

03:34.850 --> 03:36.690
I'm going to bother connecting right now.

03:36.720 --> 03:40.100
What I want you to do is look down here you see it says S-sh.

03:40.490 --> 03:43.850
These are the settings for S-sh.

03:43.850 --> 03:46.490
Now first of all we're going to have a key exchange.

03:46.490 --> 03:52.670
Remember the bottom line here is that on almost any encrypted application or protocol number one you

03:52.670 --> 03:54.100
do some kind of key exchange.

03:54.110 --> 03:59.390
So everybody gets a symmetric key and then you use a symmetric key to send all your encoded data and

03:59.390 --> 04:06.290
S-sh certainly works just like that now if you'll take a look there are three different kinds of Diffie

04:06.290 --> 04:10.490
Hellman here don't worry about the different kinds just know that it's got three different ways to do

04:10.490 --> 04:14.050
Diffie Helman and then it has RSA.

04:14.390 --> 04:21.350
So what you're looking at here is the order by which this particular client wants to do the key exchange.

04:21.440 --> 04:25.050
And that order is important because that is a order of preference.

04:25.280 --> 04:31.460
So this is how the client will talk to the server to actually decide how they're going to do the key

04:31.460 --> 04:32.960
exchange.

04:32.990 --> 04:34.770
Next down here is the cipher.

04:34.880 --> 04:38.980
So once the key exchange is done what kind of encryption do you want to use.

04:38.990 --> 04:44.690
Now you'll notice appeared at the top and says Yes yes is the big standard that someone we would expect

04:44.690 --> 04:45.670
to see at the top.

04:45.860 --> 04:51.500
But then it goes down it could use Blowfish or it could use triple Des's or it could use arc for which

04:51.500 --> 04:53.160
I've never even heard of before.

04:53.300 --> 04:54.560
And then Des's.

04:54.560 --> 05:03.740
So this is how s s h negotiates all of the things we need to do in order to go ahead and make a connection.

05:03.770 --> 05:08.990
Now to watch this in action what we really need to do is head over to my laptop because we're going

05:08.990 --> 05:15.110
to do is light up the S-sh server and let me show you the S-sh server has basically the same type of

05:15.110 --> 05:16.500
functions.

05:16.520 --> 05:19.130
So this is what free S-sh looks like when it's running.

05:19.130 --> 05:21.580
So right now I'm running an S-sh server.

05:21.580 --> 05:26.840
It does other stuff but I'm not interested in talking about it right now what I am interested in is

05:26.840 --> 05:32.300
a few of the things in here for example now on authentication I could just use a password if I wanted

05:32.300 --> 05:35.570
to but I also have this key authentication.

05:35.690 --> 05:39.870
And right now it says that that's allowed because that's the main way I like to use this.

05:39.920 --> 05:44.120
Now once that takes place though I need to set an encryption.

05:44.120 --> 05:50.150
So on the server side you'll see he has a list of encryptions that he likes to connect to.

05:50.160 --> 05:54.920
So SS H is a secure application.

05:54.920 --> 05:58.710
The actual algorithms are built into SS h.

05:58.730 --> 06:04.570
So what will take place is when these guys connect to each other the client's going to say oh here are

06:04.940 --> 06:08.700
the ways I like to connect and the server is going to go well here's the ways I like to connect.

06:08.840 --> 06:14.030
And then the client will make a decision based on its pecking order how the actual connection takes

06:14.030 --> 06:14.550
place.

06:14.660 --> 06:17.620
And from there everything else is completely transparent.

06:17.660 --> 06:20.200
So the key exchange is transparent.

06:20.240 --> 06:25.760
The actual symmetric key which is then established and all the data is encrypted via symmetric and it

06:25.760 --> 06:26.930
works beautifully.

06:27.200 --> 06:34.270
So S-sh is kind of unique though because it is an application that has built encryption into it.

06:34.340 --> 06:40.160
Now a lot of other things we do on the internet don't work quite the same way and probably one of the

06:40.160 --> 06:43.480
best examples of that would be good old HTP.

06:43.760 --> 06:49.820
Now when you connect to a web page the web page itself by default is not encrypted.

06:49.820 --> 06:58.040
So what we do is we use a protocol called transport layer security or LS which actually acts as an intermediary

06:58.340 --> 07:08.000
between the web page and our individual web browser and acts as an intermediary that does all the encryption.

