1
00:00:01,970 --> 00:00:04,280
So we have our file here for Bob.

2
00:00:04,280 --> 00:00:10,290
It's been encrypted with a yes and a strong password bought.

3
00:00:10,310 --> 00:00:14,960
How do we get that password to Bob so that you can decrypt it.

4
00:00:14,990 --> 00:00:21,410
It's not much good sending the password with the email so we could send it via another method we could

5
00:00:21,410 --> 00:00:27,350
send it via an outer band method by maybe calling him or sending my text message.

6
00:00:27,350 --> 00:00:29,600
But that's just not scalable at all.

7
00:00:29,600 --> 00:00:34,840
It's just not usable as a real time encryption method.

8
00:00:35,030 --> 00:00:38,300
Which brings us to the other type of encryption algorithms.

9
00:00:38,390 --> 00:00:45,740
And these are called asymmetric encryption algorithms and this is because they use two keys as opposed

10
00:00:45,740 --> 00:00:54,350
to one key and asymmetric is also referred to as public and private key and public and private are the

11
00:00:54,350 --> 00:00:58,590
two keys that are used in asymmetric encryption.

12
00:00:58,610 --> 00:01:00,490
So we have symmetric encryption.

13
00:01:00,640 --> 00:01:06,070
One key asymmetrical action to keep the public and private.

14
00:01:06,230 --> 00:01:15,320
Some very smart people invented this public private key encryption and the algorithms based on the difficulty

15
00:01:15,320 --> 00:01:21,150
of certain mathematical problems don't go into the details of the mathematics as understanding it isn't

16
00:01:21,200 --> 00:01:27,140
required to keep you secure you just need a basic understanding to make the right choices about the

17
00:01:27,140 --> 00:01:31,850
algorithms and the strength of the algorithms and the cryptosystems that you're going to use.

18
00:01:31,880 --> 00:01:40,190
So the following is examples of asymmetric keys that you will see the first one is RSA and this is very

19
00:01:40,190 --> 00:01:40,760
common.

20
00:01:40,760 --> 00:01:44,470
One of the most common asymmetric algorithms that you will see.

21
00:01:44,510 --> 00:01:49,880
I'll show you where you see them and how they used the security of the algorithm comes from the difficulty

22
00:01:49,880 --> 00:01:54,170
of factoring large numbers into their original prime numbers.

23
00:01:54,200 --> 00:01:58,810
Another common and increasingly popular algorithm is the elliptical curve.

24
00:01:58,970 --> 00:02:01,790
Cryptosystem or ECAC security.

25
00:02:01,790 --> 00:02:07,350
This algorithm comes from computing discrete algorithms of elliptic curves.

26
00:02:07,370 --> 00:02:09,770
There's Diffie Helman and the security.

27
00:02:09,770 --> 00:02:15,230
This comes from the algorithm calculates and discrete algorithms in a finite field.

28
00:02:15,380 --> 00:02:21,460
Defi how much is becoming more popular because it has a property called Forward Secrecy which we'll

29
00:02:21,470 --> 00:02:22,900
discuss later.

30
00:02:23,150 --> 00:02:28,880
And then you've got El-Gamal and the security this algorithm comes from calculating discrete algorithms

31
00:02:28,880 --> 00:02:30,480
in a finite field as well.

32
00:02:30,530 --> 00:02:38,630
These asymmetric algorithms help solve the problem of exchanging or agreeing Keys and also allow for

33
00:02:38,630 --> 00:02:45,000
something called digital signatures so he can potentially use public and private keys to send Bob our

34
00:02:45,020 --> 00:02:48,850
secret key securely without anyone intercepting him.

35
00:02:49,010 --> 00:02:54,740
As I said with public private key algorithms instead of there being just one secret key there are two

36
00:02:54,740 --> 00:03:03,020
keys but in this case there are the public key that is designed to be known by everybody i.e. it's public

37
00:03:03,380 --> 00:03:08,750
and the private key which should be kept secret all times or private.

38
00:03:08,750 --> 00:03:15,260
Now these keys all mathematically related and the two keys are generated at the same time they have

39
00:03:15,260 --> 00:03:19,390
to be generated at the same time because they are mathematically related.

40
00:03:19,640 --> 00:03:25,800
And the Web site that uses Haseeb CPS for example has a public and private key.

