[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:01.10,0:00:05.31,Default,,0000,0000,0000,,okay so again let's get started with
Dialogue: 0,0:00:03.33,0:00:06.75,Default,,0000,0000,0000,,today's lecture so today we're going to
Dialogue: 0,0:00:05.31,0:00:09.24,Default,,0000,0000,0000,,be talking about security and
Dialogue: 0,0:00:06.75,0:00:10.41,Default,,0000,0000,0000,,cryptography and today's lecture is
Dialogue: 0,0:00:09.24,0:00:12.78,Default,,0000,0000,0000,,gonna be a little bit different than our
Dialogue: 0,0:00:10.41,0:00:14.85,Default,,0000,0000,0000,,treatment of this topic in last year's
Dialogue: 0,0:00:12.78,0:00:16.62,Default,,0000,0000,0000,,class so last year we focused a little
Dialogue: 0,0:00:14.85,0:00:19.35,Default,,0000,0000,0000,,bit more on security and privacy and
Dialogue: 0,0:00:16.62,0:00:21.72,Default,,0000,0000,0000,,from the perspective of a user of a
Dialogue: 0,0:00:19.35,0:00:22.95,Default,,0000,0000,0000,,computer but today we're going to focus
Dialogue: 0,0:00:21.72,0:00:24.69,Default,,0000,0000,0000,,a little bit more on security and
Dialogue: 0,0:00:22.95,0:00:26.73,Default,,0000,0000,0000,,cryptography concepts that are relevant
Dialogue: 0,0:00:24.69,0:00:29.40,Default,,0000,0000,0000,,in understanding some of the tools that
Dialogue: 0,0:00:26.73,0:00:30.81,Default,,0000,0000,0000,,we talked about earlier in this class so
Dialogue: 0,0:00:29.40,0:00:32.25,Default,,0000,0000,0000,,for example we talked about hash
Dialogue: 0,0:00:30.81,0:00:34.80,Default,,0000,0000,0000,,functions or cryptographic hash
Dialogue: 0,0:00:32.25,0:00:37.83,Default,,0000,0000,0000,,functions like sha-1 in the get lecture
Dialogue: 0,0:00:34.80,0:00:39.24,Default,,0000,0000,0000,,or we talked about public keys when we
Dialogue: 0,0:00:37.83,0:00:41.01,Default,,0000,0000,0000,,talked about SSH in the command line
Dialogue: 0,0:00:39.24,0:00:43.26,Default,,0000,0000,0000,,environment in a command line
Dialogue: 0,0:00:41.01,0:00:44.61,Default,,0000,0000,0000,,environment lecture and so today we'll
Dialogue: 0,0:00:43.26,0:00:46.32,Default,,0000,0000,0000,,talk about there's different
Dialogue: 0,0:00:44.61,0:00:47.88,Default,,0000,0000,0000,,cryptographic primitives in more detail
Dialogue: 0,0:00:46.32,0:00:49.35,Default,,0000,0000,0000,,and get an understanding of how they
Dialogue: 0,0:00:47.88,0:00:50.58,Default,,0000,0000,0000,,work and how they're used in these
Dialogue: 0,0:00:49.35,0:00:53.46,Default,,0000,0000,0000,,different tools that we're teaching in
Dialogue: 0,0:00:50.58,0:00:55.89,Default,,0000,0000,0000,,this class this lecture is not a
Dialogue: 0,0:00:53.46,0:00:58.20,Default,,0000,0000,0000,,substitute for a more rigorous class in
Dialogue: 0,0:00:55.89,0:00:59.64,Default,,0000,0000,0000,,security so they're they're a bunch of
Dialogue: 0,0:00:58.20,0:01:01.05,Default,,0000,0000,0000,,really good classes at MIT like six
Dialogue: 0,0:00:59.64,0:01:03.66,Default,,0000,0000,0000,,eight five eight which is on computer
Dialogue: 0,0:01:01.05,0:01:06.42,Default,,0000,0000,0000,,system security or six eight five seven
Dialogue: 0,0:01:03.66,0:01:08.85,Default,,0000,0000,0000,,and six eight seven five which are more
Dialogue: 0,0:01:06.42,0:01:10.95,Default,,0000,0000,0000,,focused on cryptography so don't do
Dialogue: 0,0:01:08.85,0:01:13.38,Default,,0000,0000,0000,,security work without formal training in
Dialogue: 0,0:01:10.95,0:01:16.38,Default,,0000,0000,0000,,security from these classes or elsewhere
Dialogue: 0,0:01:13.38,0:01:17.58,Default,,0000,0000,0000,,and unless you're an expert don't roll
Dialogue: 0,0:01:16.38,0:01:19.86,Default,,0000,0000,0000,,your own crypto don't build your own
Dialogue: 0,0:01:17.58,0:01:21.96,Default,,0000,0000,0000,,crypto implementations or protocols and
Dialogue: 0,0:01:19.86,0:01:23.91,Default,,0000,0000,0000,,the same principle applies to computer
Dialogue: 0,0:01:21.96,0:01:25.56,Default,,0000,0000,0000,,system security this lecture is not
Dialogue: 0,0:01:23.91,0:01:27.87,Default,,0000,0000,0000,,about building your own stuff it's about
Dialogue: 0,0:01:25.56,0:01:29.37,Default,,0000,0000,0000,,understanding what's already out there
Dialogue: 0,0:01:27.87,0:01:31.29,Default,,0000,0000,0000,,and so this lecture will have a very
Dialogue: 0,0:01:29.37,0:01:32.82,Default,,0000,0000,0000,,informal but we think practical
Dialogue: 0,0:01:31.29,0:01:35.40,Default,,0000,0000,0000,,treatment of these basic cryptography
Dialogue: 0,0:01:32.82,0:01:36.66,Default,,0000,0000,0000,,concepts and yeah hopefully it'll help
Dialogue: 0,0:01:35.40,0:01:39.54,Default,,0000,0000,0000,,you understand some of the tools we
Dialogue: 0,0:01:36.66,0:01:40.59,Default,,0000,0000,0000,,talked about earlier in this class any
Dialogue: 0,0:01:39.54,0:01:45.00,Default,,0000,0000,0000,,questions about the plan for today's
Dialogue: 0,0:01:40.59,0:01:46.56,Default,,0000,0000,0000,,lecture great so the first topic for
Dialogue: 0,0:01:45.00,0:01:48.78,Default,,0000,0000,0000,,today is something called entropy
Dialogue: 0,0:01:46.56,0:01:51.12,Default,,0000,0000,0000,,entropy is a measure of randomness and
Dialogue: 0,0:01:48.78,0:01:52.38,Default,,0000,0000,0000,,this is useful for example when trying
Dialogue: 0,0:01:51.12,0:01:55.23,Default,,0000,0000,0000,,to determine the strength of a password
Dialogue: 0,0:01:52.38,0:01:58.29,Default,,0000,0000,0000,,so let's take a look at this comic from
Dialogue: 0,0:01:55.23,0:02:00.30,Default,,0000,0000,0000,,xkcd we're a big fan of xkcd comics so
Dialogue: 0,0:01:58.29,0:02:02.49,Default,,0000,0000,0000,,this comic raise your hand if you've
Dialogue: 0,0:02:00.30,0:02:05.16,Default,,0000,0000,0000,,seen this before know a good number of
Dialogue: 0,0:02:02.49,0:02:07.53,Default,,0000,0000,0000,,you so this comic is complaining about
Dialogue: 0,0:02:05.16,0:02:09.27,Default,,0000,0000,0000,,this common pattern that's been taught
Dialogue: 0,0:02:07.53,0:02:11.88,Default,,0000,0000,0000,,to users of computers that when you
Dialogue: 0,0:02:09.27,0:02:12.94,Default,,0000,0000,0000,,design passwords they should be things
Dialogue: 0,0:02:11.88,0:02:16.75,Default,,0000,0000,0000,,like that T
Dialogue: 0,0:02:12.94,0:02:19.42,Default,,0000,0000,0000,,our zero ub40 orm purse and three string
Dialogue: 0,0:02:16.75,0:02:21.04,Default,,0000,0000,0000,,in the top-left like we should design
Dialogue: 0,0:02:19.42,0:02:22.45,Default,,0000,0000,0000,,passwords that are full of funny
Dialogue: 0,0:02:21.04,0:02:25.21,Default,,0000,0000,0000,,characters and things like that to make
Dialogue: 0,0:02:22.45,0:02:26.62,Default,,0000,0000,0000,,it hard for attackers to guess and yet
Dialogue: 0,0:02:25.21,0:02:28.69,Default,,0000,0000,0000,,turns out that passwords like that are
Dialogue: 0,0:02:26.62,0:02:30.37,Default,,0000,0000,0000,,actually pretty weak and guessable by
Dialogue: 0,0:02:28.69,0:02:32.53,Default,,0000,0000,0000,,computers that can guess postures really
Dialogue: 0,0:02:30.37,0:02:34.66,Default,,0000,0000,0000,,fast and brute-force attacks and on the
Dialogue: 0,0:02:32.53,0:02:37.51,Default,,0000,0000,0000,,other hand passwords which maybe
Dialogue: 0,0:02:34.66,0:02:39.13,Default,,0000,0000,0000,,intuitively don't look as secure like
Dialogue: 0,0:02:37.51,0:02:41.62,Default,,0000,0000,0000,,the one on the bottom left correct horse
Dialogue: 0,0:02:39.13,0:02:45.10,Default,,0000,0000,0000,,battery staple that one turns out to be
Dialogue: 0,0:02:41.62,0:02:47.65,Default,,0000,0000,0000,,way more secure so how do I actually
Dialogue: 0,0:02:45.10,0:02:49.81,Default,,0000,0000,0000,,quantify the security of these different
Dialogue: 0,0:02:47.65,0:02:51.94,Default,,0000,0000,0000,,passwords it's by measuring the amount
Dialogue: 0,0:02:49.81,0:02:55.23,Default,,0000,0000,0000,,of randomness in the password how many
Dialogue: 0,0:02:51.94,0:02:57.70,Default,,0000,0000,0000,,bits of randomness are in there and so
Dialogue: 0,0:02:55.23,0:02:59.17,Default,,0000,0000,0000,,entropy is measured in bits this is like
Dialogue: 0,0:02:57.70,0:03:07.33,Default,,0000,0000,0000,,the same bits from information theory
Dialogue: 0,0:02:59.17,0:03:09.31,Default,,0000,0000,0000,,and we're only going to talk about the
Dialogue: 0,0:03:07.33,0:03:11.11,Default,,0000,0000,0000,,simple case where you're trying to
Dialogue: 0,0:03:09.31,0:03:12.61,Default,,0000,0000,0000,,measure the amount of randomness when
Dialogue: 0,0:03:11.11,0:03:15.55,Default,,0000,0000,0000,,you're choosing from a set of things
Dialogue: 0,0:03:12.61,0:03:17.32,Default,,0000,0000,0000,,uniformly at random so for example when
Dialogue: 0,0:03:15.55,0:03:19.78,Default,,0000,0000,0000,,you're constructing a password that's in
Dialogue: 0,0:03:17.32,0:03:22.12,Default,,0000,0000,0000,,the format of four random words you're
Dialogue: 0,0:03:19.78,0:03:24.31,Default,,0000,0000,0000,,kind of considering all possible
Dialogue: 0,0:03:22.12,0:03:25.72,Default,,0000,0000,0000,,sequences of four random words made from
Dialogue: 0,0:03:24.31,0:03:26.74,Default,,0000,0000,0000,,some dictionary you have you might have
Dialogue: 0,0:03:25.72,0:03:28.39,Default,,0000,0000,0000,,a dictionary would say a hundred
Dialogue: 0,0:03:26.74,0:03:31.21,Default,,0000,0000,0000,,thousand words and you're selecting each
Dialogue: 0,0:03:28.39,0:03:32.38,Default,,0000,0000,0000,,word uniformly at random how many
Dialogue: 0,0:03:31.21,0:03:33.73,Default,,0000,0000,0000,,possibilities are there
Dialogue: 0,0:03:32.38,0:03:35.83,Default,,0000,0000,0000,,well you can go and figure that out in
Dialogue: 0,0:03:33.73,0:03:37.87,Default,,0000,0000,0000,,that example once you know how many
