WEBVTT

1
00:00:00.120 --> 00:00:03.240
<v Speaker 1>Welcome to the deep dive everyone. Today we're going deep

2
00:00:03.560 --> 00:00:06.639
<v Speaker 1>into the world of cryptography and network security.

3
00:00:06.759 --> 00:00:08.839
<v Speaker 2>Ooh sounds exciting.

4
00:00:08.640 --> 00:00:11.400
<v Speaker 1>It is really Yeah. We've got excerpts from Cryptography and

5
00:00:11.439 --> 00:00:15.480
<v Speaker 1>Network Security Principles in Practice, the seventh edition, you know

6
00:00:15.560 --> 00:00:20.839
<v Speaker 1>William Stallings Classic, Yeah, codes, ciphers. How we protect our

7
00:00:20.839 --> 00:00:24.600
<v Speaker 1>information in this digital age? I mean it's everywhere, right,

8
00:00:24.640 --> 00:00:26.039
<v Speaker 1>It's amazing how it's evolved.

9
00:00:26.120 --> 00:00:29.320
<v Speaker 2>Really, we're way beyond simple secret writing. Now we have

10
00:00:29.399 --> 00:00:33.359
<v Speaker 2>these complex algorithms, not just for confidentiality, but for integrity,

11
00:00:33.439 --> 00:00:37.200
<v Speaker 2>you know, making sure data hasn't been tampered with. Yeah, authenticity,

12
00:00:37.560 --> 00:00:38.520
<v Speaker 2>non repudiation.

13
00:00:38.960 --> 00:00:41.159
<v Speaker 1>Whoa big words, haha, right.

14
00:00:41.520 --> 00:00:44.640
<v Speaker 2>But basically making sure you can't deny sending something and

15
00:00:44.759 --> 00:00:47.240
<v Speaker 2>of course controlling access who gets to see what.

16
00:00:47.479 --> 00:00:50.159
<v Speaker 1>So it's like building trust, but digitally exactly.

17
00:00:50.240 --> 00:00:51.759
<v Speaker 2>And there are different ways to do that. Two main

18
00:00:51.840 --> 00:00:55.240
<v Speaker 2>types of cryptography come to mind. Symmetric key and asymmetric key.

19
00:00:55.320 --> 00:00:58.560
<v Speaker 1>Okay, so like symmetric key, that's where both sides have

20
00:00:58.600 --> 00:01:00.439
<v Speaker 1>the same key, like a shared secret.

21
00:01:00.479 --> 00:01:03.399
<v Speaker 2>You got it, super efficient, especially for lots of data.

22
00:01:03.439 --> 00:01:06.359
<v Speaker 1>Cool. What are some examples of that, like algorithms and stuff?

23
00:01:06.439 --> 00:01:10.000
<v Speaker 2>Well, there's the Advanced Encryption Standard AES. That's the big one.

24
00:01:10.040 --> 00:01:12.159
<v Speaker 1>Now, oh yeah, AES, I've heard of that.

25
00:01:12.239 --> 00:01:15.159
<v Speaker 2>And then there's DES, the Data Encryption Standard. It was

26
00:01:15.200 --> 00:01:18.959
<v Speaker 2>widely used but kind of outdated now right right?

27
00:01:19.280 --> 00:01:24.719
<v Speaker 1>Are these algorithms based on like any particular design.

28
00:01:24.519 --> 00:01:27.239
<v Speaker 2>Many of them DEES included. They use this thing called

29
00:01:27.239 --> 00:01:28.400
<v Speaker 2>the feistal cipher.

30
00:01:28.560 --> 00:01:29.239
<v Speaker 1>Feistal cypher.

31
00:01:29.319 --> 00:01:33.840
<v Speaker 2>It's a fundamental structure, especially for block ciphers. So imagine

32
00:01:33.840 --> 00:01:36.120
<v Speaker 2>you take a block of text, right, split it in half.

33
00:01:36.439 --> 00:01:40.120
<v Speaker 2>Then you do all these rounds of substitutions, permutations.

34
00:01:40.120 --> 00:01:42.159
<v Speaker 1>We kind of like shuffling a deck of cards.

35
00:01:42.319 --> 00:01:45.920
<v Speaker 2>Yeah, over and over, Yeah, exactly, controlled chaos, but with

36
00:01:46.000 --> 00:01:48.159
<v Speaker 2>the key to make sense of it all makes sense.

