Encryption Part I: Introduction to Encryption 2

00:02

Welcome to the second video in our Introduction to Encryption, which is Part I of our series

00:06

designed to teach you the user how to secure your data.

00:09

If you haven't watched the first video, I urge you to do so, as it covers the basics

00:13

of what encryption is and why it's important.

00:15

We also covered the first type of encryption: symmetric or secret key encryption.

00:20

We also mentioned the concept of "entropy," which is the amount of uncertainty in a message.

00:25

Since you should never use the same key on the same data, entropy helps you scramble

00:29

things up so that the encrypted result resembles random noise.

00:33

We're going to continue with the next type of encryption: asymmetric, or private key

00:38

encryption.

00:39

Remember from Part I that the problem we kept having was how Alice can get the secret key

00:44

to Bob without Eve getting it.

00:46

One solution to this is to use asymmetric-key, or private key encryption.

00:51

With this concept, Alice can generate an encryption key and keep it to herself.

00:55

This is her private key, and no one else in the world needs to have it.

01:00

From this private key she generates a public key, which she sends to Bob.

01:04

This doesn't have to be secure; if Eve gets it, no problem!

01:08

The reason why is that the public key cannot be used to decrypt anything.

01:12

It can only encrypt, and Alice uses her private key to decrypt it.

01:17

Alice can post her public key on the internet, and anyone who wants to can find it and use

01:21

it to send her a private communication; the private key CANNOT be recovered using only

01:27

the public key.

01:29

So this is secure, and Alice is in complete control of the private key.

01:33

She doesn't have to trust anyone else, but Bob has to trust Alice.

01:38

Pretty much Eve's only hope at deciphering the message is to get Alice's private key,

01:42

but since Alice can keep it secret and all to herself, this will be very difficult.

01:47

The problem is, it's uni-directional.

01:49

Bob can now send encrypted data to Alice, but Alice cannot send anything encrypted to

01:54

Bob.

01:55

Bob would have to generate his own private key and send Alice the public key so that

01:59

she can send a secure message to him.

02:01

You can combine methods, however.

02:03

Remember that the problem with secret key encryption was the difficulty in getting the

02:07

key to the other person securely.

02:10

Now, since Bob has Alice's public key, he can generate a secret key and send that to

02:16

Alice, encrypted with her public key.

02:18

They can then communicate as usual with secret-key encryption, and Eve has no way of getting

02:23

the encryption keys.

02:26

Private key encryption also gives us the ability to verify that a message was written by the

02:30

person we want to be talking to.

02:32

Bob has Alice's public key, but he wants to make sure it's Alice and not Eve pretending

02:36

to be Alice.

02:37

So he has Alice send him a message--this doesn't have to be encrypted--that is digitally signed

02:42

using her private key.

02:43

Bob can then verify the signature using Alice's public key.

02:47

If everything matches up, then Bob knows that the message was written by someone with access

02:52

to Alice's private key.

02:53

As long as Eve hasn't managed to steal Alice's private key, then it must be Alice who sent

02:58

the message.

03:00

But if Eve ever does manage to steal the private key, she can read encrypted messages that

03:04

Bob intends for Alice, and even send messages to Bob pretending to be Alice and the digital

03:10

signature would match.

03:11

Our third type of encryption isn't technically encryption, although a lot of the concepts

03:17

still apply.

03:18

It's called "hashing," and you can think of it as a sort of one-way encryption.

03:23

You take a piece of data, run it through a hashing algorithm, and the output is scrambled

03:27

in a way that can never, ever be descrambled.

03:30

What's the point?

03:31

Well, if you take the same piece of data and run it through the same hashing algorithm,

03:35

you'll get the same hash.

03:38

You can do this whenever you need to verify a piece of information but don't need to decipher

03:42

it.

03:43

That's what hashes are for: some kind of verification.

03:46

One use for this is passwords.

03:48

If Alice connects to Bob's server, she creates her password, it gets hashed, and the hash--NOT

03:54

the original password--is stored in Bob's server.

03:57

Then, whenever Alice logs in, the password she types gets hashed the same way.

04:03

Bob's server then compares this hash to the hash stored in his database, and if they match,

04:09

Alice is logged in.

04:10

Knowing the original password isn't necessary; we only need to confirm that she typed in

04:15

the same password.

04:17

With a good hashing protocol, there will be no hints given as to whether the hacker has

04:22

gotten close to guessing the password.

04:24

The hash for the password RoughMilkPaintBattle1 should look as different from the hash for

04:30

RoughMilkPaintBattle2 as it does from FailedCourageSeldomPhysical.

04:35

The only way Eve can crack it is to try passwords over and over and over again, until she gets

04:42

lucky and hits the one that generates the hash on Bob's server.

04:46

We'll talk more about secure password storage in Part II.

04:50

Another way is if she wants to verify that a file she gets from Bob hasn't been tampered

04:55

with.

04:56

She downloads the file, and then Bob separately gives her the hash.

05:00

Once she has the file, she runs the hashing algorithm on it, and compares the result to

05:05

the hash she got from Bob.

05:06

If they match, she can safely assume the file hasn't been tampered with.

05:11

The hash acts as a signature that verifies she has the correct file.

05:16

The Bittorrent protocol uses hashing to verify the integrity of the files it sends.

05:20

Along with the metadata describing the torrent and what file or files it contains, there

05:25

is an info-hash which the client runs to verify that no one has monkeyed around with this.

05:30

Plus, Bittorrent divides its files into pieces, and each piece is given its own hash.

05:36

Once the client finishes downloading a piece, it verifies the hash, and if the hash is different,

05:41

it knows an error has occurred and it needs to download the piece again.

05:46

So that's our other two types of encryption: asymmetric key, or private key, a uni-directional

05:51

encryption that can also be used to create and verify digital signatures, and hashing,

05:56

which is a sort of one-way encryption, encryption that cannot be undone.

06:00

It's used for verification, whether it's verifying that a user typed in the correct password

06:04

or verifying that we've downloaded a file without error or tampering.

06:08

In the next video, we'll look at different ways of implementing these different kinds

06:12

of encryption to deal with certain problems, and we'll also look at issues surrounding

06:16

those all-important random numbers.