41
00:03:25,820 --> 00:03:32,280
They use to exchange a symmetric sesshin key to send your encrypted data.

42
00:03:32,330 --> 00:03:35,210
So it's a bit like the zip file that we've seen.

43
00:03:35,210 --> 00:03:40,730
They use these public private keys and then they need to send another key the key we're using for the

44
00:03:40,730 --> 00:03:43,440
zip file in order to do the encryption.

45
00:03:43,550 --> 00:03:50,840
So in asymmetric encryption if a message is encrypted by one key the other key is required in order

46
00:03:50,840 --> 00:03:52,550
to decrypt that message.

47
00:03:52,610 --> 00:03:59,390
If you encrypt with the private you need the public to decrypt if you encrypt with the public you need

48
00:03:59,390 --> 00:04:06,880
the private Deaker it is not possible to encrypt and decrypt using the same key.

49
00:04:06,950 --> 00:04:08,110
And that's crucial.

50
00:04:08,240 --> 00:04:12,840
You always need the counterpart key to encrypt and decrypt.

51
00:04:12,900 --> 00:04:17,250
But why should you encrypt with a public or private key.

52
00:04:17,270 --> 00:04:20,240
What's the difference what's the point of viewing them.

53
00:04:20,240 --> 00:04:21,990
One of the issues one of them.

54
00:04:22,220 --> 00:04:26,310
Well let me explain the usefulness of these in and how they can be used.

55
00:04:26,450 --> 00:04:35,150
So if you think of yourself as the sender and the sender is encrypting with the receiver Bob's public

56
00:04:35,150 --> 00:04:35,990
key.

57
00:04:35,990 --> 00:04:43,550
This means you are wanting privacy or confidentiality so no one else can read the message but the receiver.

58
00:04:43,730 --> 00:04:47,420
So you encrypt the file with the receiver's public key.

59
00:04:47,420 --> 00:04:54,140
The message can only be decrypted by the person who has a corresponding private key or Bob's private

60
00:04:54,140 --> 00:04:54,900
key.

61
00:04:54,950 --> 00:05:00,190
The receiver though cannot confirm who has sent it that you have sent it.

62
00:05:00,300 --> 00:05:07,480
I no authentication because anyone can use Bob's public key to encrypt.

63
00:05:07,530 --> 00:05:15,540
So in the sense encrypts the receivers public key the message is confidential and it can only be read

64
00:05:15,720 --> 00:05:20,710
by the receiver who has the private key to decrypt the message.

65
00:05:20,790 --> 00:05:24,180
But there's no guarantee of where that message came from.

66
00:05:24,210 --> 00:05:28,670
And that brings us to the second way of using these public and private keys.

67
00:05:28,800 --> 00:05:37,500
So if you encrypt with your own private key then this means authenticating is what you're interested

68
00:05:37,500 --> 00:05:38,090
in.

69
00:05:38,100 --> 00:05:44,100
It means it's important to you that the receiver knows that is you sent it.

70
00:05:44,160 --> 00:05:47,580
So you would encrypt with your private key.

71
00:05:47,580 --> 00:05:54,150
This provides assurance to the receiver Bob that the only person who could have encrypted the data is

72
00:05:54,150 --> 00:06:01,890
the individual who possesses that private key your private key encryption data with the sender's private

73
00:06:01,890 --> 00:06:09,240
key is called an open message format because anyone with a copy of the corresponding public key can

74
00:06:09,510 --> 00:06:10,930
decrypt the message.

75
00:06:11,070 --> 00:06:17,550
So you can think about it like you're putting something officially on the Internet for everyone to read

76
00:06:17,760 --> 00:06:24,840
and because you've encrypted it with your private key everyone can confirm that you have genuinely produced

77
00:06:24,840 --> 00:06:31,530
that confidentiality your privacy is not assured in this case the authentication of the sender or you

78
00:06:31,620 --> 00:06:38,790
is now when various encryption technologies are used in combination such as the ones we've talked about

79
00:06:38,790 --> 00:06:43,700
because these cannot be used in combination and not used in isolation.