37
00:01:48.480 --> 00:01:51.400
<v Speaker 2>There's also this special function within it, the round function,

38
00:01:51.760 --> 00:01:53.760
<v Speaker 2>and that's where things get really hard to crack if

39
00:01:53.799 --> 00:01:54.680
<v Speaker 2>you don't have the key.

40
00:01:54.879 --> 00:01:57.640
<v Speaker 1>Oh icee. So this fiscal thing, why is it so important?

41
00:01:57.680 --> 00:02:00.719
<v Speaker 2>Well? The beauty is, even with that complex round function,

42
00:02:01.120 --> 00:02:05.840
<v Speaker 2>encrypting and decrypting are basically mirror images of each other, reversible,

43
00:02:06.079 --> 00:02:06.280
<v Speaker 2>you know.

44
00:02:07.079 --> 00:02:10.680
<v Speaker 1>Ah, so you can get the original message back, gotcha, gotcha? Okay,

45
00:02:10.680 --> 00:02:14.240
<v Speaker 1>then what about asymmetric key cryptography how's that different?

46
00:02:14.639 --> 00:02:18.599
<v Speaker 2>This is where things get really interesting. Two keys, a

47
00:02:18.639 --> 00:02:21.759
<v Speaker 2>public key anyone can have it, and a private key

48
00:02:21.960 --> 00:02:23.479
<v Speaker 2>you keep that secret.

49
00:02:23.280 --> 00:02:26.680
<v Speaker 1>Like two keys to a mailbox, one to put mail

50
00:02:26.719 --> 00:02:28.439
<v Speaker 1>I in, one to take it out.

51
00:02:28.840 --> 00:02:34.360
<v Speaker 2>Perfect analogy. Public key encrypts only the private key decrypts.

52
00:02:33.840 --> 00:02:36.520
<v Speaker 1>And no need to like secretly share a key beforehand.

53
00:02:36.680 --> 00:02:39.400
<v Speaker 2>Exactly, game changer for online communication.

54
00:02:39.039 --> 00:02:42.759
<v Speaker 1>Big time any like. Famous examples of asymmetric key algorithms.

55
00:02:42.840 --> 00:02:48.319
<v Speaker 2>Oh. Absolutely, RSA revest shmir Adleman the creators used for

56
00:02:48.560 --> 00:02:52.039
<v Speaker 2>digital signatures key exchange. You see that little lock icon

57
00:02:52.120 --> 00:02:54.879
<v Speaker 2>in your browser, that's off an RSA working in the background,

58
00:02:54.960 --> 00:02:57.280
<v Speaker 2>making sure you're on the real website not some fake one.

59
00:02:57.360 --> 00:03:00.159
<v Speaker 1>Wow. So RSA is keeping us safe online? And what

60
00:03:00.199 --> 00:03:02.319
<v Speaker 1>about digital signatures? How do they work?

61
00:03:02.639 --> 00:03:05.280
<v Speaker 2>Think of it like a fingerprint for a message. Use

62
00:03:05.319 --> 00:03:07.840
<v Speaker 2>a hash bunks hash function creates a unique code for

63
00:03:07.919 --> 00:03:11.520
<v Speaker 2>the message. Then you encrypt that hash with your private key. Bam,

64
00:03:11.560 --> 00:03:12.879
<v Speaker 2>digital signature.

65
00:03:12.639 --> 00:03:15.199
<v Speaker 1>So it's tamper proof. Proves it's really from U, A

66
00:03:15.240 --> 00:03:16.400
<v Speaker 1>and D hasn't been messed with.

67
00:03:16.479 --> 00:03:20.080
<v Speaker 2>You got it. The recipient uses your public key to decrypt,

68
00:03:20.240 --> 00:03:21.759
<v Speaker 2>check off the hash matches.

69
00:03:21.639 --> 00:03:24.639
<v Speaker 1>Clever so all these different types of cryptography, they're like

70
00:03:25.039 --> 00:03:26.479
<v Speaker 1>connected somehow they are.

71
00:03:26.680 --> 00:03:29.719
<v Speaker 2>And to manage it, all the keys, the certificates. That's

72
00:03:29.759 --> 00:03:31.919
<v Speaker 2>where public key infrastructure comes in PKI.