Dialogue: 0,0:03:35.83,0:03:40.69,Default,,0000,0000,0000,,possibilities there the measure of
Dialogue: 0,0:03:37.87,0:03:49.39,Default,,0000,0000,0000,,entropy is log base 2 of the number of
Dialogue: 0,0:03:40.69,0:03:51.46,Default,,0000,0000,0000,,possibilities and as that comic suggests
Dialogue: 0,0:03:49.39,0:03:52.90,Default,,0000,0000,0000,,this is related to how long it'll take
Dialogue: 0,0:03:51.46,0:03:54.97,Default,,0000,0000,0000,,an attacker to try to brute-force
Dialogue: 0,0:03:52.90,0:03:56.59,Default,,0000,0000,0000,,through your different passwords like if
Dialogue: 0,0:03:54.97,0:03:57.82,Default,,0000,0000,0000,,you have a thousand possibilities you're
Dialogue: 0,0:03:56.59,0:03:59.65,Default,,0000,0000,0000,,guessing passwords at a thousand
Dialogue: 0,0:03:57.82,0:04:04.30,Default,,0000,0000,0000,,passwords a second that's not a very
Dialogue: 0,0:03:59.65,0:04:07.84,Default,,0000,0000,0000,,good password so this is a couple of
Dialogue: 0,0:04:04.30,0:04:09.34,Default,,0000,0000,0000,,quick examples a coin flip has two
Dialogue: 0,0:04:07.84,0:04:15.28,Default,,0000,0000,0000,,possibilities and let's assume we have a
Dialogue: 0,0:04:09.34,0:04:19.65,Default,,0000,0000,0000,,fair coin and so a coin flip has log
Dialogue: 0,0:04:15.28,0:04:21.49,Default,,0000,0000,0000,,base 2 of 2 is one bit of entropy and
Dialogue: 0,0:04:19.65,0:04:24.88,Default,,0000,0000,0000,,another thing we might look at is
Dialogue: 0,0:04:21.49,0:04:26.54,Default,,0000,0000,0000,,something like a dice roll so there's
Dialogue: 0,0:04:24.88,0:04:32.51,Default,,0000,0000,0000,,six possibilities and log
Dialogue: 0,0:04:26.54,0:04:33.64,Default,,0000,0000,0000,,two of six is something like 2.6 bits of
Dialogue: 0,0:04:32.51,0:04:36.38,Default,,0000,0000,0000,,entropy
Dialogue: 0,0:04:33.64,0:04:40.10,Default,,0000,0000,0000,,so that's how we quantify the amount of
Dialogue: 0,0:04:36.38,0:04:41.93,Default,,0000,0000,0000,,randomness in something so now going
Dialogue: 0,0:04:40.10,0:04:43.40,Default,,0000,0000,0000,,back to that example in the xkcd comic
Dialogue: 0,0:04:41.93,0:04:44.69,Default,,0000,0000,0000,,when we want to figure out how much
Dialogue: 0,0:04:43.40,0:04:46.67,Default,,0000,0000,0000,,entropy is in a password we have to
Dialogue: 0,0:04:44.69,0:04:48.68,Default,,0000,0000,0000,,consider and if the model for how the
Dialogue: 0,0:04:46.67,0:04:51.11,Default,,0000,0000,0000,,password was generated for example in
Dialogue: 0,0:04:48.68,0:04:53.45,Default,,0000,0000,0000,,the top left you could consider okay we
Dialogue: 0,0:04:51.11,0:04:55.31,Default,,0000,0000,0000,,take one dictionary word make some
Dialogue: 0,0:04:53.45,0:04:57.65,Default,,0000,0000,0000,,substitutions of some of the characters
Dialogue: 0,0:04:55.31,0:04:59.75,Default,,0000,0000,0000,,with numbers that look similar to that
Dialogue: 0,0:04:57.65,0:05:01.43,Default,,0000,0000,0000,,character add one punctuation mark at
Dialogue: 0,0:04:59.75,0:05:04.34,Default,,0000,0000,0000,,the end and add one numeral after that
Dialogue: 0,0:05:01.43,0:05:05.63,Default,,0000,0000,0000,,and we can take that model and then use
Dialogue: 0,0:05:04.34,0:05:07.40,Default,,0000,0000,0000,,common rhetoric to figure out how many
Dialogue: 0,0:05:05.63,0:05:09.26,Default,,0000,0000,0000,,possibilities there are and from that we
Dialogue: 0,0:05:07.40,0:05:10.55,Default,,0000,0000,0000,,can derive how many bits of entropy are
Dialogue: 0,0:05:09.26,0:05:13.13,Default,,0000,0000,0000,,in that password so in that particular
Dialogue: 0,0:05:10.55,0:05:14.18,Default,,0000,0000,0000,,example I don't know exactly what model
Dialogue: 0,0:05:13.13,0:05:16.75,Default,,0000,0000,0000,,they were using for the password but
Dialogue: 0,0:05:14.18,0:05:19.28,Default,,0000,0000,0000,,they calculated their 28 bits of entropy
Dialogue: 0,0:05:16.75,0:05:22.25,Default,,0000,0000,0000,,whereas in the bottom-left example that
Dialogue: 0,0:05:19.28,0:05:23.96,Default,,0000,0000,0000,,correct horse battery staple they assume
Dialogue: 0,0:05:22.25,0:05:26.63,Default,,0000,0000,0000,,that you're working from a dictionary of
Dialogue: 0,0:05:23.96,0:05:28.85,Default,,0000,0000,0000,,about 2,000 words and so when you
Dialogue: 0,0:05:26.63,0:05:30.77,Default,,0000,0000,0000,,combine four of those words together you
Dialogue: 0,0:05:28.85,0:05:31.85,Default,,0000,0000,0000,,get about 44 bits of entropy from that
Dialogue: 0,0:05:30.77,0:05:34.67,Default,,0000,0000,0000,,so it's much more secure than the
Dialogue: 0,0:05:31.85,0:05:36.62,Default,,0000,0000,0000,,example before it so any questions about
Dialogue: 0,0:05:34.67,0:05:43.52,Default,,0000,0000,0000,,this definition of entropy or why it's
Dialogue: 0,0:05:36.62,0:05:45.62,Default,,0000,0000,0000,,useful and so when you're generating
Dialogue: 0,0:05:43.52,0:05:47.06,Default,,0000,0000,0000,,your own passwords keep this in mind you
Dialogue: 0,0:05:45.62,0:05:48.80,Default,,0000,0000,0000,,want a high entropy password and the
Dialogue: 0,0:05:47.06,0:05:50.36,Default,,0000,0000,0000,,exact number you need depends on exactly
Dialogue: 0,0:05:48.80,0:05:52.19,Default,,0000,0000,0000,,what you're trying to protect against
Dialogue: 0,0:05:50.36,0:05:53.54,Default,,0000,0000,0000,,like in general a concept in securities
Dialogue: 0,0:05:52.19,0:05:55.70,Default,,0000,0000,0000,,you have to keep in mind what your
Dialogue: 0,0:05:53.54,0:05:56.93,Default,,0000,0000,0000,,threat model is like what attackers
Dialogue: 0,0:05:55.70,0:05:58.46,Default,,0000,0000,0000,,you're concerned about what kinds of
Dialogue: 0,0:05:56.93,0:06:01.16,Default,,0000,0000,0000,,technique the attackers might be using
Dialogue: 0,0:05:58.46,0:06:02.93,Default,,0000,0000,0000,,for example this comic refers to an
Dialogue: 0,0:06:01.16,0:06:04.58,Default,,0000,0000,0000,,attacker that can guess a thousand
Dialogue: 0,0:06:02.93,0:06:07.10,Default,,0000,0000,0000,,passwords a second this might be
Dialogue: 0,0:06:04.58,0:06:09.14,Default,,0000,0000,0000,,something that's possible for say a web
Dialogue: 0,0:06:07.10,0:06:11.48,Default,,0000,0000,0000,,service that allows people to try to log
Dialogue: 0,0:06:09.14,0:06:12.83,Default,,0000,0000,0000,,in with your email and then random
Dialogue: 0,0:06:11.48,0:06:15.43,Default,,0000,0000,0000,,passwords that the attacker is trying
Dialogue: 0,0:06:12.83,0:06:17.60,Default,,0000,0000,0000,,but this thousand passwords the second
Dialogue: 0,0:06:15.43,0:06:19.97,Default,,0000,0000,0000,,model might not be accurate for other
Dialogue: 0,0:06:17.60,0:06:21.59,Default,,0000,0000,0000,,scenarios for example an offline
Dialogue: 0,0:06:19.97,0:06:23.87,Default,,0000,0000,0000,,password cracking scenario or maybe the
Dialogue: 0,0:06:21.59,0:06:25.79,Default,,0000,0000,0000,,attacker has broken into a website and
Dialogue: 0,0:06:23.87,0:06:27.92,Default,,0000,0000,0000,,downloaded their database and they have
Dialogue: 0,0:06:25.79,0:06:28.70,Default,,0000,0000,0000,,some obfuscated form of your password
Dialogue: 0,0:06:27.92,0:06:30.56,Default,,0000,0000,0000,,and they're trying to figure out what
Dialogue: 0,0:06:28.70,0:06:31.88,Default,,0000,0000,0000,,the password is maybe they can paralyze
Dialogue: 0,0:06:30.56,0:06:34.01,Default,,0000,0000,0000,,this attack and make it go to million
Dialogue: 0,0:06:31.88,0:06:35.51,Default,,0000,0000,0000,,guesses a second and so exactly how much
Dialogue: 0,0:06:34.01,0:06:37.21,Default,,0000,0000,0000,,entropy you need depends on exactly what
Dialogue: 0,0:06:35.51,0:06:39.35,Default,,0000,0000,0000,,you're trying to protect against but
Dialogue: 0,0:06:37.21,0:06:40.23,Default,,0000,0000,0000,,roughly forty bits of entropy might be
Dialogue: 0,0:06:39.35,0:06:42.66,Default,,0000,0000,0000,,good enough for
Dialogue: 0,0:06:40.23,0:06:44.37,Default,,0000,0000,0000,,which is protected by a website and
Dialogue: 0,0:06:42.66,0:06:47.34,Default,,0000,0000,0000,,you're concerned about online password
Dialogue: 0,0:06:44.37,0:06:49.14,Default,,0000,0000,0000,,guesses and then maybe something like 80
Dialogue: 0,0:06:47.34,0:06:51.00,Default,,0000,0000,0000,,bits of entropy might be good if you're
Dialogue: 0,0:06:49.14,0:06:52.53,Default,,0000,0000,0000,,concerned about offline attacks and you
Dialogue: 0,0:06:51.00,0:06:58.26,Default,,0000,0000,0000,,want to be really really secure so
Dialogue: 0,0:06:52.53,0:07:00.39,Default,,0000,0000,0000,,they're rough guidelines you can use and
Dialogue: 0,0:06:58.26,0:07:02.37,Default,,0000,0000,0000,,then how do you actually generate strong
Dialogue: 0,0:07:00.39,0:07:03.99,Default,,0000,0000,0000,,passwords well you have some model for
Dialogue: 0,0:07:02.37,0:07:05.34,Default,,0000,0000,0000,,password for example the for dictionary
Dialogue: 0,0:07:03.99,0:07:07.32,Default,,0000,0000,0000,,works thing and you can actually get a
Dialogue: 0,0:07:05.34,0:07:08.70,Default,,0000,0000,0000,,dictionary and then you can use methods
Dialogue: 0,0:07:07.32,0:07:10.68,Default,,0000,0000,0000,,like dice where so there's a song we
Dialogue: 0,0:07:08.70,0:07:12.84,Default,,0000,0000,0000,,linked to in the lecture notes where you
Dialogue: 0,0:07:10.68,0:07:14.46,Default,,0000,0000,0000,,can actually get physical dye and roll
Dialogue: 0,0:07:12.84,0:07:15.90,Default,,0000,0000,0000,,them and then map dice rolls to
Dialogue: 0,0:07:14.46,0:07:17.73,Default,,0000,0000,0000,,dictionary words in order to eventually
Dialogue: 0,0:07:15.90,0:07:19.29,Default,,0000,0000,0000,,turn that into a password and doing
Dialogue: 0,0:07:17.73,0:07:21.54,Default,,0000,0000,0000,,something like this using some kind of
