Podcasts Technology AskDeveloper Podcast EP47 - AskDeveloper Podcast - Cryptography - Part 2 - Encryption

EP47 - AskDeveloper Podcast - Cryptography - Part 2 - Encryption

Published: Oct. 16, 2016, 7:11 a.m.

\u0627\u0644\u062d\u0644\u0642\u0629 \u0627\u0644\u0633\u0627\u0628\u0642\u0629 \nhttps://soundcloud.com/askdeveloper/ep46-askdeveloper-podcast-cryptography-part-1-introduction-and-hashing\n\u25cb Encryption (Two Ways)\n \xa7 Symmetric Encryption\n \u25a1 Same key both encrypts and decrypts the data.\n \u25a1 Very fast, yet exchanging key is tricky\n \u25a1 Very Algorithmic\n \u25a1 Examples\n \xae DES Data Encryption Standard (BROKEN)\n \u25ca Uses key of 56 bit length\n \xae Triple DES (3DES)\n \u25ca Uses three keys (or two unique keys) of 56 bit each\n \xae AES Advanced Encryption Standard\n \u25ca Uses keys of 128, 192 or 256 bits long\n \u25a1 Attacks\n \xae Brute force\n \u25ca Usually mitigated via increasing key length, as difficulty increases exponentially as key size increases, for example time to crack given a modern super computer.\n Key Size Time To Crack\n 56 bits 399 seconds\n 128 bits 1.02 * 1018 years\n 192 bits 1.87 * 1037 years\n 256 bits 3.31 * 1056 years\n \u25ca Side-Channel Attacks\n \xa7 Asymmetric Encryption\n \u25a1 Key pairs have mathematical relationship\n \u25a1 Each one can decrypt messages encrypted by the other.\n \u25a1 Slow, but exchanging key is trivial\n \u25a1 Very Mathematical\n \u25a1 Anyone can know the Public Key\n \xae The Public key can only be used to encrypt data\n \u25a1 The Private key is kept secret, and never leaves the recipient's side.\n \xae The Private key can only be used to decrypt data\n \u25a1 Examples\n \xae RSA (Rivest, Shamir and Adelman)\n \xae The de-facto standard in the industry\n \xae Public and Private keys are based on large Prime Numbers\n \xa7 Hybrid Encryption\n \u25a1 Uses both Symmetric and Asymmetric encryption at the same time.\n \u25a1 Goals:\n \xae Use the performance of Symmetric Crypto \n \xae Convenience of sharing keys using Asymmetric Crypto\n \xae HMAC for authentication.\n \u25a1 Steps: (Order is very important)\n \xae Party 1 (Alice)\n 1. Generates a random AES Session Key (32 bytes / 256 bits)\n 2. Generates a random Initialization Vector (IV) (16 bytes / 128 bits)\n 3. Encrypt the message to be sent using the AES Session Key & IV\n 4. Calculate an HMAC of the encrypted message using the AES Session key\n 5. Encrypt the AES Session Key using the Public Key of Party 2 (Bob) The recipient.\n 6. Sends a packet of (Encrypted Message, Encrypted Session Key, Initialization Vector, and HMAC) to Bob\n \xae Party 2 (Bob)\n 1. Decrypts Session key using his Private Key\n 2. Recalculates the HMAC of the encrypted message (Validates message integrity)\n } If HMAC check pass\n \u2013 Decrypts the message using the decrypted AES Session Key and Initialization Vector\n } Otherwise, rejects the message because of integrity check failure.\n\n\nOur facebook Page\nhttp://facebook.com/askdeveloper\n\nOn Sound Cloud\nhttp://soundcloud.com/askdeveloper\n\nPlease Like & Subscribe