73
00:03:32.199 --> 00:03:35.919
<v Speaker 1>PKI Okay, sounds important but kind of complicated. Break it

74
00:03:35.960 --> 00:03:36.400
<v Speaker 1>down for me.

75
00:03:36.560 --> 00:03:39.439
<v Speaker 2>You're online, right, how do you know a website is legit?

76
00:03:39.639 --> 00:03:39.800
<v Speaker 1>Right?

77
00:03:39.879 --> 00:03:44.639
<v Speaker 2>Yeah, that's PKI. It uses digital certificates like digital passports

78
00:03:44.919 --> 00:03:49.120
<v Speaker 2>to verify identities, individuals, organizations, So.

79
00:03:49.039 --> 00:03:52.360
<v Speaker 1>Like a trusted third party checks everyone's ID exactly.

80
00:03:52.400 --> 00:03:54.840
<v Speaker 2>And there's a whole chain of trust too. Your browser

81
00:03:54.919 --> 00:03:57.960
<v Speaker 2>trust is a root authority, That authority trusts others and

82
00:03:58.039 --> 00:03:59.759
<v Speaker 2>so on down to the website you're on.

83
00:04:00.000 --> 00:04:02.280
<v Speaker 1>Oh, a whole system, so no one can just pretend

84
00:04:02.280 --> 00:04:03.080
<v Speaker 1>to be someone else.

85
00:04:03.319 --> 00:04:06.759
<v Speaker 2>That's the idea. And with all these devices users online,

86
00:04:06.960 --> 00:04:09.039
<v Speaker 2>we need ways to make sure only the right ones

87
00:04:09.039 --> 00:04:12.120
<v Speaker 2>get access to networks. That's where network access control comes in.

88
00:04:12.879 --> 00:04:16.759
<v Speaker 1>Ns NEC. Is that like a security guard for your network.

89
00:04:16.480 --> 00:04:21.480
<v Speaker 2>Precisely controls access based on rules, pre defined policies, so

90
00:04:21.759 --> 00:04:24.399
<v Speaker 2>only authorized devices and users can connect.

91
00:04:24.600 --> 00:04:27.879
<v Speaker 1>Oh, like checking if your anti virus is up today exactly.

92
00:04:28.160 --> 00:04:30.879
<v Speaker 2>And a key part of that is the extensible authentication

93
00:04:31.000 --> 00:04:32.199
<v Speaker 2>protocol or EAP.

94
00:04:32.600 --> 00:04:34.920
<v Speaker 1>EAP, so it's like a checkpoint making sure only the

95
00:04:34.959 --> 00:04:36.079
<v Speaker 1>good guys get in yep.

96
00:04:36.480 --> 00:04:40.120
<v Speaker 2>And it's flexible, can handle simple passwords or stronger stuff

97
00:04:40.160 --> 00:04:43.360
<v Speaker 2>like digital certificates, depends on what the organization needs.

98
00:04:43.759 --> 00:04:47.120
<v Speaker 1>Cool. So EAP is adaptable. Man, it's amazing how all

99
00:04:47.120 --> 00:04:48.120
<v Speaker 1>these pieces fit together.

100
00:04:48.279 --> 00:04:49.959
<v Speaker 2>It is, and we've just scratched the surface.

101
00:04:50.160 --> 00:04:51.839
<v Speaker 1>Seriously, there's more.

102
00:04:52.079 --> 00:04:54.639
<v Speaker 2>Oh yeah, next time we'll see how all this applies

103
00:04:54.639 --> 00:04:57.800
<v Speaker 2>to the cloud. Cloud security, that's a whole other beast.

104
00:04:58.360 --> 00:05:02.040
<v Speaker 2>Back again for more cryptography fun. Remember those public key

105
00:05:02.079 --> 00:05:03.360
<v Speaker 2>cryptosystems we talked.

106
00:05:03.160 --> 00:05:04.759
<v Speaker 1>About, yeah, RSA and stuff.

107
00:05:04.839 --> 00:05:08.639
<v Speaker 2>Right, Well there's another one, Diffy Hellman specifically for key.

108
00:05:08.439 --> 00:05:11.040
<v Speaker 1>Exchange Iffy Hellman HM vaguely familiar.

109
00:05:11.160 --> 00:05:14.800
<v Speaker 2>The idea is two parties can establish a shared secret

110
00:05:14.920 --> 00:05:17.240
<v Speaker 2>key over an insecure channel.