Dialogue: 0,0:07:19.29,0:07:24.15,Default,,0000,0000,0000,,physical token that you know is random
Dialogue: 0,0:07:21.54,0:07:26.28,Default,,0000,0000,0000,,like a balanced die or a coin that you
Dialogue: 0,0:07:24.15,0:07:27.87,Default,,0000,0000,0000,,know is balanced is a good thing to do
Dialogue: 0,0:07:26.28,0:07:29.61,Default,,0000,0000,0000,,because humans are actually not good at
Dialogue: 0,0:07:27.87,0:07:31.20,Default,,0000,0000,0000,,choosing random numbers right if I just
Dialogue: 0,0:07:29.61,0:07:32.94,Default,,0000,0000,0000,,asked you to name a random number for 1
Dialogue: 0,0:07:31.20,0:07:34.71,Default,,0000,0000,0000,,to 100 chances are that you're probably
Dialogue: 0,0:07:32.94,0:07:35.79,Default,,0000,0000,0000,,not doing so uniformly at random very
Dialogue: 0,0:07:34.71,0:07:37.20,Default,,0000,0000,0000,,well and so that's why it's actually
Dialogue: 0,0:07:35.79,0:07:42.30,Default,,0000,0000,0000,,good to use these physical tokens in
Dialogue: 0,0:07:37.20,0:07:44.61,Default,,0000,0000,0000,,order to produce randomness so entropy
Dialogue: 0,0:07:42.30,0:07:49.28,Default,,0000,0000,0000,,that's our first concept recovering any
Dialogue: 0,0:07:44.61,0:07:52.08,Default,,0000,0000,0000,,questions about that or about this comic
Dialogue: 0,0:07:49.28,0:07:54.60,Default,,0000,0000,0000,,great so getting into slightly more
Dialogue: 0,0:07:52.08,0:07:55.86,Default,,0000,0000,0000,,interesting and complicated topics the
Dialogue: 0,0:07:54.60,0:07:58.59,Default,,0000,0000,0000,,next thing we're going to talk about is
Dialogue: 0,0:07:55.86,0:08:00.51,Default,,0000,0000,0000,,hash functions so hopefully most of you
Dialogue: 0,0:07:58.59,0:08:02.28,Default,,0000,0000,0000,,were here during the get lecture where
Dialogue: 0,0:08:00.51,0:08:04.68,Default,,0000,0000,0000,,we talked about the sha-1 hash function
Dialogue: 0,0:08:02.28,0:08:12.15,Default,,0000,0000,0000,,used in get so now going into that topic
Dialogue: 0,0:08:04.68,0:08:14.10,Default,,0000,0000,0000,,in a little bit more detail hash
Dialogue: 0,0:08:12.15,0:08:16.62,Default,,0000,0000,0000,,functions at a high level are functions
Dialogue: 0,0:08:14.10,0:08:20.22,Default,,0000,0000,0000,,that map a variable amount of data into
Dialogue: 0,0:08:16.62,0:08:22.95,Default,,0000,0000,0000,,a fixed size output so for example the
Dialogue: 0,0:08:20.22,0:08:25.35,Default,,0000,0000,0000,,sha-1 hash functions is one example of a
Dialogue: 0,0:08:22.95,0:08:30.23,Default,,0000,0000,0000,,hash function takes in some input of
Dialogue: 0,0:08:25.35,0:08:35.34,Default,,0000,0000,0000,,some number of bytes and outputs exactly
Dialogue: 0,0:08:30.23,0:08:37.32,Default,,0000,0000,0000,,160 bits of output so that's kind of the
Dialogue: 0,0:08:35.34,0:08:39.57,Default,,0000,0000,0000,,type signature of this particular hash
Dialogue: 0,0:08:37.32,0:08:41.04,Default,,0000,0000,0000,,function and then these functions have
Dialogue: 0,0:08:39.57,0:08:42.69,Default,,0000,0000,0000,,some number of properties that are
Dialogue: 0,0:08:41.04,0:08:46.71,Default,,0000,0000,0000,,useful so at a high level
Dialogue: 0,0:08:42.69,0:08:47.82,Default,,0000,0000,0000,,these can be thought about as hard to
Dialogue: 0,0:08:46.71,0:08:50.01,Default,,0000,0000,0000,,invert functions that have
Dialogue: 0,0:08:47.82,0:08:53.19,Default,,0000,0000,0000,,random-looking outputs we can actually
Dialogue: 0,0:08:50.01,0:08:54.08,Default,,0000,0000,0000,,try this out on some random piece of
Dialogue: 0,0:08:53.19,0:08:56.93,Default,,0000,0000,0000,,data
Dialogue: 0,0:08:54.08,0:08:59.73,Default,,0000,0000,0000,,for example if I enter into my terminal
Dialogue: 0,0:08:56.93,0:09:02.13,Default,,0000,0000,0000,,printf hello this does exactly what you
Dialogue: 0,0:08:59.73,0:09:04.02,Default,,0000,0000,0000,,would expect it does prints the set to
Dialogue: 0,0:09:02.13,0:09:07.38,Default,,0000,0000,0000,,standard out and I can pipe this to the
Dialogue: 0,0:09:04.02,0:09:09.09,Default,,0000,0000,0000,,sha-1 sum command so this is a command
Dialogue: 0,0:09:07.38,0:09:11.70,Default,,0000,0000,0000,,line program that accepts input via
Dialogue: 0,0:09:09.09,0:09:13.17,Default,,0000,0000,0000,,standard in and computes this sha-1
Dialogue: 0,0:09:11.70,0:09:14.34,Default,,0000,0000,0000,,function which takes in some variable
Dialogue: 0,0:09:13.17,0:09:17.40,Default,,0000,0000,0000,,number of bytes from the input and
Dialogue: 0,0:09:14.34,0:09:20.13,Default,,0000,0000,0000,,produces a 160-bit output which in this
Dialogue: 0,0:09:17.40,0:09:21.72,Default,,0000,0000,0000,,particular case is represent or encoded
Dialogue: 0,0:09:20.13,0:09:24.00,Default,,0000,0000,0000,,as a hexadecimal string so it's a length
Dialogue: 0,0:09:21.72,0:09:26.13,Default,,0000,0000,0000,,40 hexadecimal string and you see this
Dialogue: 0,0:09:24.00,0:09:27.51,Default,,0000,0000,0000,,output right here this - just means it
Dialogue: 0,0:09:26.13,0:09:30.66,Default,,0000,0000,0000,,took it it took its input from
Dialogue: 0,0:09:27.51,0:09:32.40,Default,,0000,0000,0000,,standardin so this output just looks
Dialogue: 0,0:09:30.66,0:09:33.65,Default,,0000,0000,0000,,like some random number but one
Dialogue: 0,0:09:32.40,0:09:37.05,Default,,0000,0000,0000,,important thing is that this is a
Dialogue: 0,0:09:33.65,0:09:39.24,Default,,0000,0000,0000,,deterministic number if you try the same
Dialogue: 0,0:09:37.05,0:09:40.68,Default,,0000,0000,0000,,command on your own computer printf
Dialogue: 0,0:09:39.24,0:09:42.99,Default,,0000,0000,0000,,hello sha-1 something you will get the
Dialogue: 0,0:09:40.68,0:09:44.34,Default,,0000,0000,0000,,same number out so sha-1 is some
Dialogue: 0,0:09:42.99,0:09:47.19,Default,,0000,0000,0000,,well-known function that people have
Dialogue: 0,0:09:44.34,0:09:48.54,Default,,0000,0000,0000,,agreed upon for all its parameters we'll
Dialogue: 0,0:09:47.19,0:09:51.90,Default,,0000,0000,0000,,see that if we tweak the input a little
Dialogue: 0,0:09:48.54,0:09:54.39,Default,,0000,0000,0000,,bit like say changed hello to holo with
Dialogue: 0,0:09:51.90,0:09:55.92,Default,,0000,0000,0000,,a capital H now I get a completely
Dialogue: 0,0:09:54.39,0:09:57.54,Default,,0000,0000,0000,,different looking output and this also
Dialogue: 0,0:09:55.92,0:09:58.86,Default,,0000,0000,0000,,looks like some other kind of random ish
Dialogue: 0,0:09:57.54,0:10:00.09,Default,,0000,0000,0000,,number even though it is deterministic
Dialogue: 0,0:09:58.86,0:10:07.74,Default,,0000,0000,0000,,and you could reproduce this on your own
Dialogue: 0,0:10:00.09,0:10:16.14,Default,,0000,0000,0000,,computer hash functions have a number of
Dialogue: 0,0:10:07.74,0:10:17.61,Default,,0000,0000,0000,,properties that are pretty important the
Dialogue: 0,0:10:16.14,0:10:18.81,Default,,0000,0000,0000,,first property that cryptographic hash
Dialogue: 0,0:10:17.61,0:10:21.06,Default,,0000,0000,0000,,functions have is that their
Dialogue: 0,0:10:18.81,0:10:22.44,Default,,0000,0000,0000,,non-invertible and what that means is
Dialogue: 0,0:10:21.06,0:10:25.23,Default,,0000,0000,0000,,that if you take the output from this
Dialogue: 0,0:10:22.44,0:10:27.72,Default,,0000,0000,0000,,function for example that a a f4
Dialogue: 0,0:10:25.23,0:10:30.39,Default,,0000,0000,0000,,ballaugh 3 for D strings shown there
Dialogue: 0,0:10:27.72,0:10:32.85,Default,,0000,0000,0000,,from that output it's hard to figure out
Dialogue: 0,0:10:30.39,0:10:36.51,Default,,0000,0000,0000,,what the input was that produced that
Dialogue: 0,0:10:32.85,0:10:38.31,Default,,0000,0000,0000,,output so you can go one way compute the
Dialogue: 0,0:10:36.51,0:10:41.19,Default,,0000,0000,0000,,sha-1 hash easily but you can't go
Dialogue: 0,0:10:38.31,0:10:43.38,Default,,0000,0000,0000,,backwards another property that these
Dialogue: 0,0:10:41.19,0:10:50.91,Default,,0000,0000,0000,,functions have is that their collision
Dialogue: 0,0:10:43.38,0:10:53.40,Default,,0000,0000,0000,,resistant and what this property means
Dialogue: 0,0:10:50.91,0:10:56.78,Default,,0000,0000,0000,,is that it's hard to find two different
Dialogue: 0,0:10:53.40,0:10:59.91,Default,,0000,0000,0000,,inputs that produce the same output and
Dialogue: 0,0:10:56.78,0:11:02.46,Default,,0000,0000,0000,,so this basically describes what a
Dialogue: 0,0:10:59.91,0:11:04.04,Default,,0000,0000,0000,,cryptographic hash function is so any
Dialogue: 0,0:11:02.46,0:11:06.51,Default,,0000,0000,0000,,questions about the kind of
Dialogue: 0,0:11:04.04,0:11:08.90,Default,,0000,0000,0000,,specification of a cryptographic hash
Dialogue: 0,0:11:06.51,0:11:08.90,Default,,0000,0000,0000,,function
Dialogue: 0,0:11:09.35,0:11:13.38,Default,,0000,0000,0000,,okay so what are these hash functions
Dialogue: 0,0:11:11.58,0:11:16.17,Default,,0000,0000,0000,,actually useful for well we've already
Dialogue: 0,0:11:13.38,0:11:19.26,Default,,0000,0000,0000,,seen one application in git for content
Dialogue: 0,0:11:16.17,0:11:22.07,Default,,0000,0000,0000,,address storage so we want it get we
Dialogue: 0,0:11:19.26,0:11:24.18,Default,,0000,0000,0000,,want some uniform way of naming
Dialogue: 0,0:11:22.07,0:11:26.13,Default,,0000,0000,0000,,different objects that are in the object
Dialogue: 0,0:11:24.18,0:11:27.90,Default,,0000,0000,0000,,store and it turns out that get
Dialogue: 0,0:11:26.13,0:11:29.94,Default,,0000,0000,0000,,addresses all of them by their sha-1
Dialogue: 0,0:11:27.90,0:11:33.00,Default,,0000,0000,0000,,hash so you have the actual data you
Dialogue: 0,0:11:29.94,0:11:34.83,Default,,0000,0000,0000,,want to store and then to name that
Dialogue: 0,0:11:33.00,0:11:36.42,Default,,0000,0000,0000,,particular piece of data you just name
