Security Now 34

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 34


Steve and Leo discuss asymmetric key cryptography also known as Public Key Cryptography first looking at the Diffie-Hellman Key Exchange and then moving onto the operation of general purpose public key cryptology.

Diffie-Hellman Key Exchange

  • This uses simple exponentiation E.g. a^b which is easy to do
  • But getting an exact logarithm in a finite field is incredibly difficult

To use it:

  • Raise one number to a power and keep lower digits of the result
  • This means you cant divide backwards and do exact logarithm

Also the process is cumulative E.g. :
2^3 = 8
8^2 = 64

2^2 = 4
4^3 = 64

Also
2^6 = 64

To do:

  • Agree on base number (a)
  • Choose a big random number (b) (b1)

Person 1

  • a^b = c

Person 2

  • a^b1 = c1

Person 1

  • c1^b = d

Person 2

  • c^b1 = d
  • So due to it being cumulative both people get the same result (d)
  • Can make (a) public
  • Keep (b) and (b1) private
  • No one can work out b and b1 in a reasonable amount of time


Asymmetric Cryptology / Public Key Cryptography

  • A cryptographic process where you have separate keys for encrypting and decrypting
  • Generate a pair of keys (A and B)
  • Encrypt with (A) can only decrypt with (B)
  • Encrypt with (B) can only decrypt with (A)
  • Must keep one of the keys private
  • Can not determine A from B, or B from A

To encrypt a message

  • Get the persons public key
  • Encrypt with it

To decrypt

  • Only the person with the matching private key can decrypt
  • If message is altered in transit it wont decrypt properly.
  • Can only be decrypted with your private key if it was encrypted with your public key.

To verify the sender:

  • Encrypt the message with your private key
  • Encrypt the result with the persons public key

Send it to other person they:

  • Decrypt it with there private key
  • Decrypt the result with your public key
  • Will only decrypt the message properly if the person sending it is who they say they are

Limitations:

  • Requires long keys to get same level of security as symmetric encryption (1024 Bits)
  • 1000x slower than symmetric encryption

To work around this:

  • Asymmetric encryption is used to encrypt symmetric keys. E.g.
  • Message encrypted first with symmetric cipher
  • Key for symmetric cipher encrypted with public asymmetric cipher key
  • Sent to other person
  • They decrypt the symmetric key using there asymmetric private key
  • Use the key to decrypt the message.

Attacks

  • If you know what someone's public key is
  • Get there message they encrypted with there private key
  • Encrypt all possible plain texts with there public key and look for a collision
  • Tells you what plain text was

To defeat this

  • Put padding at the end of your message

Sponsors

Astaro 00:27 - 0:39 and 35:16 - 36:00

Production Notes

  • Recorded Date: April 5, 2006
  • Release Date: April 6, 2006
  • Duration: 00:37:07
  • Log line:
  • Edited by:
  • Notes: First SN to have a sponsor

External Links