111
00:05:17.279 --> 00:05:18.959
<v Speaker 1>Wait, so they don't actually send the key.

112
00:05:19.120 --> 00:05:22.079
<v Speaker 2>Nope, that's the trick. It uses math, the difficulty of

113
00:05:22.120 --> 00:05:23.759
<v Speaker 2>calculating discrete logarithms.

114
00:05:24.079 --> 00:05:25.160
<v Speaker 1>Discrete what now?

115
00:05:25.360 --> 00:05:29.079
<v Speaker 2>Aha, it's a bit complex, But imagine Alice and Bob

116
00:05:29.160 --> 00:05:30.800
<v Speaker 2>want to share a secret.

117
00:05:30.519 --> 00:05:32.399
<v Speaker 1>Right, okay, classic AlSi and Bob.

118
00:05:32.439 --> 00:05:35.160
<v Speaker 2>They start with a prime number and a primitive route

119
00:05:35.360 --> 00:05:36.040
<v Speaker 2>these are.

120
00:05:35.920 --> 00:05:38.560
<v Speaker 1>Public, so some shared info to begin with.

121
00:05:39.199 --> 00:05:43.199
<v Speaker 2>Then what each chooses a secret number they're private key.

122
00:05:43.639 --> 00:05:46.959
<v Speaker 2>They use that plus the public stuff to generate public keys,

123
00:05:47.360 --> 00:05:49.199
<v Speaker 2>which they then exchange.

124
00:05:49.319 --> 00:05:52.959
<v Speaker 1>They swap public keys. Yeah, but how does that create

125
00:05:53.000 --> 00:05:53.879
<v Speaker 1>the shared.

126
00:05:53.560 --> 00:05:57.480
<v Speaker 2>Secret Here's the magic. Each person takes the other's public

127
00:05:57.560 --> 00:06:00.160
<v Speaker 2>key and does another calculation using their own w and

128
00:06:00.279 --> 00:06:03.319
<v Speaker 2>private key, and somehow they both end up with the

129
00:06:03.319 --> 00:06:04.519
<v Speaker 2>same shared secret key.

130
00:06:04.720 --> 00:06:07.120
<v Speaker 1>No way, without ever sending it directly exactly.

131
00:06:07.240 --> 00:06:09.879
<v Speaker 2>It's like a secret handshake, only they know. Breaking this

132
00:06:09.959 --> 00:06:13.439
<v Speaker 2>would mean figuring out that discrete logarithm really hard problem,

133
00:06:13.560 --> 00:06:15.439
<v Speaker 2>especially for big prime.

134
00:06:15.199 --> 00:06:17.839
<v Speaker 1>Numbers, so computers can't crack it easily, not.

135
00:06:17.759 --> 00:06:20.120
<v Speaker 2>In any reasonable time. No, that's why it's secure.

136
00:06:20.439 --> 00:06:23.399
<v Speaker 1>Math is cool. Are there other cryptosystems that use this

137
00:06:23.560 --> 00:06:25.000
<v Speaker 1>kind of like difficult math?

138
00:06:25.199 --> 00:06:29.160
<v Speaker 2>Oh? Yeah. Elgamol, similar to Diffie Hellman, also relies on

139
00:06:29.199 --> 00:06:34.000
<v Speaker 2>discrete logarithms, but it can do encryption ad digital signatures, so.

140
00:06:33.920 --> 00:06:36.879
<v Speaker 1>You could send a secret message A and D prove

141
00:06:36.920 --> 00:06:39.079
<v Speaker 1>it's from you all in one go precisely.

142
00:06:39.240 --> 00:06:44.160
<v Speaker 2>But god admit, both Diffy Hellman and Elgamol computationally expensive,

143
00:06:44.560 --> 00:06:47.240
<v Speaker 2>more so than symmetric key stuff. Because of all the

144
00:06:47.279 --> 00:06:50.839
<v Speaker 2>math yep so trade off there, speeds critical might not

145
00:06:50.879 --> 00:06:52.079
<v Speaker 2>be the best choice.

146
00:06:51.800 --> 00:06:54.759
<v Speaker 1>Right right. We talked about how RSA keys are getting

147
00:06:54.800 --> 00:06:58.000
<v Speaker 1>longer to stay ahead of faster computers. Has that led

148
00:06:58.040 --> 00:07:02.600
<v Speaker 1>to any new develop means, like completely new types of cryptography?