Dialogue: 0,0:11:34.83,0:11:37.65,Default,,0000,0000,0000,,the sha-1 hash and all of that is stored
Dialogue: 0,0:11:36.42,0:11:41.82,Default,,0000,0000,0000,,in the object store in that particular
Dialogue: 0,0:11:37.65,0:11:43.23,Default,,0000,0000,0000,,way we see this when looking at many
Dialogue: 0,0:11:41.82,0:11:45.03,Default,,0000,0000,0000,,different parts of git for example right
Dialogue: 0,0:11:43.23,0:11:47.52,Default,,0000,0000,0000,,here I'm going to get repository if I do
Dialogue: 0,0:11:45.03,0:11:50.61,Default,,0000,0000,0000,,get log it shows me the commits and for
Dialogue: 0,0:11:47.52,0:11:53.28,Default,,0000,0000,0000,,example this number up here is the
Dialogue: 0,0:11:50.61,0:11:55.29,Default,,0000,0000,0000,,cryptographic hash function sha-1 apply
Dialogue: 0,0:11:53.28,0:11:58.47,Default,,0000,0000,0000,,to the commit object that describes this
Dialogue: 0,0:11:55.29,0:12:00.36,Default,,0000,0000,0000,,particular commit so does anybody know
Dialogue: 0,0:11:58.47,0:12:02.37,Default,,0000,0000,0000,,why git uses a cryptographic hash
Dialogue: 0,0:12:00.36,0:12:03.48,Default,,0000,0000,0000,,function here as opposed to so you might
Dialogue: 0,0:12:02.37,0:12:04.83,Default,,0000,0000,0000,,have heard in your other computer
Dialogue: 0,0:12:03.48,0:12:06.57,Default,,0000,0000,0000,,science classes like say your
Dialogue: 0,0:12:04.83,0:12:08.85,Default,,0000,0000,0000,,introductory algorithms class there are
Dialogue: 0,0:12:06.57,0:12:11.01,Default,,0000,0000,0000,,things called hash functions without the
Dialogue: 0,0:12:08.85,0:12:13.74,Default,,0000,0000,0000,,word cryptographic appended in front of
Dialogue: 0,0:12:11.01,0:12:16.08,Default,,0000,0000,0000,,them and they have similar properties
Dialogue: 0,0:12:13.74,0:12:18.57,Default,,0000,0000,0000,,that they turn a variable sized input
Dialogue: 0,0:12:16.08,0:12:21.30,Default,,0000,0000,0000,,into some fixed size output but they
Dialogue: 0,0:12:18.57,0:12:23.40,Default,,0000,0000,0000,,don't quite have these properties where
Dialogue: 0,0:12:21.30,0:12:24.81,Default,,0000,0000,0000,,it's hard to find an input that produces
Dialogue: 0,0:12:23.40,0:12:26.82,Default,,0000,0000,0000,,a particular output or things like that
Dialogue: 0,0:12:24.81,0:12:29.01,Default,,0000,0000,0000,,it's a kind of weaker definition than
Dialogue: 0,0:12:26.82,0:12:29.88,Default,,0000,0000,0000,,this so why is it that in get we care
Dialogue: 0,0:12:29.01,0:12:32.10,Default,,0000,0000,0000,,about having a cryptographic hash
Dialogue: 0,0:12:29.88,0:12:33.81,Default,,0000,0000,0000,,function as opposed to just a regular
Dialogue: 0,0:12:32.10,0:12:36.08,Default,,0000,0000,0000,,old hash function does anybody have any
Dialogue: 0,0:12:33.81,0:12:36.08,Default,,0000,0000,0000,,ideas
Dialogue: 0,0:12:45.39,0:12:52.18,Default,,0000,0000,0000,,yeah that's that's basically it that we
Dialogue: 0,0:12:49.18,0:12:54.01,Default,,0000,0000,0000,,don't want to have kind of conflicts in
Dialogue: 0,0:12:52.18,0:12:55.66,Default,,0000,0000,0000,,the output from this hash function like
Dialogue: 0,0:12:54.01,0:12:57.70,Default,,0000,0000,0000,,every commit is identified by a hash
Dialogue: 0,0:12:55.66,0:12:59.77,Default,,0000,0000,0000,,function every file is identified by the
Dialogue: 0,0:12:57.70,0:13:01.00,Default,,0000,0000,0000,,hash of that file if it were ever the
Dialogue: 0,0:12:59.77,0:13:03.19,Default,,0000,0000,0000,,case that two different pieces of
Dialogue: 0,0:13:01.00,0:13:05.62,Default,,0000,0000,0000,,content in practice produce the same
Dialogue: 0,0:13:03.19,0:13:07.60,Default,,0000,0000,0000,,output that is if the function were not
Dialogue: 0,0:13:05.62,0:13:09.61,Default,,0000,0000,0000,,collision resistant that could be really
Dialogue: 0,0:13:07.60,0:13:12.01,Default,,0000,0000,0000,,problematic right because then you and I
Dialogue: 0,0:13:09.61,0:13:13.99,Default,,0000,0000,0000,,we could have to do to get repos that we
Dialogue: 0,0:13:12.01,0:13:15.76,Default,,0000,0000,0000,,think are the same we check out the same
Dialogue: 0,0:13:13.99,0:13:18.46,Default,,0000,0000,0000,,commit hash and we might end up with
Dialogue: 0,0:13:15.76,0:13:21.40,Default,,0000,0000,0000,,different files and this is concerning
Dialogue: 0,0:13:18.46,0:13:23.38,Default,,0000,0000,0000,,because git is used to track software a
Dialogue: 0,0:13:21.40,0:13:25.51,Default,,0000,0000,0000,,track development of software and it's
Dialogue: 0,0:13:23.38,0:13:28.18,Default,,0000,0000,0000,,also kind of involved in making sure
Dialogue: 0,0:13:25.51,0:13:29.44,Default,,0000,0000,0000,,that the right people are authoring the
Dialogue: 0,0:13:28.18,0:13:30.70,Default,,0000,0000,0000,,software nothing funny has happened in
Dialogue: 0,0:13:29.44,0:13:32.62,Default,,0000,0000,0000,,the process for example there all these
Dialogue: 0,0:13:30.70,0:13:34.54,Default,,0000,0000,0000,,open source projects like the Linux
Dialogue: 0,0:13:32.62,0:13:37.15,Default,,0000,0000,0000,,kernel where development is done using
Dialogue: 0,0:13:34.54,0:13:39.61,Default,,0000,0000,0000,,git it would be really bad if some
Dialogue: 0,0:13:37.15,0:13:41.29,Default,,0000,0000,0000,,contributor to get could say edit some
Dialogue: 0,0:13:39.61,0:13:42.97,Default,,0000,0000,0000,,file and propose some change that looks
Dialogue: 0,0:13:41.29,0:13:44.98,Default,,0000,0000,0000,,pretty benign like oh let me go and
Dialogue: 0,0:13:42.97,0:13:46.72,Default,,0000,0000,0000,,improve this part of Linux submit that
Dialogue: 0,0:13:44.98,0:13:48.97,Default,,0000,0000,0000,,change request to the Linux developers
Dialogue: 0,0:13:46.72,0:13:52.12,Default,,0000,0000,0000,,and then in practice actually supply a
Dialogue: 0,0:13:48.97,0:13:54.22,Default,,0000,0000,0000,,git repository that has the same commit
Dialogue: 0,0:13:52.12,0:13:55.57,Default,,0000,0000,0000,,hash and whatnot but actually the file
Dialogue: 0,0:13:54.22,0:13:59.08,Default,,0000,0000,0000,,contents are different there's something
Dialogue: 0,0:13:55.57,0:14:00.73,Default,,0000,0000,0000,,malicious so git actually relies on this
Dialogue: 0,0:13:59.08,0:14:03.19,Default,,0000,0000,0000,,sha-1 function being a cryptographic
Dialogue: 0,0:14:00.73,0:14:10.15,Default,,0000,0000,0000,,hash function in order to achieve
Dialogue: 0,0:14:03.19,0:14:11.68,Default,,0000,0000,0000,,security any questions about that and
Dialogue: 0,0:14:10.15,0:14:13.81,Default,,0000,0000,0000,,some other interesting applications of
Dialogue: 0,0:14:11.68,0:14:15.67,Default,,0000,0000,0000,,hash functions so as we saw hash
Dialogue: 0,0:14:13.81,0:14:17.95,Default,,0000,0000,0000,,functions turn big inputs into small
Dialogue: 0,0:14:15.67,0:14:19.75,Default,,0000,0000,0000,,outputs and in a way because the hash
Dialogue: 0,0:14:17.95,0:14:21.67,Default,,0000,0000,0000,,function is collision resistant the
Dialogue: 0,0:14:19.75,0:14:24.43,Default,,0000,0000,0000,,output can be used to kind of attest to
Dialogue: 0,0:14:21.67,0:14:27.04,Default,,0000,0000,0000,,or identify the input and so you can
Dialogue: 0,0:14:24.43,0:14:30.13,Default,,0000,0000,0000,,think of a hash as a short summary of a
Dialogue: 0,0:14:27.04,0:14:32.02,Default,,0000,0000,0000,,file for example in this directory of a
Dialogue: 0,0:14:30.13,0:14:34.78,Default,,0000,0000,0000,,bunch of files and I can compute the
Dialogue: 0,0:14:32.02,0:14:37.63,Default,,0000,0000,0000,,sha-1 sum of some file in this directory
Dialogue: 0,0:14:34.78,0:14:40.66,Default,,0000,0000,0000,,and this is the sha-1 algorithm applied
Dialogue: 0,0:14:37.63,0:14:41.77,Default,,0000,0000,0000,,to this readme MD file and what's
Dialogue: 0,0:14:40.66,0:14:43.81,Default,,0000,0000,0000,,interesting is that it is
Dialogue: 0,0:14:41.77,0:14:44.80,Default,,0000,0000,0000,,computationally hard or like impossible
Dialogue: 0,0:14:43.81,0:14:47.65,Default,,0000,0000,0000,,you can kind of think of it as
Dialogue: 0,0:14:44.80,0:14:50.23,Default,,0000,0000,0000,,impossible to find any other file so a
Dialogue: 0,0:14:47.65,0:14:52.87,Default,,0000,0000,0000,,different file that has the same hash
Dialogue: 0,0:14:50.23,0:14:55.03,Default,,0000,0000,0000,,output and one scenario in which this is
Dialogue: 0,0:14:52.87,0:14:56.09,Default,,0000,0000,0000,,useful is when you download files from
Dialogue: 0,0:14:55.03,0:14:59.22,Default,,0000,0000,0000,,the internet
Dialogue: 0,0:14:56.09,0:15:01.41,Default,,0000,0000,0000,,for example there are lots of Linux
Dialogue: 0,0:14:59.22,0:15:03.63,Default,,0000,0000,0000,,distributions that distribute large CD
Dialogue: 0,0:15:01.41,0:15:05.25,Default,,0000,0000,0000,,or DVD images from their website like I
Dialogue: 0,0:15:03.63,0:15:07.86,Default,,0000,0000,0000,,can go to Debian org and download the
Dialogue: 0,0:15:05.25,0:15:09.51,Default,,0000,0000,0000,,latest version of Debian the thing is
Dialogue: 0,0:15:07.86,0:15:10.95,Default,,0000,0000,0000,,that hosting those files can be
Dialogue: 0,0:15:09.51,0:15:12.42,Default,,0000,0000,0000,,expensive and so a lot of people are
Dialogue: 0,0:15:10.95,0:15:14.49,Default,,0000,0000,0000,,nice enough to host mirrors of these
Dialogue: 0,0:15:12.42,0:15:17.52,Default,,0000,0000,0000,,files so instead of downloading Debian
Dialogue: 0,0:15:14.49,0:15:20.31,Default,,0000,0000,0000,,from Debian org I can go to one of many
Dialogue: 0,0:15:17.52,0:15:21.75,Default,,0000,0000,0000,,other sites and download what are
Dialogue: 0,0:15:20.31,0:15:23.58,Default,,0000,0000,0000,,supposed to be the same files that are
Dialogue: 0,0:15:21.75,0:15:25.49,Default,,0000,0000,0000,,hosted at Debian org but how do I know