07:08.000 --> 07:15.200
So what will happen is we build these protocols into our web servers and to our web clients to make

07:15.200 --> 07:16.730
that work.

07:16.730 --> 07:23.200
Now what's actually cool about T.L. less is that T.L. S was invented for Web sites.

07:23.300 --> 07:29.480
However TLM less because of the way it works can work with a lot of other applications so T.L. s by

07:29.480 --> 07:35.900
itself is not an application it's just a protocol and we plug it into our different types of applications

07:36.230 --> 07:37.390
to make it all work.

07:37.400 --> 07:43.010
In fact DNS is so pretty that I can't repeat what I just did with S-sh for you.

07:43.010 --> 07:46.640
Within T.L. s because it's designed to be very very robust.

07:46.670 --> 07:47.900
What I'm going to do instead.

07:47.900 --> 07:55.930
In fact I've already set up a capture is I opened up a web page to my total some dotcom but to a secure

07:55.930 --> 08:00.730
I did HTP S and I use Gudel Wireshark to make a capture.

08:00.730 --> 08:04.030
So what I'm going to do now is just open up the wireshark capture.

08:04.090 --> 08:05.870
So you can see the results.

08:05.920 --> 08:06.240
OK.

08:06.250 --> 08:15.790
So what I've done here is these are the result of me going to HTP P.S. Colin whack whack BWR total CENTCOM.

08:15.790 --> 08:20.660
And this is the entire initial HTP connection that took place.

08:20.680 --> 08:25.350
Now if you don't know how to use wireshark to do stuff like this well you need to learn how to use wireshark

08:25.360 --> 08:32.660
But what's actually kind of cool here is you take a quick look now the you 164 that 21 is my computer

08:32.660 --> 08:40.970
over here and 75 5.1 got 29 out 1 0 6 is the secure total some dot com website.

08:41.060 --> 08:45.280
So you'll see here's my computer saying hello hello hello.

08:45.290 --> 08:47.620
So we get the initial connection going.

08:47.630 --> 08:49.610
Now that's all done under TZP.

08:49.700 --> 08:55.490
But now I want to look right here and see where it says T.L. s when we say T.L. s like you see right

08:55.490 --> 08:55.990
there.

08:56.060 --> 08:58.970
What we're doing is in essence making another connection.

08:59.060 --> 09:01.720
But this time we're saying Hey man I want to do TLM.

09:01.730 --> 09:03.290
So let's start talking.

09:03.290 --> 09:12.140
So if you look really really carefully in here you can see exactly what types of connections that this

09:12.140 --> 09:13.810
client wants to use.

09:13.820 --> 09:15.860
So here's a elliptic curve.

09:16.010 --> 09:19.340
There's some different types of hashes that wants to use.

09:19.340 --> 09:26.360
There's all kinds of information in here that the client uses to establish that secure connection.

09:26.360 --> 09:31.930
So in this particular case he's going to be using RSA because I know how my web server set up.

09:32.210 --> 09:34.140
And then once that set up it will be using.

09:34.220 --> 09:36.530
Yes as the actual symmetric encryption.

09:36.770 --> 09:38.900
So you can even see on the other side

09:41.480 --> 09:47.780
here's where the server talks back and you can see that he's already setting up an encryption to begin

09:47.780 --> 09:51.950
the conversation to allow these two different devices to talk.

09:51.950 --> 09:59.300
Now the cool part to all this is that every secure connection that happens on the Internet is either

09:59.300 --> 10:05.180
going to be an encrypted application like S-sh or it's kind of built into the application itself or

10:05.180 --> 10:07.770
it's going to be using a protocol right now.

10:07.960 --> 10:13.940
LS is the stuff Teall s and we have a whole other episodes that are going to go to tell us in more detail

10:13.970 --> 10:18.350
but for right now understand that if you want to be encrypted on the Internet you're not going to be

10:18.350 --> 10:24.050
writing your own algorithms what you're going to be doing is you're going to be using applications that

10:24.050 --> 10:29.960
have their own built in security ready to go or you're going to be taking advantage of powerful protocols

10:30.200 --> 10:35.260
that pretty much make the entire encryption process completely invisible to you and me.