149
00:07:02.720 --> 00:07:06.519
<v Speaker 2>It has. There's this fascinating thing called elliptic curve cryptography

150
00:07:06.560 --> 00:07:07.720
<v Speaker 2>ECC ECC.

151
00:07:08.000 --> 00:07:10.639
<v Speaker 1>I've heard the name, but how was even a bit intimidating.

152
00:07:10.759 --> 00:07:13.839
<v Speaker 2>It's like the sports carve cryptography, same level of security

153
00:07:13.879 --> 00:07:16.079
<v Speaker 2>as RSA, but with much shorter keys.

154
00:07:16.240 --> 00:07:19.839
<v Speaker 1>Wait, shorter keys, but still secure. How's that possible?

155
00:07:19.920 --> 00:07:23.120
<v Speaker 2>It uses completely different math, the arithmetic of elliptic curves.

156
00:07:23.160 --> 00:07:26.720
<v Speaker 2>Elliptic curves, they're defined by specific equations, and the points

157
00:07:26.759 --> 00:07:29.800
<v Speaker 2>on these curves they form a group, and the operations

158
00:07:29.839 --> 00:07:32.600
<v Speaker 2>within that group are incredibly hard to reverse engineer.

159
00:07:32.759 --> 00:07:34.600
<v Speaker 1>Sounds like some high level math it is.

160
00:07:34.560 --> 00:07:37.399
<v Speaker 2>But the point is that difficulty allows for shorter keys

161
00:07:37.439 --> 00:07:43.399
<v Speaker 2>without sacrificing security. Huge advantage for things like smartphones, embedded

162
00:07:43.399 --> 00:07:45.720
<v Speaker 2>systems where resources are limited.

163
00:07:46.120 --> 00:07:49.000
<v Speaker 1>Ah so for devices that aren't super powerful.

164
00:07:48.639 --> 00:07:53.120
<v Speaker 2>Exactly, and it's being used already for digital signatures, key exchange,

165
00:07:54.000 --> 00:07:55.560
<v Speaker 2>even some cryptocurrencies use it.

166
00:07:55.759 --> 00:07:58.920
<v Speaker 1>So ECC is like the future of cryptography.

167
00:07:59.000 --> 00:08:01.879
<v Speaker 2>It's definitely a rise star. Yeah. As we get more

168
00:08:01.920 --> 00:08:05.000
<v Speaker 2>connected devices, that efficiency is going to be key no

169
00:08:05.120 --> 00:08:05.839
<v Speaker 2>pun intended.

170
00:08:06.000 --> 00:08:08.639
<v Speaker 1>Uh huh, nice one. Okay, so we've got all these

171
00:08:08.720 --> 00:08:12.720
<v Speaker 1>keys ciphers, but what about the random numbers used in cryptography.

172
00:08:12.759 --> 00:08:13.720
<v Speaker 1>You mentioned those before.

173
00:08:13.920 --> 00:08:18.600
<v Speaker 2>Ah, pseudorandom number generation super important. These numbers. They look random,

174
00:08:18.639 --> 00:08:20.240
<v Speaker 2>but they're generated by algorithms.

175
00:08:20.319 --> 00:08:23.000
<v Speaker 1>Right. Randomness is crucial for security, makes it hard to

176
00:08:23.000 --> 00:08:25.120
<v Speaker 1>predict what's going to happen. But how do we know

177
00:08:25.160 --> 00:08:27.120
<v Speaker 1>these pseudorandom numbers are actually good enough?

178
00:08:27.279 --> 00:08:30.560
<v Speaker 2>Good question. They can't be predictable. There are different approaches.

179
00:08:30.639 --> 00:08:34.360
<v Speaker 2>One is using asymmetric ciphers like RSA as the basis.

180
00:08:34.440 --> 00:08:36.639
<v Speaker 1>Wait, so the same stuff that does encryption can also

181
00:08:36.679 --> 00:08:37.559
<v Speaker 1>make random numbers.

182
00:08:37.840 --> 00:08:41.039
<v Speaker 2>Yep, take a seed value, encrypt it with RSA using

183
00:08:41.039 --> 00:08:44.919
<v Speaker 2>a secret key. That output becomes your pseudorandom number. Do

184
00:08:44.960 --> 00:08:46.840
<v Speaker 2>it repeatedly you get a whole stream.

