# Security Now 34

Security Now Episode 34 |

Hosts: Leo Laporte and Steve GibsonTopic: Public Key CryptographyRecorded: April 5, 2006Published: April 6, 2006Duration: 00:37:07 |

Steve and Leo discuss asymmetric key cryptography also known as Public Key Cryptography first looking at the Diffie-Hellman Key Exchange and then moving onto the operation of general purpose public key cryptology.

## Contents

## Diffie-Hellman Key Exchange

- This uses simple exponentiation E.g. a^b which is easy to do
- But getting an exact logarithm in a finite field is incredibly difficult

To use it:

- Raise one number to a power and keep lower digits of the result
- This means you cant divide backwards and do exact logarithm

Also the process is cumulative E.g. :

2^3 = 8

8^2 = 64

2^2 = 4

4^3 = 64

Also

2^6 = 64

To do:

- Agree on base number (a)
- Choose a big random number (b) (b1)

Person 1

- a^b = c

Person 2

- a^b1 = c1

Person 1

- c1^b = d

Person 2

- c^b1 = d

- So due to it being cumulative both people get the same result (d)
- Can make (a) public
- Keep (b) and (b1) private
- No one can work out b and b1 in a reasonable amount of time

## Asymmetric Cryptology / Public Key Cryptography

- A cryptographic process where you have separate keys for encrypting and decrypting
- Generate a pair of keys (A and B)
- Encrypt with (A) can only decrypt with (B)
- Encrypt with (B) can only decrypt with (A)
- Must keep one of the keys private
- Can not determine A from B, or B from A

To encrypt a message

- Get the persons public key
- Encrypt with it

To decrypt

- Only the person with the matching private key can decrypt

- If message is altered in transit it wont decrypt properly.
- Can only be decrypted with your private key if it was encrypted with your public key.

To verify the sender:

- Encrypt the message with your private key
- Encrypt the result with the persons public key

Send it to other person they:

- Decrypt it with there private key
- Decrypt the result with your public key

- Will only decrypt the message properly if the person sending it is who they say they are

Limitations:

- Requires long keys to get same level of security as symmetric encryption (1024 Bits)
- 1000x slower than symmetric encryption

To work around this:

- Asymmetric encryption is used to encrypt symmetric keys. E.g.

- Message encrypted first with symmetric cipher
- Key for symmetric cipher encrypted with public asymmetric cipher key
- Sent to other person
- They decrypt the symmetric key using there asymmetric private key
- Use the key to decrypt the message.

Attacks

- If you know what someone's public key is
- Get there message they encrypted with there private key
- Encrypt all possible plain texts with there public key and look for a collision
- Tells you what plain text was

To defeat this

- Put padding at the end of your message

## Sponsors

**Astaro**
00:27 - 0:39 and 35:16 - 36:00

## Production Notes

- Recorded Date: April 5, 2006
- Release Date: April 6, 2006
- Duration: 00:37:07
- Log line:
- Edited by:
- Notes: First SN to have a sponsor