Dialogue: 0,0:15:23.58,0:15:28.92,Default,,0000,0000,0000,,that I actually got the correct file
Dialogue: 0,0:15:25.49,0:15:30.78,Default,,0000,0000,0000,,like what if I set up a malicious mirror
Dialogue: 0,0:15:28.92,0:15:33.18,Default,,0000,0000,0000,,and you go to like Anisha is evil Debian
Dialogue: 0,0:15:30.78,0:15:35.19,Default,,0000,0000,0000,,website calm and then try to download
Dialogue: 0,0:15:33.18,0:15:37.29,Default,,0000,0000,0000,,Debian turns out that your Linux
Dialogue: 0,0:15:35.19,0:15:38.88,Default,,0000,0000,0000,,installation is backdoored well one
Dialogue: 0,0:15:37.29,0:15:40.62,Default,,0000,0000,0000,,thing you could do is download a copy
Dialogue: 0,0:15:38.88,0:15:42.06,Default,,0000,0000,0000,,from the original double-unit website
Dialogue: 0,0:15:40.62,0:15:43.44,Default,,0000,0000,0000,,and then download my version and compare
Dialogue: 0,0:15:42.06,0:15:44.55,Default,,0000,0000,0000,,them but that kind of defeats the
Dialogue: 0,0:15:43.44,0:15:46.11,Default,,0000,0000,0000,,purpose right because we want to avoid
Dialogue: 0,0:15:44.55,0:15:47.58,Default,,0000,0000,0000,,downloading things from Debian org
Dialogue: 0,0:15:46.11,0:15:49.08,Default,,0000,0000,0000,,because hosting these files is expensive
Dialogue: 0,0:15:47.58,0:15:50.49,Default,,0000,0000,0000,,and we want all these different people
Dialogue: 0,0:15:49.08,0:15:53.66,Default,,0000,0000,0000,,to be able to mirror copies of the files
Dialogue: 0,0:15:50.49,0:15:55.77,Default,,0000,0000,0000,,elsewhere so does anybody see how
Dialogue: 0,0:15:53.66,0:15:57.63,Default,,0000,0000,0000,,cryptographic hash functions could be
Dialogue: 0,0:15:55.77,0:15:59.19,Default,,0000,0000,0000,,useful to solve this problem that I want
Dialogue: 0,0:15:57.63,0:16:02.97,Default,,0000,0000,0000,,to download a file from an untrusted
Dialogue: 0,0:15:59.19,0:16:04.95,Default,,0000,0000,0000,,source but and not from like the trusted
Dialogue: 0,0:16:02.97,0:16:06.21,Default,,0000,0000,0000,,source itself but maybe I can get some
Dialogue: 0,0:16:04.95,0:16:07.92,Default,,0000,0000,0000,,small piece of information from this
Dialogue: 0,0:16:06.21,0:16:09.66,Default,,0000,0000,0000,,trusted source in order to know whether
Dialogue: 0,0:16:07.92,0:16:11.46,Default,,0000,0000,0000,,the file I downloaded from the untrusted
Dialogue: 0,0:16:09.66,0:16:18.06,Default,,0000,0000,0000,,source is the thing I was supposed to
Dialogue: 0,0:16:11.46,0:16:19.20,Default,,0000,0000,0000,,get yes like it's basically just a
Dialogue: 0,0:16:18.06,0:16:20.61,Default,,0000,0000,0000,,straightforward application of
Dialogue: 0,0:16:19.20,0:16:22.98,Default,,0000,0000,0000,,cryptographic hash functions
Dialogue: 0,0:16:20.61,0:16:25.62,Default,,0000,0000,0000,,so what Debian org can do is they can
Dialogue: 0,0:16:22.98,0:16:27.87,Default,,0000,0000,0000,,produce their kind of correct ISO file
Dialogue: 0,0:16:25.62,0:16:29.73,Default,,0000,0000,0000,,or whatever they want and instead of
Dialogue: 0,0:16:27.87,0:16:32.55,Default,,0000,0000,0000,,publishing the file itself on their
Dialogue: 0,0:16:29.73,0:16:35.19,Default,,0000,0000,0000,,website they can publish a hash of that
Dialogue: 0,0:16:32.55,0:16:37.14,Default,,0000,0000,0000,,file so compared to the file itself
Dialogue: 0,0:16:35.19,0:16:39.39,Default,,0000,0000,0000,,which may be many gigabytes this is only
Dialogue: 0,0:16:37.14,0:16:41.19,Default,,0000,0000,0000,,like in this particular case 160 bits of
Dialogue: 0,0:16:39.39,0:16:43.62,Default,,0000,0000,0000,,data right so very cheap to host and
Dialogue: 0,0:16:41.19,0:16:46.26,Default,,0000,0000,0000,,then what I can do is a user is I can
Dialogue: 0,0:16:43.62,0:16:48.09,Default,,0000,0000,0000,,download that file from any random
Dialogue: 0,0:16:46.26,0:16:50.46,Default,,0000,0000,0000,,website it could be an untrusted website
Dialogue: 0,0:16:48.09,0:16:53.78,Default,,0000,0000,0000,,and after I download I just double check
Dialogue: 0,0:16:50.46,0:16:56.04,Default,,0000,0000,0000,,the sha-1 hash and if the hash matches
Dialogue: 0,0:16:53.78,0:16:57.33,Default,,0000,0000,0000,,then I know that I have the right file
Dialogue: 0,0:16:56.04,0:17:00.30,Default,,0000,0000,0000,,because it's computationally infeasible
Dialogue: 0,0:16:57.33,0:17:01.98,Default,,0000,0000,0000,,for somebody to give me some different
Dialogue: 0,0:17:00.30,0:17:04.26,Default,,0000,0000,0000,,file that happens to have the same hash
Dialogue: 0,0:17:01.98,0:17:07.23,Default,,0000,0000,0000,,because hash functions are collision
Dialogue: 0,0:17:04.26,0:17:10.13,Default,,0000,0000,0000,,resistant so any questions about that
Dialogue: 0,0:17:07.23,0:17:10.13,Default,,0000,0000,0000,,application yeah
Dialogue: 0,0:17:18.17,0:17:22.35,Default,,0000,0000,0000,,yeah so that's a good question like why
Dialogue: 0,0:17:20.49,0:17:24.12,Default,,0000,0000,0000,,do you need different people to host the
Dialogue: 0,0:17:22.35,0:17:26.10,Default,,0000,0000,0000,,information like wouldn't it be equally
Dialogue: 0,0:17:24.12,0:17:27.00,Default,,0000,0000,0000,,expensive for everybody so the answer is
Dialogue: 0,0:17:26.10,0:17:29.01,Default,,0000,0000,0000,,that question is a little bit
Dialogue: 0,0:17:27.00,0:17:30.84,Default,,0000,0000,0000,,complicated but like here's that here's
Dialogue: 0,0:17:29.01,0:17:32.97,Default,,0000,0000,0000,,a partial answer one thing is that
Dialogue: 0,0:17:30.84,0:17:34.50,Default,,0000,0000,0000,,downloading files from a server is
Dialogue: 0,0:17:32.97,0:17:36.36,Default,,0000,0000,0000,,affected by how far away the server is
Dialogue: 0,0:17:34.50,0:17:38.73,Default,,0000,0000,0000,,from you so for example if the servers
Dialogue: 0,0:17:36.36,0:17:40.83,Default,,0000,0000,0000,,in Massachusetts and you're in say China
Dialogue: 0,0:17:38.73,0:17:42.03,Default,,0000,0000,0000,,like you have to kind of make a big
Dialogue: 0,0:17:40.83,0:17:43.83,Default,,0000,0000,0000,,round trip across the internet and that
Dialogue: 0,0:17:42.03,0:17:46.20,Default,,0000,0000,0000,,may be expensive for a number of reasons
Dialogue: 0,0:17:43.83,0:17:47.70,Default,,0000,0000,0000,,like the latency is high and the traffic
Dialogue: 0,0:17:46.20,0:17:48.99,Default,,0000,0000,0000,,traffic needs to go through kind of lots
Dialogue: 0,0:17:47.70,0:17:50.61,Default,,0000,0000,0000,,of different wires to make its way all
Dialogue: 0,0:17:48.99,0:17:52.68,Default,,0000,0000,0000,,the way to where you are and so one
Dialogue: 0,0:17:50.61,0:17:54.18,Default,,0000,0000,0000,,thing that these websites do is that
Dialogue: 0,0:17:52.68,0:17:55.71,Default,,0000,0000,0000,,they distribute their content to servers
Dialogue: 0,0:17:54.18,0:17:57.06,Default,,0000,0000,0000,,that are all over the world and then as
Dialogue: 0,0:17:55.71,0:17:58.50,Default,,0000,0000,0000,,a user you download from the server
Dialogue: 0,0:17:57.06,0:18:00.96,Default,,0000,0000,0000,,that's closest to you like for example
Dialogue: 0,0:17:58.50,0:18:02.49,Default,,0000,0000,0000,,mit maintains a Debian package
Dialogue: 0,0:18:00.96,0:18:04.56,Default,,0000,0000,0000,,repository and like kind of mirrors all
Dialogue: 0,0:18:02.49,0:18:07.23,Default,,0000,0000,0000,,the Debbie and stuff so if you're a
Dialogue: 0,0:18:04.56,0:18:10.26,Default,,0000,0000,0000,,Debian user at MIT you can use the MIT
Dialogue: 0,0:18:07.23,0:18:12.06,Default,,0000,0000,0000,,copy of everything and then you can kind
Dialogue: 0,0:18:10.26,0:18:14.10,Default,,0000,0000,0000,,of access it over our fast local network
Dialogue: 0,0:18:12.06,0:18:15.69,Default,,0000,0000,0000,,and that traffic never needs to go to
Dialogue: 0,0:18:14.10,0:18:18.75,Default,,0000,0000,0000,,the outside Internet at all so it's very
Dialogue: 0,0:18:15.69,0:18:23.13,Default,,0000,0000,0000,,fast that's a good question any other
Dialogue: 0,0:18:18.75,0:18:24.18,Default,,0000,0000,0000,,questions ok and then one final kind of
Dialogue: 0,0:18:23.13,0:18:25.53,Default,,0000,0000,0000,,interesting application of hash
Dialogue: 0,0:18:24.18,0:18:28.65,Default,,0000,0000,0000,,functions is something called a
Dialogue: 0,0:18:25.53,0:18:30.12,Default,,0000,0000,0000,,commitment scheme so I want to play a
Dialogue: 0,0:18:28.65,0:18:31.59,Default,,0000,0000,0000,,game and I need a volunteer for this so
Dialogue: 0,0:18:30.12,0:18:32.85,Default,,0000,0000,0000,,you don't actually need to get up from
Dialogue: 0,0:18:31.59,0:18:34.83,Default,,0000,0000,0000,,your seat or anything I was need you to
Dialogue: 0,0:18:32.85,0:18:36.45,Default,,0000,0000,0000,,talk with me so any volunteers raise
Dialogue: 0,0:18:34.83,0:18:37.73,Default,,0000,0000,0000,,your hand yeah okay yeah what's your
Dialogue: 0,0:18:36.45,0:18:40.65,Default,,0000,0000,0000,,name
Dialogue: 0,0:18:37.73,0:18:42.36,Default,,0000,0000,0000,,Abdul Aziz okay great so Abdul Aziz
Dialogue: 0,0:18:40.65,0:18:44.25,Default,,0000,0000,0000,,we're going to play a game we're going
Dialogue: 0,0:18:42.36,0:18:46.14,Default,,0000,0000,0000,,to play a game where I'm going to flip a
Dialogue: 0,0:18:44.25,0:18:48.18,Default,,0000,0000,0000,,coin and then you're gonna call heads or
Dialogue: 0,0:18:46.14,0:18:49.86,Default,,0000,0000,0000,,tails and if you call it right you win
Dialogue: 0,0:18:48.18,0:18:52.14,Default,,0000,0000,0000,,and if you call it wrong you lose and
Dialogue: 0,0:18:49.86,0:18:56.22,Default,,0000,0000,0000,,there are no stakes for this game but
Dialogue: 0,0:18:52.14,0:18:57.66,Default,,0000,0000,0000,,just the pride of winning so sadly I
Dialogue: 0,0:18:56.22,0:18:58.95,Default,,0000,0000,0000,,checked my wallet and all I have is