185
00:08:46.600 --> 00:08:50.600
<v Speaker 1>Of it, like a chain reaction of randomness. Clever. Are

186
00:08:50.639 --> 00:08:54.759
<v Speaker 1>there other ways though, Ones that don't use asymmetric ciphers.

187
00:08:54.320 --> 00:08:56.639
<v Speaker 2>Absolutely block ciphers can do it too, in a special

188
00:08:56.679 --> 00:08:59.480
<v Speaker 2>way called countermode counter mode. Okay, with that, you have

189
00:08:59.519 --> 00:09:03.200
<v Speaker 2>your secret key and a counter value. Encrypt those with

190
00:09:03.240 --> 00:09:06.879
<v Speaker 2>the block cipher. The output is your random bits. Increment

191
00:09:06.960 --> 00:09:10.000
<v Speaker 2>the counter repeat you get more random numbers.

192
00:09:09.720 --> 00:09:12.159
<v Speaker 1>To the counter's like changing the combination on a lot,

193
00:09:12.200 --> 00:09:13.559
<v Speaker 1>different combination, different.

194
00:09:13.320 --> 00:09:16.000
<v Speaker 2>Numbers exactly, and it's efficient. Can be done in parallel,

195
00:09:16.039 --> 00:09:17.440
<v Speaker 2>lots of random numbers at once.

196
00:09:17.799 --> 00:09:20.399
<v Speaker 1>Man, this stuff is so intricate. I never realized how

197
00:09:20.480 --> 00:09:22.000
<v Speaker 1>much goes into making things secure.

198
00:09:22.320 --> 00:09:25.440
<v Speaker 2>It's a lot. Yeah, but all these pieces they work

199
00:09:25.480 --> 00:09:30.480
<v Speaker 2>together to protect our data, our communications, the whole digital world. Really.

200
00:09:31.240 --> 00:09:33.679
<v Speaker 2>Back for the final stretch of our cryptography deep dive,

201
00:09:34.080 --> 00:09:37.960
<v Speaker 2>We've talked about ciphers, keys, hash functions, PKI, even those

202
00:09:38.000 --> 00:09:39.080
<v Speaker 2>cool elliptic curves.

203
00:09:39.279 --> 00:09:40.960
<v Speaker 1>Yeah, it's been a wild ride, but I feel like

204
00:09:41.000 --> 00:09:43.559
<v Speaker 1>I'm actually starting to get it, you know, like how

205
00:09:43.600 --> 00:09:45.240
<v Speaker 1>this stuff keeps us safe online.

206
00:09:45.399 --> 00:09:48.320
<v Speaker 2>That's great to hear. It's all about understanding the pieces

207
00:09:48.399 --> 00:09:51.279
<v Speaker 2>and how they fit together. Speaking of which, let's talk

208
00:09:51.320 --> 00:09:52.759
<v Speaker 2>more about digital signatures.

209
00:09:52.840 --> 00:09:56.360
<v Speaker 1>Oh yeah, those always seem kind of mysterious to me,

210
00:09:57.240 --> 00:10:00.000
<v Speaker 1>like they're the digital version of signing your name. Right, Yeah,

211
00:10:00.120 --> 00:10:02.039
<v Speaker 1>but how can that be secure? Can't someone just like

212
00:10:02.360 --> 00:10:04.240
<v Speaker 1>copy and paste a digital signature.

213
00:10:04.360 --> 00:10:07.480
<v Speaker 2>Uh huh, that's the key question. They do act like

214
00:10:07.480 --> 00:10:10.600
<v Speaker 2>a real signature, proving it's you and the message hasn't changed.

215
00:10:11.159 --> 00:10:13.320
<v Speaker 2>But it's not as simple as copy paste no way.

216
00:10:13.799 --> 00:10:16.159
<v Speaker 2>Public key cryptography is the magic here.

217
00:10:16.360 --> 00:10:21.000
<v Speaker 1>Okay, So how do those keys public and private make

218
00:10:21.039 --> 00:10:22.039
<v Speaker 1>the signature's work.

219
00:10:22.480 --> 00:10:25.360
<v Speaker 2>Let's say Alice wants to sign a message for Bob. First,

220
00:10:25.480 --> 00:10:28.679
<v Speaker 2>she uses a hash function something like saha two five

221
00:10:28.759 --> 00:10:29.840
<v Speaker 2>six Saha.