80
00:06:43,740 --> 00:06:51,150
They are called a crypto system and crypto systems can provide you with a number of security services

81
00:06:51,510 --> 00:06:58,770
and some of these services are confidentiality which is privacy authentication which is knowing that

82
00:06:58,770 --> 00:07:06,240
Bob is the real Bob or you are the real you know repudiation which means you cannot later deny that

83
00:07:06,240 --> 00:07:12,360
you send to encrypt the message and integrity that the message hasn't been altered in any way.

84
00:07:12,360 --> 00:07:19,320
Examples of crypto systems include anything that uses this encryption technology so PGE pay bit Locher

85
00:07:19,320 --> 00:07:28,290
true crypt tier Alas even bit torrent and even the example of windows that we use to encrypt that simple

86
00:07:28,380 --> 00:07:29,390
little file.

87
00:07:29,520 --> 00:07:31,720
So first to send Bob our file.

88
00:07:31,800 --> 00:07:39,570
We can use Bob's public key to encrypt the file or we can use it to exchange the password for the zip

89
00:07:39,570 --> 00:07:40,150
file.

90
00:07:40,290 --> 00:07:45,570
But we would of course first need Bob's public key and we would only need to receive these public key

91
00:07:45,570 --> 00:07:47,770
ones in a secure manner.

92
00:07:47,910 --> 00:07:49,000
That's important.

93
00:07:49,170 --> 00:07:56,310
And we could them forever send messages encrypted just for Bob to read and PDP is an example of something

94
00:07:56,310 --> 00:07:59,470
that does this as an encryption technology for e-mail.

95
00:07:59,790 --> 00:08:06,720
But you might ask yourself well OK why don't people start to use this for email why isn't PDP use ReMail.

96
00:08:06,930 --> 00:08:14,550
Well it's because exchanging the keys is a little bit of a tricky task and it's also not easy for people

97
00:08:14,550 --> 00:08:15,860
to understand this.

98
00:08:15,870 --> 00:08:20,470
So that's why encryption within email has not been adopted.

99
00:08:20,610 --> 00:08:25,000
And actually e-mail itself is pretty broke and it was never designed for security.

100
00:08:25,050 --> 00:08:26,680
But back to encryption.

101
00:08:26,700 --> 00:08:32,610
So when it comes to public private key cryptography or asymmetric encryption there are some strengths

102
00:08:32,610 --> 00:08:35,080
and weaknesses with public and private key.

103
00:08:35,160 --> 00:08:39,070
You have better distribution than you do with symmetric systems.

104
00:08:39,090 --> 00:08:46,380
So Bob can place his public key on a site or his Web site and anyone can send him encrypted messages

105
00:08:46,380 --> 00:08:53,760
or data to him the only he can read if you use a symmetric key and want to send your file to Bob and

106
00:08:53,760 --> 00:08:59,870
say 10 other people need to give your password to 10 people you know that's just not scalable at all.

107
00:08:59,880 --> 00:09:05,540
So asymmetric algorithms have better scalability than symmetric systems.

108
00:09:05,640 --> 00:09:12,480
Public and private key also provide authentication and repudiation where the weaknesses are.

109
00:09:12,540 --> 00:09:19,910
Well fortunately these encryption algorithms are actually very very slow compared to symmetric systems.

110
00:09:19,950 --> 00:09:26,370
If you look at the big lenth after asymmetric algorithms you'll notice that there are a lot lot higher

111
00:09:26,790 --> 00:09:30,360
than they offer symmetric key encryption algorithms.

112
00:09:30,600 --> 00:09:33,480
And this is an indicator of how much lower they are.

113
00:09:33,500 --> 00:09:38,520
It's back to the analogy of the number of locks on the door with public and private key.

114
00:09:38,520 --> 00:09:40,550
There are many many many more locks on the door.

115
00:09:40,560 --> 00:09:46,550
So it takes much longer to encrypt decrypt So it's mathematically intensive for you.

116
00:09:46,770 --> 00:09:53,550
Which is why we have something called hybrid systems or hybrid crypto systems public and private keys

117
00:09:53,550 --> 00:10:01,170
are used to exchange an agreed keys and we use symmetric algorithms like a yes actually encrypt the

118
00:10:01,170 --> 00:10:01,840
data.

119
00:10:01,950 --> 00:10:11,640
So therefore we get the best of both worlds using Tia and SSL is an example of this type of hybrid system

120
00:10:11,730 --> 00:10:17,220
and so is PDP and we'll talk about a CPS and T.L. s going forward.