Dialogue: 0,0:18:57.66,0:19:00.57,Default,,0000,0000,0000,,dollar bills I don't have any coins with
Dialogue: 0,0:18:58.95,0:19:02.19,Default,,0000,0000,0000,,me so instead I'm going to just flip the
Dialogue: 0,0:19:00.57,0:19:04.95,Default,,0000,0000,0000,,coin in my head all right
Dialogue: 0,0:19:02.19,0:19:07.74,Default,,0000,0000,0000,,so okay I flip the coin call heads or
Dialogue: 0,0:19:04.95,0:19:13.68,Default,,0000,0000,0000,,tails sorry you lost it was heads I
Dialogue: 0,0:19:07.74,0:19:15.42,Default,,0000,0000,0000,,don't I play again yeah I can cheat
Dialogue: 0,0:19:13.68,0:19:17.28,Default,,0000,0000,0000,,right I can just see what you say and
Dialogue: 0,0:19:15.42,0:19:19.95,Default,,0000,0000,0000,,say the opposite thing so let's try
Dialogue: 0,0:19:17.28,0:19:22.26,Default,,0000,0000,0000,,fixing this game how about you call
Dialogue: 0,0:19:19.95,0:19:26.25,Default,,0000,0000,0000,,heads or tails after I say what the
Dialogue: 0,0:19:22.26,0:19:27.51,Default,,0000,0000,0000,,flip result was okay yeah so if I say oh
Dialogue: 0,0:19:26.25,0:19:35.22,Default,,0000,0000,0000,,the result is tails what are you gonna
Dialogue: 0,0:19:27.51,0:19:39.03,Default,,0000,0000,0000,,say are you call tails yeah so is it
Dialogue: 0,0:19:35.22,0:19:40.89,Default,,0000,0000,0000,,possible to play this guess what guess
Dialogue: 0,0:19:39.03,0:19:43.02,Default,,0000,0000,0000,,what the coin flip result is game in a
Dialogue: 0,0:19:40.89,0:19:44.55,Default,,0000,0000,0000,,fair way without having a physical coin
Dialogue: 0,0:19:43.02,0:19:45.66,Default,,0000,0000,0000,,that we share like because I can't
Dialogue: 0,0:19:44.55,0:19:47.16,Default,,0000,0000,0000,,really manipulate your physical reality
Dialogue: 0,0:19:45.66,0:19:48.57,Default,,0000,0000,0000,,if I flip a coin in front of you
Dialogue: 0,0:19:47.16,0:19:50.82,Default,,0000,0000,0000,,probably trust that it's okay right
Dialogue: 0,0:19:48.57,0:19:51.99,Default,,0000,0000,0000,,so it turns out that hash functions give
Dialogue: 0,0:19:50.82,0:19:54.72,Default,,0000,0000,0000,,us a kind of cool way to solve this
Dialogue: 0,0:19:51.99,0:19:57.99,Default,,0000,0000,0000,,problem to through a idea called a
Dialogue: 0,0:19:54.72,0:19:59.37,Default,,0000,0000,0000,,commitment scheme so I can say they're
Dialogue: 0,0:19:57.99,0:20:02.67,Default,,0000,0000,0000,,like here's the construction of the
Dialogue: 0,0:19:59.37,0:20:05.25,Default,,0000,0000,0000,,solution I can pick heads or tails and
Dialogue: 0,0:20:02.67,0:20:09.39,Default,,0000,0000,0000,,I'm actually going to pick a big random
Dialogue: 0,0:20:05.25,0:20:14.37,Default,,0000,0000,0000,,number say like this number here and
Dialogue: 0,0:20:09.39,0:20:16.83,Default,,0000,0000,0000,,what I can do is compute the sha-1 sum
Dialogue: 0,0:20:14.37,0:20:17.91,Default,,0000,0000,0000,,of this number at this moment you
Dialogue: 0,0:20:16.83,0:20:19.98,Default,,0000,0000,0000,,haven't seen this number yet I'm just
Dialogue: 0,0:20:17.91,0:20:22.68,Default,,0000,0000,0000,,doing all this in my head and then what
Dialogue: 0,0:20:19.98,0:20:25.17,Default,,0000,0000,0000,,I do is I tell you okay I flipped a coin
Dialogue: 0,0:20:22.68,0:20:26.34,Default,,0000,0000,0000,,and I'm not going to tell you what the
Dialogue: 0,0:20:25.17,0:20:28.56,Default,,0000,0000,0000,,result is just yet because you haven't
Dialogue: 0,0:20:26.34,0:20:29.85,Default,,0000,0000,0000,,called heads or tails but I'll tell you
Dialogue: 0,0:20:28.56,0:20:31.77,Default,,0000,0000,0000,,what the shell wants some of the result
Dialogue: 0,0:20:29.85,0:20:34.23,Default,,0000,0000,0000,,is here you go and I tell you this value
Dialogue: 0,0:20:31.77,0:20:36.00,Default,,0000,0000,0000,,now after this you can call heads or
Dialogue: 0,0:20:34.23,0:20:38.31,Default,,0000,0000,0000,,tails so what do you say like say say
Dialogue: 0,0:20:36.00,0:20:40.08,Default,,0000,0000,0000,,heads afterwards what I can do is I can
Dialogue: 0,0:20:38.31,0:20:42.00,Default,,0000,0000,0000,,reveal to you what my input to this
Dialogue: 0,0:20:40.08,0:20:43.50,Default,,0000,0000,0000,,function was and then you can
Dialogue: 0,0:20:42.00,0:20:45.48,Default,,0000,0000,0000,,cross-check this right you can compute
Dialogue: 0,0:20:43.50,0:20:47.04,Default,,0000,0000,0000,,the sha-1 sum on the input to verify
Dialogue: 0,0:20:45.48,0:20:48.93,Default,,0000,0000,0000,,that the output is what I said it was
Dialogue: 0,0:20:47.04,0:20:50.76,Default,,0000,0000,0000,,earlier and then we can have some way of
Dialogue: 0,0:20:48.93,0:20:52.50,Default,,0000,0000,0000,,mapping these numbers to heads or tails
Dialogue: 0,0:20:50.76,0:20:54.36,Default,,0000,0000,0000,,so I might have agreed upon beforehand
Dialogue: 0,0:20:52.50,0:20:56.64,Default,,0000,0000,0000,,that even numbers are heads and odd
Dialogue: 0,0:20:54.36,0:20:58.08,Default,,0000,0000,0000,,numbers or tails and so this is a way of
Dialogue: 0,0:20:56.64,0:21:01.20,Default,,0000,0000,0000,,fixing that game so we can actually play
Dialogue: 0,0:20:58.08,0:21:03.60,Default,,0000,0000,0000,,this game in in our heads right I can
Dialogue: 0,0:21:01.20,0:21:05.97,Default,,0000,0000,0000,,pick a value but not reveal that value
Dialogue: 0,0:21:03.60,0:21:07.35,Default,,0000,0000,0000,,to you but I can commit to the value so
Dialogue: 0,0:21:05.97,0:21:09.39,Default,,0000,0000,0000,,this is a kind of binding commitment
Dialogue: 0,0:21:07.35,0:21:11.31,Default,,0000,0000,0000,,scheme that I can't change my mind after
Dialogue: 0,0:21:09.39,0:21:14.22,Default,,0000,0000,0000,,I've told you this but it doesn't reveal
Dialogue: 0,0:21:11.31,0:21:15.48,Default,,0000,0000,0000,,the original value to you and so this is
Dialogue: 0,0:21:14.22,0:21:17.52,Default,,0000,0000,0000,,one other neat application of
Dialogue: 0,0:21:15.48,0:21:18.33,Default,,0000,0000,0000,,cryptographic hash functions so any
Dialogue: 0,0:21:17.52,0:21:24.03,Default,,0000,0000,0000,,questions about this particular
Dialogue: 0,0:21:18.33,0:21:26.79,Default,,0000,0000,0000,,construction okay great so moving on to
Dialogue: 0,0:21:24.03,0:21:29.71,Default,,0000,0000,0000,,the next topic we're going to talk about
Dialogue: 0,0:21:26.79,0:21:35.37,Default,,0000,0000,0000,,key derivation functions
Dialogue: 0,0:21:29.71,0:21:35.37,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:21:38.65,0:21:46.85,Default,,0000,0000,0000,,often abbreviate it as KDF so this is a
Dialogue: 0,0:21:45.35,0:21:49.58,Default,,0000,0000,0000,,concept that's very similar to hash
Dialogue: 0,0:21:46.85,0:21:51.71,Default,,0000,0000,0000,,functions except it has kind of one
Dialogue: 0,0:21:49.58,0:21:54.74,Default,,0000,0000,0000,,extra property that it is slow to
Dialogue: 0,0:21:51.71,0:21:56.32,Default,,0000,0000,0000,,compute for example there's a hash
Dialogue: 0,0:21:54.74,0:22:08.24,Default,,0000,0000,0000,,function of key derivation function
Dialogue: 0,0:21:56.32,0:22:12.11,Default,,0000,0000,0000,,known as P pbkdf2 pbkdf2 password-based
Dialogue: 0,0:22:08.24,0:22:14.18,Default,,0000,0000,0000,,key derivation function that has a kind
Dialogue: 0,0:22:12.11,0:22:15.41,Default,,0000,0000,0000,,of similar form as these hash functions
Dialogue: 0,0:22:14.18,0:22:16.85,Default,,0000,0000,0000,,we were talking about here that they
Dialogue: 0,0:22:15.41,0:22:18.38,Default,,0000,0000,0000,,take in some variable length input in
Dialogue: 0,0:22:16.85,0:22:19.28,Default,,0000,0000,0000,,pretty so fixed length output but
Dialogue: 0,0:22:18.38,0:22:20.45,Default,,0000,0000,0000,,they're meant to be used for one
Dialogue: 0,0:22:19.28,0:22:22.37,Default,,0000,0000,0000,,particular purpose
Dialogue: 0,0:22:20.45,0:22:24.74,Default,,0000,0000,0000,,the purpose is generally to use the
Dialogue: 0,0:22:22.37,0:22:26.51,Default,,0000,0000,0000,,fixed length output as a key in another
Dialogue: 0,0:22:24.74,0:22:28.34,Default,,0000,0000,0000,,cryptographic algorithm and we'll talk
Dialogue: 0,0:22:26.51,0:22:31.31,Default,,0000,0000,0000,,about those algorithms like what use the
Dialogue: 0,0:22:28.34,0:22:32.90,Default,,0000,0000,0000,,output of this thing for in a moment but
Dialogue: 0,0:22:31.31,0:22:36.38,Default,,0000,0000,0000,,a one property of these things is that
Dialogue: 0,0:22:32.90,0:22:39.41,Default,,0000,0000,0000,,they're slow does anybody have any idea
Dialogue: 0,0:22:36.38,0:22:40.70,Default,,0000,0000,0000,,why you'd want an algorithm to be slow
Dialogue: 0,0:22:39.41,0:22:42.92,Default,,0000,0000,0000,,like normally we want algorithms to be
Dialogue: 0,0:22:40.70,0:22:46.00,Default,,0000,0000,0000,,fast right so why would we want an
Dialogue: 0,0:22:42.92,0:22:46.00,Default,,0000,0000,0000,,algorithm to be slow yes
Dialogue: 0,0:22:54.43,0:22:59.63,Default,,0000,0000,0000,,yeah that's exactly it so I'll repeat so
Dialogue: 0,0:22:57.86,0:23:01.94,Default,,0000,0000,0000,,it goes into the microphone the reason
Dialogue: 0,0:22:59.63,0:23:04.13,Default,,0000,0000,0000,,you want these to be slow is when you're
Dialogue: 0,0:23:01.94,0:23:05.84,Default,,0000,0000,0000,,actually using it for something like
Dialogue: 0,0:23:04.13,0:23:07.52,Default,,0000,0000,0000,,password authentication where you have
Dialogue: 0,0:23:05.84,0:23:08.81,Default,,0000,0000,0000,,the hash of a password saved and then
Dialogue: 0,0:23:07.52,0:23:10.10,Default,,0000,0000,0000,,somebody inputs the password you want to
Dialogue: 0,0:23:08.81,0:23:12.44,Default,,0000,0000,0000,,know if that corresponds to the hash
Dialogue: 0,0:23:10.10,0:23:14.51,Default,,0000,0000,0000,,it's ok if it's slow because you're only
Dialogue: 0,0:23:12.44,0:23:15.68,Default,,0000,0000,0000,,doing this check kind of once but the