222
00:10:29.559 --> 00:10:31.159
<v Speaker 1>Two five six. That's one of those hash things we

223
00:10:31.200 --> 00:10:34.480
<v Speaker 1>talked about, right, makes a unique code for the message exactly.

224
00:10:34.639 --> 00:10:37.679
<v Speaker 2>Think of it like a fingerprint, only for data represents

225
00:10:37.679 --> 00:10:41.159
<v Speaker 2>that specific message. Then Alice encrypts that hash, but with

226
00:10:41.240 --> 00:10:44.960
<v Speaker 2>her private key that becomes her digital signature.

227
00:10:44.759 --> 00:10:47.799
<v Speaker 1>So it's tied to her because of her private key

228
00:10:47.840 --> 00:10:49.360
<v Speaker 1>and to the exact message.

229
00:10:49.399 --> 00:10:53.120
<v Speaker 2>You got it. Now, Bob gets the message and signature.

230
00:10:53.639 --> 00:10:57.120
<v Speaker 2>He uses Alice's public key to decrypt the signature, gets

231
00:10:57.120 --> 00:10:58.879
<v Speaker 2>that original hashback like.

232
00:10:58.840 --> 00:11:01.679
<v Speaker 1>He's unlocking it with his key, and then he can

233
00:11:01.720 --> 00:11:03.240
<v Speaker 1>see the fingerprint exactly.

234
00:11:03.559 --> 00:11:06.679
<v Speaker 2>Now, Bob calculates the hash of the message himself using

235
00:11:06.679 --> 00:11:10.120
<v Speaker 2>the same function Alis did. If they match, Bingo, he

236
00:11:10.200 --> 00:11:12.679
<v Speaker 2>knows it's really from Alice and nothing's been changed.

237
00:11:12.480 --> 00:11:14.919
<v Speaker 1>So it's like a puzzle, only Alice has the right

238
00:11:15.000 --> 00:11:17.559
<v Speaker 1>piece and Bob can test if it fits. Are there

239
00:11:17.720 --> 00:11:19.840
<v Speaker 1>like different ways to do these signatures?

240
00:11:19.879 --> 00:11:23.320
<v Speaker 2>Oh? Yeah, definitely. RSA is one way, but there's also algamol, schnor.

241
00:11:23.799 --> 00:11:26.360
<v Speaker 1>Each has its own quirk, so not one size fits all.

242
00:11:26.840 --> 00:11:28.960
<v Speaker 2>Depends on the situation what you need it for. One

243
00:11:29.000 --> 00:11:31.120
<v Speaker 2>of the most common ones, though, is the Digital Signature

244
00:11:31.159 --> 00:11:34.639
<v Speaker 2>Algorithm DSA. Yeah, rings a bell. What's special about that one?

245
00:11:34.720 --> 00:11:38.120
<v Speaker 1>It's specifically designed for signatures, uses the discrete log or

246
00:11:38.200 --> 00:11:42.679
<v Speaker 1>the problem kind of like algamol, and it's a NIST standard,

247
00:11:42.919 --> 00:11:46.000
<v Speaker 1>you know, National Institute of Standards and Technology.

248
00:11:45.759 --> 00:11:49.919
<v Speaker 2>So it's got like official backing exactly, widely used for

249
00:11:50.159 --> 00:11:54.120
<v Speaker 2>secure email signing, documents, all sorts of things.

250
00:11:54.159 --> 00:11:56.960
<v Speaker 1>So it's been tested and proven. That's reassuring. What about

251
00:11:57.000 --> 00:11:59.679
<v Speaker 1>ECC though, the elliptic curve stuff, Can that be used

252
00:11:59.720 --> 00:12:00.600
<v Speaker 1>for signature too?

253
00:12:00.840 --> 00:12:04.080
<v Speaker 2>It can, and it's got that efficiency advantage. Remember, same

254
00:12:04.120 --> 00:12:06.279
<v Speaker 2>security with shorter keys, right.

255
00:12:06.320 --> 00:12:08.600
<v Speaker 1>Right, let's data to deal with. Yeah, but how does

256
00:12:08.639 --> 00:12:13.039
<v Speaker 1>ECC with all its weird curves and math actually doo signatures?

