EP47 - AskDeveloper Podcast - Cryptography - Part 2 - Encryption

Ask Developer

599 subscribers

الحلقة السابقة https://soundcloud.com/askdeveloper/ep46-askdeveloper-podcast-cryptography-part-1-introduction-and-hashing ○ Encryption (Two Ways) § Symmetric Encryption □ Same key both encrypts and decrypts the data. □ Very fast, yet exchanging key is tricky □ Very Algorithmic □ Examples ® DES Data Encryption Standard (BROKEN) ◊ Uses key of 56 bit length ® Triple DES (3DES) ◊ Uses three keys (or two unique keys) of 56 bit each ® AES Advanced Encryption Standard ◊ Uses keys of 128, 192 or 256 bits long □ Attacks ® Brute force ◊ Usually mitigated via increasing key length, as difficulty increases exponentially as key size increases, for example time to crack given a modern super computer. Key Size Time To Crack 56 bits 399 seconds 128 bits 1.02 * 1018 years 192 bits 1.87 * 1037 years 256 bits 3.31 * 1056 years ◊ Side-Channel Attacks § Asymmetric Encryption □ Key pairs have mathematical relationship □ Each one can decrypt messages encrypted by the other. □ Slow, but exchanging key is trivial □ Very Mathematical □ Anyone can know the Public Key ® The Public key can only be used to encrypt data □ The Private key is kept secret, and never leaves the recipient's side. ® The Private key can only be used to decrypt data □ Examples ® RSA (Rivest, Shamir and Adelman) ® The de-facto standard in the industry ® Public and Private keys are based on large Prime Numbers § Hybrid Encryption □ Uses both Symmetric and Asymmetric encryption at the same time. □ Goals: ® Use the performance of Symmetric Crypto ® Convenience of sharing keys using Asymmetric Crypto ® HMAC for authentication. □ Steps: (Order is very important) ® Party 1 (Alice) 1. Generates a random AES Session Key (32 bytes / 256 bits) 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits) 3. Encrypt the message to be sent using the AES Session Key & IV 4. Calculate an HMAC of the encrypted message using the AES Session key 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient. 6. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, and HMAC) to Bob ® Party 2 (Bob) 1. Decrypts Session key using his Private Key 2. Recalculates the HMAC of the encrypted message (Validates message integrity) } If HMAC check pass – Decrypts the message using the decrypted AES Session Key and Initialization Vector } Otherwise, rejects the message because of integrity check failure. Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

EP47 - AskDeveloper Podcast - Cryptography - Part 2 - Encryption

Ask Developer

599 subscribers

الحلقة السابقة https://soundcloud.com/askdeveloper/ep46-askdeveloper-podcast-cryptography-part-1-introduction-and-hashing ○ Encryption (Two Ways) § Symmetric Encryption □ Same key both encrypts and decrypts the data. □ Very fast, yet exchanging key is tricky □ Very Algorithmic □ Examples ® DES Data Encryption Standard (BROKEN) ◊ Uses key of 56 bit length ® Triple DES (3DES) ◊ Uses three keys (or two unique keys) of 56 bit each ® AES Advanced Encryption Standard ◊ Uses keys of 128, 192 or 256 bits long □ Attacks ® Brute force ◊ Usually mitigated via increasing key length, as difficulty increases exponentially as key size increases, for example time to crack given a modern super computer. Key Size Time To Crack 56 bits 399 seconds 128 bits 1.02 * 1018 years 192 bits 1.87 * 1037 years 256 bits 3.31 * 1056 years ◊ Side-Channel Attacks § Asymmetric Encryption □ Key pairs have mathematical relationship □ Each one can decrypt messages encrypted by the other. □ Slow, but exchanging key is trivial □ Very Mathematical □ Anyone can know the Public Key ® The Public key can only be used to encrypt data □ The Private key is kept secret, and never leaves the recipient's side. ® The Private key can only be used to decrypt data □ Examples ® RSA (Rivest, Shamir and Adelman) ® The de-facto standard in the industry ® Public and Private keys are based on large Prime Numbers § Hybrid Encryption □ Uses both Symmetric and Asymmetric encryption at the same time. □ Goals: ® Use the performance of Symmetric Crypto ® Convenience of sharing keys using Asymmetric Crypto ® HMAC for authentication. □ Steps: (Order is very important) ® Party 1 (Alice) 1. Generates a random AES Session Key (32 bytes / 256 bits) 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits) 3. Encrypt the message to be sent using the AES Session Key & IV 4. Calculate an HMAC of the encrypted message using the AES Session key 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient. 6. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, and HMAC) to Bob ® Party 2 (Bob) 1. Decrypts Session key using his Private Key 2. Recalculates the HMAC of the encrypted message (Validates message integrity) } If HMAC check pass – Decrypts the message using the decrypted AES Session Key and Initialization Vector } Otherwise, rejects the message because of integrity check failure. Our facebook Page http://facebook.com/askdeveloper On Sound Cloud http://soundcloud.com/askdeveloper Please Like & Subscribe

Next Prev
0:00 / 0:00

Playback Speed

x1


0.5x

1.5x

1x