Dialogue: 0,0:23:14.51,0:23:17.09,Default,,0000,0000,0000,,other scenario in which you're going to
Dialogue: 0,0:23:15.68,0:23:18.50,Default,,0000,0000,0000,,be using this function is when
Dialogue: 0,0:23:17.09,0:23:20.54,Default,,0000,0000,0000,,somebody's trying to brute-force a
Dialogue: 0,0:23:18.50,0:23:22.43,Default,,0000,0000,0000,,password say a website has their
Dialogue: 0,0:23:20.54,0:23:23.36,Default,,0000,0000,0000,,password database stolen and somebody's
Dialogue: 0,0:23:22.43,0:23:25.43,Default,,0000,0000,0000,,going through all the accounts I'm
Dialogue: 0,0:23:23.36,0:23:27.53,Default,,0000,0000,0000,,trying to break all the passwords well
Dialogue: 0,0:23:25.43,0:23:28.61,Default,,0000,0000,0000,,in that case you want this to be slow
Dialogue: 0,0:23:27.53,0:23:29.99,Default,,0000,0000,0000,,because someone's gonna be doing this
Dialogue: 0,0:23:28.61,0:23:31.64,Default,,0000,0000,0000,,like millions and millions of times and
Dialogue: 0,0:23:29.99,0:23:33.26,Default,,0000,0000,0000,,you can slow down the attacker a lot by
Dialogue: 0,0:23:31.64,0:23:35.03,Default,,0000,0000,0000,,making this function slow and so it's
Dialogue: 0,0:23:33.26,0:23:36.50,Default,,0000,0000,0000,,fine if this takes you like one second
Dialogue: 0,0:23:35.03,0:23:38.75,Default,,0000,0000,0000,,upon logging in to compute this function
Dialogue: 0,0:23:36.50,0:23:40.10,Default,,0000,0000,0000,,but when your brute forcing it we don't
Dialogue: 0,0:23:38.75,0:23:41.96,Default,,0000,0000,0000,,go to a thousand guesses a second like
Dialogue: 0,0:23:40.10,0:23:46.22,Default,,0000,0000,0000,,in that xkcd comic we can slow it down a
Dialogue: 0,0:23:41.96,0:23:47.86,Default,,0000,0000,0000,,little bit so what is the output of key
Dialogue: 0,0:23:46.22,0:23:50.06,Default,,0000,0000,0000,,derivation functions actually used for
Dialogue: 0,0:23:47.86,0:23:52.49,Default,,0000,0000,0000,,well the next topic we're going to talk
Dialogue: 0,0:23:50.06,0:23:53.57,Default,,0000,0000,0000,,about probably like one of the most
Dialogue: 0,0:23:52.49,0:23:55.43,Default,,0000,0000,0000,,classic things when you think about
Dialogue: 0,0:23:53.57,0:24:00.47,Default,,0000,0000,0000,,cryptography is encryption and
Dialogue: 0,0:23:55.43,0:24:17.30,Default,,0000,0000,0000,,decryption the next topic is symmetric
Dialogue: 0,0:24:00.47,0:24:18.41,Default,,0000,0000,0000,,key cryptography and like the rest of
Dialogue: 0,0:24:17.30,0:24:19.70,Default,,0000,0000,0000,,this lecture we're not going to talk
Dialogue: 0,0:24:18.41,0:24:21.47,Default,,0000,0000,0000,,about how you implement these we're
Dialogue: 0,0:24:19.70,0:24:23.90,Default,,0000,0000,0000,,going to talk about the API for a
Dialogue: 0,0:24:21.47,0:24:24.74,Default,,0000,0000,0000,,symmetric key symmetric key crypto like
Dialogue: 0,0:24:23.90,0:24:28.07,Default,,0000,0000,0000,,how it's used
Dialogue: 0,0:24:24.74,0:24:30.53,Default,,0000,0000,0000,,so symmetric key cryptosystems have a
Dialogue: 0,0:24:28.07,0:24:32.93,Default,,0000,0000,0000,,couple different functions they have a
Dialogue: 0,0:24:30.53,0:24:35.24,Default,,0000,0000,0000,,key generation function which is a
Dialogue: 0,0:24:32.93,0:24:38.57,Default,,0000,0000,0000,,randomized function that produces a
Dialogue: 0,0:24:35.24,0:24:42.82,Default,,0000,0000,0000,,thing we call the key and then they have
Dialogue: 0,0:24:38.57,0:24:42.82,Default,,0000,0000,0000,,a pair of functions encrypt and decrypt
Dialogue: 0,0:24:45.79,0:24:52.94,Default,,0000,0000,0000,,and encrypt take as input something we
Dialogue: 0,0:24:49.13,0:24:54.62,Default,,0000,0000,0000,,refer to as the plaintext and this is
Dialogue: 0,0:24:52.94,0:24:57.71,Default,,0000,0000,0000,,just some sequence of bytes some data
Dialogue: 0,0:24:54.62,0:24:59.42,Default,,0000,0000,0000,,and it takes in a key so something that
Dialogue: 0,0:24:57.71,0:25:03.19,Default,,0000,0000,0000,,came as an output of this key generation
Dialogue: 0,0:24:59.42,0:25:03.19,Default,,0000,0000,0000,,function and produces
Dialogue: 0,0:25:04.14,0:25:08.73,Default,,0000,0000,0000,,what we call the ciphertext and then
Dialogue: 0,0:25:06.75,0:25:14.76,Default,,0000,0000,0000,,decrypt does the opposite of this so it
Dialogue: 0,0:25:08.73,0:25:23.13,Default,,0000,0000,0000,,takes the ciphertext along with the key
Dialogue: 0,0:25:14.76,0:25:24.93,Default,,0000,0000,0000,,and produces the plaintext and this
Dialogue: 0,0:25:23.13,0:25:29.43,Default,,0000,0000,0000,,triple of functions has a couple
Dialogue: 0,0:25:24.93,0:25:31.59,Default,,0000,0000,0000,,properties one is that like one one team
Dialogue: 0,0:25:29.43,0:25:33.45,Default,,0000,0000,0000,,you might expect is that this thing
Dialogue: 0,0:25:31.59,0:25:36.29,Default,,0000,0000,0000,,doesn't really tell you all that much
Dialogue: 0,0:25:33.45,0:25:44.70,Default,,0000,0000,0000,,about this input to the encryption so
Dialogue: 0,0:25:36.29,0:25:46.56,Default,,0000,0000,0000,,property number one is given the
Dialogue: 0,0:25:44.70,0:26:02.28,Default,,0000,0000,0000,,ciphertext you can't figure out the
Dialogue: 0,0:25:46.56,0:26:03.30,Default,,0000,0000,0000,,plaintext without the key and the other
Dialogue: 0,0:26:02.28,0:26:12.21,Default,,0000,0000,0000,,property is kind of the obvious
Dialogue: 0,0:26:03.30,0:26:14.46,Default,,0000,0000,0000,,correctness property that if you take
Dialogue: 0,0:26:12.21,0:26:16.71,Default,,0000,0000,0000,,something and you encrypt it some
Dialogue: 0,0:26:14.46,0:26:19.56,Default,,0000,0000,0000,,message M with a key K and then you
Dialogue: 0,0:26:16.71,0:26:24.47,Default,,0000,0000,0000,,decrypt that ciphertext using the same
Dialogue: 0,0:26:19.56,0:26:24.47,Default,,0000,0000,0000,,key that gives you back the same message
Dialogue: 0,0:26:24.50,0:26:30.36,Default,,0000,0000,0000,,this is the kind of obvious correctness
Dialogue: 0,0:26:27.09,0:26:32.28,Default,,0000,0000,0000,,property so does this description make
Dialogue: 0,0:26:30.36,0:26:33.99,Default,,0000,0000,0000,,sense does it fit your kind of intuitive
Dialogue: 0,0:26:32.28,0:26:36.00,Default,,0000,0000,0000,,understanding of taking some piece of
Dialogue: 0,0:26:33.99,0:26:37.68,Default,,0000,0000,0000,,data and obscuring it so you can't
Dialogue: 0,0:26:36.00,0:26:40.02,Default,,0000,0000,0000,,really tell anything about the original
Dialogue: 0,0:26:37.68,0:26:42.51,Default,,0000,0000,0000,,input but then taking that obscured
Dialogue: 0,0:26:40.02,0:26:44.76,Default,,0000,0000,0000,,result and then passing it there's some
Dialogue: 0,0:26:42.51,0:26:50.19,Default,,0000,0000,0000,,decryption function given that key to
Dialogue: 0,0:26:44.76,0:26:51.99,Default,,0000,0000,0000,,retrieve the original input and this
Dialogue: 0,0:26:50.19,0:26:53.13,Default,,0000,0000,0000,,this isn't really a rigorous definition
Dialogue: 0,0:26:51.99,0:26:55.44,Default,,0000,0000,0000,,of what it means for something to be
Dialogue: 0,0:26:53.13,0:27:01.80,Default,,0000,0000,0000,,secure but it's a good enough intuitive
Dialogue: 0,0:26:55.44,0:27:03.18,Default,,0000,0000,0000,,definition that we can work with it so
Dialogue: 0,0:27:01.80,0:27:08.22,Default,,0000,0000,0000,,any questions about that description
Dialogue: 0,0:27:03.18,0:27:09.78,Default,,0000,0000,0000,,there so where can key cryptography be
Dialogue: 0,0:27:08.22,0:27:11.61,Default,,0000,0000,0000,,useful we'll talk about a whole bunch of
Dialogue: 0,0:27:09.78,0:27:13.11,Default,,0000,0000,0000,,examples later in this lecture but one
Dialogue: 0,0:27:11.61,0:27:15.15,Default,,0000,0000,0000,,example we'll talk about right now is
Dialogue: 0,0:27:13.11,0:27:16.72,Default,,0000,0000,0000,,encrypting files for storage and
Dialogue: 0,0:27:15.15,0:27:20.45,Default,,0000,0000,0000,,untrusted cloud service
Dialogue: 0,0:27:16.72,0:27:23.54,Default,,0000,0000,0000,,so consider say something like Dropbox
Dialogue: 0,0:27:20.45,0:27:25.61,Default,,0000,0000,0000,,or Google Drive or things like that when
Dialogue: 0,0:27:23.54,0:27:27.65,Default,,0000,0000,0000,,you upload files there you're trusting
Dialogue: 0,0:27:25.61,0:27:30.20,Default,,0000,0000,0000,,the service to not look at your files or
Dialogue: 0,0:27:27.65,0:27:32.27,Default,,0000,0000,0000,,do anything malicious with them these
Dialogue: 0,0:27:30.20,0:27:34.13,Default,,0000,0000,0000,,services like at least the ones I named
Dialogue: 0,0:27:32.27,0:27:36.38,Default,,0000,0000,0000,,are not intend encrypted or anything
Dialogue: 0,0:27:34.13,0:27:38.12,Default,,0000,0000,0000,,like that like in theory any employee
Dialogue: 0,0:27:36.38,0:27:39.92,Default,,0000,0000,0000,,those companies could look at your files
Dialogue: 0,0:27:38.12,0:27:41.54,Default,,0000,0000,0000,,now of course these companies have lots
Dialogue: 0,0:27:39.92,0:27:43.22,Default,,0000,0000,0000,,of policies and technical controls in
Dialogue: 0,0:27:41.54,0:27:45.23,Default,,0000,0000,0000,,place for making sure that that sort of
Dialogue: 0,0:27:43.22,0:27:46.40,Default,,0000,0000,0000,,thing doesn't happen but that doesn't
Dialogue: 0,0:27:45.23,0:27:48.71,Default,,0000,0000,0000,,mean that it's not technically possible
Dialogue: 0,0:27:46.40,0:27:50.12,Default,,0000,0000,0000,,and so one thing you might want to do if
Dialogue: 0,0:27:48.71,0:27:52.64,Default,,0000,0000,0000,,you don't want to trust these cloud
Dialogue: 0,0:27:50.12,0:27:53.90,Default,,0000,0000,0000,,services to not peek at your data not do
Dialogue: 0,0:27:52.64,0:27:55.34,Default,,0000,0000,0000,,like machine learning over them or do
Dialogue: 0,0:27:53.90,0:27:57.26,Default,,0000,0000,0000,,other sorts of things that you wouldn't