257
00:12:13.279 --> 00:12:16.200
<v Speaker 2>Same public key principles, just way more efficient. There's a

258
00:12:16.240 --> 00:12:20.519
<v Speaker 2>standard for that too, the Elliptic curve Digital Signature Algorithm ECDSA.

259
00:12:20.720 --> 00:12:24.519
<v Speaker 1>ECDSA got it, another acronym for the collection. Seems like

260
00:12:24.559 --> 00:12:26.440
<v Speaker 1>ECC's popping up everywhere it is.

261
00:12:27.000 --> 00:12:30.799
<v Speaker 2>As technology changes, cryptography has to keep up. That's what

262
00:12:30.840 --> 00:12:32.440
<v Speaker 2>makes it so interesting. Always evolving.

263
00:12:32.679 --> 00:12:35.960
<v Speaker 1>Yeah, speaking of evolving, earlier, we talked about vulnerabilities like

264
00:12:35.960 --> 00:12:39.559
<v Speaker 1>that heart bleed bug. Are there other examples of things

265
00:12:39.600 --> 00:12:41.320
<v Speaker 1>going wrong that taught us important lessons?

266
00:12:41.440 --> 00:12:43.639
<v Speaker 2>Oh? Yeah, definitely. One that comes to mind is the

267
00:12:43.679 --> 00:12:48.600
<v Speaker 2>poutaway attack targeted SSL, the Secure Sockets Layer protocol.

268
00:12:48.279 --> 00:12:51.000
<v Speaker 1>Poutal ly hm vaguely remember that was the issue there.

269
00:12:51.200 --> 00:12:54.399
<v Speaker 2>It exploited a weakness in SSL three point zero and

270
00:12:54.559 --> 00:12:58.200
<v Speaker 2>older version the way it handled padding and encrypted messages.

271
00:12:58.559 --> 00:13:02.039
<v Speaker 2>There was a flaw. Attackers could potentially use that to

272
00:13:02.559 --> 00:13:05.360
<v Speaker 2>like decrypt parts of the traffic.

273
00:13:05.639 --> 00:13:08.279
<v Speaker 1>So it's like one small crack and the whole thing

274
00:13:08.320 --> 00:13:08.840
<v Speaker 1>falls apart.

275
00:13:08.960 --> 00:13:10.279
<v Speaker 2>Kind of like that showed us we've got to keep

276
00:13:10.320 --> 00:13:13.960
<v Speaker 2>things updated, Ditch those old protocols, move to newer, safer

277
00:13:14.000 --> 00:13:16.799
<v Speaker 2>stuff like TLS one point two. Always got to be

278
00:13:16.879 --> 00:13:20.639
<v Speaker 2>one step ahead of that's cybersecurity in a nutshell cat

279
00:13:20.679 --> 00:13:23.279
<v Speaker 2>and mask game. The good guys and the bad guys.

280
00:13:23.679 --> 00:13:27.879
<v Speaker 2>Stay informed, use best practices, update your defenses. That's how

281
00:13:27.919 --> 00:13:28.639
<v Speaker 2>we stay safe.

282
00:13:28.720 --> 00:13:30.559
<v Speaker 1>Well, I got to say this deep dive has been

283
00:13:30.600 --> 00:13:33.799
<v Speaker 1>eye opening. Never thought I'd be so into cryptography, but

284
00:13:33.879 --> 00:13:35.279
<v Speaker 1>you've made it fascinating.

285
00:13:35.360 --> 00:13:38.159
<v Speaker 2>Glad to hear it. Hopefully it sparks some curiosity, you know,

286
00:13:38.240 --> 00:13:40.600
<v Speaker 2>to keep learning about this stuff. The more we understand,

287
00:13:40.600 --> 00:13:42.840
<v Speaker 2>the better we can protect ourselves in this digital world.

288
00:13:43.000 --> 00:13:45.039
<v Speaker 1>Absolutely, thanks so much for being our guide on this

289
00:13:45.159 --> 00:13:47.600
<v Speaker 1>journey my pleasure. It's been fun, and to all our

290
00:13:47.639 --> 00:13:50.320
<v Speaker 1>listeners out there, thanks for joining the Deep Dive. We'll

291
00:13:50.360 --> 00:13:53.159
<v Speaker 1>catch you next time with another adventure into the world

292
00:13:53.200 --> 00:13:53.919
<v Speaker 1>of knowledge.