Dialogue: 0,0:27:55.34,0:27:59.36,Default,,0000,0000,0000,,really want is you can just take your
Dialogue: 0,0:27:57.26,0:28:04.40,Default,,0000,0000,0000,,files and encrypt them before uploading
Dialogue: 0,0:27:59.36,0:28:05.78,Default,,0000,0000,0000,,them to these these web services so does
Dialogue: 0,0:28:04.40,0:28:07.04,Default,,0000,0000,0000,,that idea make sense that I can take my
Dialogue: 0,0:28:05.78,0:28:08.84,Default,,0000,0000,0000,,file like Center pictures or whatever
Dialogue: 0,0:28:07.04,0:28:10.04,Default,,0000,0000,0000,,pass it through an encryption function
Dialogue: 0,0:28:08.84,0:28:11.27,Default,,0000,0000,0000,,and peruse the cipher text and then
Dialogue: 0,0:28:10.04,0:28:13.19,Default,,0000,0000,0000,,place that cipher text on the web
Dialogue: 0,0:28:11.27,0:28:14.78,Default,,0000,0000,0000,,service safe for backup purposes or
Dialogue: 0,0:28:13.19,0:28:17.39,Default,,0000,0000,0000,,whatever and if I ever need that I can
Dialogue: 0,0:28:14.78,0:28:18.98,Default,,0000,0000,0000,,retrieve the cipher text then use my key
Dialogue: 0,0:28:17.39,0:28:20.27,Default,,0000,0000,0000,,to decrypt it back into the plaintext
Dialogue: 0,0:28:18.98,0:28:22.19,Default,,0000,0000,0000,,and they can use a result for doing
Dialogue: 0,0:28:20.27,0:28:29.03,Default,,0000,0000,0000,,whatever I need to do does that make
Dialogue: 0,0:28:22.19,0:28:30.35,Default,,0000,0000,0000,,sense yeah yeah so that's that's a good
Dialogue: 0,0:28:29.03,0:28:31.67,Default,,0000,0000,0000,,question the question is couldn't
Dialogue: 0,0:28:30.35,0:28:34.88,Default,,0000,0000,0000,,anybody else run it through the same
Dialogue: 0,0:28:31.67,0:28:36.11,Default,,0000,0000,0000,,encryption program one detail maybe I
Dialogue: 0,0:28:34.88,0:28:38.42,Default,,0000,0000,0000,,should have explained in a little bit
Dialogue: 0,0:28:36.11,0:28:46.40,Default,,0000,0000,0000,,more detail is this key generation
Dialogue: 0,0:28:38.42,0:28:48.14,Default,,0000,0000,0000,,function is randomized and this key has
Dialogue: 0,0:28:46.40,0:28:50.54,Default,,0000,0000,0000,,high entropy so going back to that topic
Dialogue: 0,0:28:48.14,0:28:55.13,Default,,0000,0000,0000,,we talked about earlier so like an
Dialogue: 0,0:28:50.54,0:28:58.25,Default,,0000,0000,0000,,example is we might have aes 256 this is
Dialogue: 0,0:28:55.13,0:29:01.28,Default,,0000,0000,0000,,one particular symmetric cipher and this
Dialogue: 0,0:28:58.25,0:29:03.59,Default,,0000,0000,0000,,as the name might indicate has 256 bits
Dialogue: 0,0:29:01.28,0:29:05.57,Default,,0000,0000,0000,,of entropy in the key and so that means
Dialogue: 0,0:29:03.59,0:29:07.19,Default,,0000,0000,0000,,that as long as the attacker like
Dialogue: 0,0:29:05.57,0:29:08.96,Default,,0000,0000,0000,,whoever downloads the cipher text from
Dialogue: 0,0:29:07.19,0:29:10.79,Default,,0000,0000,0000,,the web service doesn't know your key
Dialogue: 0,0:29:08.96,0:29:11.21,Default,,0000,0000,0000,,unless they have some better attack in
Dialogue: 0,0:29:10.79,0:29:13.22,Default,,0000,0000,0000,,place
Dialogue: 0,0:29:11.21,0:29:14.63,Default,,0000,0000,0000,,they'll have to try all the different
Dialogue: 0,0:29:13.22,0:29:16.94,Default,,0000,0000,0000,,possible keys and if they're two to the
Dialogue: 0,0:29:14.63,0:29:19.64,Default,,0000,0000,0000,,256 keys that's too many keys to try in
Dialogue: 0,0:29:16.94,0:29:21.29,Default,,0000,0000,0000,,a reasonable amount of time does that
Dialogue: 0,0:29:19.64,0:29:26.11,Default,,0000,0000,0000,,answer the question okay any other
Dialogue: 0,0:29:21.29,0:29:26.11,Default,,0000,0000,0000,,questions yeah
Dialogue: 0,0:29:35.01,0:29:38.68,Default,,0000,0000,0000,,that's an excellent question and that
Dialogue: 0,0:29:37.09,0:29:40.12,Default,,0000,0000,0000,,leads into what I was going to talk
Dialogue: 0,0:29:38.68,0:29:43.51,Default,,0000,0000,0000,,about next so thanks for that question
Dialogue: 0,0:29:40.12,0:29:45.10,Default,,0000,0000,0000,,so as you point out like if I lose my
Dialogue: 0,0:29:43.51,0:29:46.66,Default,,0000,0000,0000,,key I'm kind of stuck right
Dialogue: 0,0:29:45.10,0:29:47.95,Default,,0000,0000,0000,,I need my key to decrypt that's kind of
Dialogue: 0,0:29:46.66,0:29:49.27,Default,,0000,0000,0000,,the point of this thing like if I didn't
Dialogue: 0,0:29:47.95,0:29:50.59,Default,,0000,0000,0000,,need my key to decrypt then this
Dialogue: 0,0:29:49.27,0:29:53.14,Default,,0000,0000,0000,,wouldn't be a very good crypto system
Dialogue: 0,0:29:50.59,0:29:54.91,Default,,0000,0000,0000,,and so I can combine this idea of
Dialogue: 0,0:29:53.14,0:29:56.20,Default,,0000,0000,0000,,symmetric key cryptography with the
Dialogue: 0,0:29:54.91,0:29:58.36,Default,,0000,0000,0000,,topic we just talked about key
Dialogue: 0,0:29:56.20,0:30:00.04,Default,,0000,0000,0000,,derivation functions so instead of
Dialogue: 0,0:29:58.36,0:30:01.24,Default,,0000,0000,0000,,having some key that's randomly
Dialogue: 0,0:30:00.04,0:30:03.46,Default,,0000,0000,0000,,generated with my key generation
Dialogue: 0,0:30:01.24,0:30:04.24,Default,,0000,0000,0000,,function say sampling entropy from
Dialogue: 0,0:30:03.46,0:30:11.29,Default,,0000,0000,0000,,somewhere on my machine
Dialogue: 0,0:30:04.24,0:30:13.42,Default,,0000,0000,0000,,I can have a passphrase and pass it
Dialogue: 0,0:30:11.29,0:30:17.68,Default,,0000,0000,0000,,through my key derivation function box
Dialogue: 0,0:30:13.42,0:30:23.26,Default,,0000,0000,0000,,and this gives me my key and then I can
Dialogue: 0,0:30:17.68,0:30:29.26,Default,,0000,0000,0000,,take my plaintext and combine it with my
Dialogue: 0,0:30:23.26,0:30:35.26,Default,,0000,0000,0000,,key in my encrypt function and this
Dialogue: 0,0:30:29.26,0:30:37.36,Default,,0000,0000,0000,,produces my ciphertext and I store this
Dialogue: 0,0:30:35.26,0:30:39.46,Default,,0000,0000,0000,,cipher text on the web service but now I
Dialogue: 0,0:30:37.36,0:30:41.61,Default,,0000,0000,0000,,don't need to save this key instead I
Dialogue: 0,0:30:39.46,0:30:43.84,Default,,0000,0000,0000,,can just remember in my pass phrase and
Dialogue: 0,0:30:41.61,0:30:45.36,Default,,0000,0000,0000,,whenever I need my key I can reconstruct
Dialogue: 0,0:30:43.84,0:30:48.36,Default,,0000,0000,0000,,it from the key derivation function
Dialogue: 0,0:30:45.36,0:30:48.36,Default,,0000,0000,0000,,question
Dialogue: 0,0:30:56.68,0:30:59.93,Default,,0000,0000,0000,,yeah so that's a good question the
Dialogue: 0,0:30:58.70,0:31:02.39,Default,,0000,0000,0000,,question is is the key derivation
Dialogue: 0,0:30:59.93,0:31:05.00,Default,,0000,0000,0000,,function slow enough to prevent
Dialogue: 0,0:31:02.39,0:31:06.50,Default,,0000,0000,0000,,brute-force guessing and the answer is
Dialogue: 0,0:31:05.00,0:31:08.60,Default,,0000,0000,0000,,it depends on how long your passphrase
Dialogue: 0,0:31:06.50,0:31:11.06,Default,,0000,0000,0000,,is so for example if your passphrase is
Dialogue: 0,0:31:08.60,0:31:12.89,Default,,0000,0000,0000,,like the string password is probably
Dialogue: 0,0:31:11.06,0:31:14.36,Default,,0000,0000,0000,,gonna get broken very quickly but as
Dialogue: 0,0:31:12.89,0:31:16.46,Default,,0000,0000,0000,,long as there's enough entropy in your
Dialogue: 0,0:31:14.36,0:31:17.93,Default,,0000,0000,0000,,passphrase this is good enough so like
Dialogue: 0,0:31:16.46,0:31:19.37,Default,,0000,0000,0000,,if I was uploading something to Dropbox
Dialogue: 0,0:31:17.93,0:31:21.77,Default,,0000,0000,0000,,and I really want it to stay secret I
Dialogue: 0,0:31:19.37,0:31:23.54,Default,,0000,0000,0000,,think like a 64-bit passphrase really a
Dialogue: 0,0:31:21.77,0:31:24.59,Default,,0000,0000,0000,,passphrase with 64 bits of entropy it
Dialogue: 0,0:31:23.54,0:31:28.13,Default,,0000,0000,0000,,would be more than enough in that
Dialogue: 0,0:31:24.59,0:31:30.20,Default,,0000,0000,0000,,scenario for example and just a quick
Dialogue: 0,0:31:28.13,0:31:31.88,Default,,0000,0000,0000,,demo of this so there are tools to make
Dialogue: 0,0:31:30.20,0:31:34.31,Default,,0000,0000,0000,,this really easy to do this is actually
Dialogue: 0,0:31:31.88,0:31:37.10,Default,,0000,0000,0000,,one of the exercises but we can take a
Dialogue: 0,0:31:34.31,0:31:39.50,Default,,0000,0000,0000,,tool for example called open SSL and use
Dialogue: 0,0:31:37.10,0:31:42.05,Default,,0000,0000,0000,,it to apply a symmetric cipher to some
Dialogue: 0,0:31:39.50,0:31:44.06,Default,,0000,0000,0000,,file so I had my readme text here for
Dialogue: 0,0:31:42.05,0:31:47.09,Default,,0000,0000,0000,,example readme MD it has a bunch of
Dialogue: 0,0:31:44.06,0:31:50.68,Default,,0000,0000,0000,,stuff in it and I can do open SSL AES
Dialogue: 0,0:31:47.09,0:31:54.14,Default,,0000,0000,0000,,256 cbc this is the name of a particular
Dialogue: 0,0:31:50.68,0:31:57.65,Default,,0000,0000,0000,,symmetric cipher and i can say that i
Dialogue: 0,0:31:54.14,0:32:01.91,Default,,0000,0000,0000,,want to apply this to read me md and
Dialogue: 0,0:31:57.65,0:32:03.56,Default,,0000,0000,0000,,produce readme dot and MD let's give it
Dialogue: 0,0:32:01.91,0:32:05.09,Default,,0000,0000,0000,,some name and then it's asking you for a
Dialogue: 0,0:32:03.56,0:32:06.47,Default,,0000,0000,0000,,password so by default this works in
Dialogue: 0,0:32:05.09,0:32:08.30,Default,,0000,0000,0000,,this mode where I provide a passphrase
Dialogue: 0,0:32:06.47,0:32:10.25,Default,,0000,0000,0000,,is run through a KDF to produce a key
Dialogue: 0,0:32:08.30,0:32:12.41,Default,,0000,0000,0000,,and that's used for encryption so I'll
Dialogue: 0,0:32:10.25,0:32:15.32,Default,,0000,0000,0000,,type in some password type it in again
Dialogue: 0,0:32:12.41,0:32:19.31,Default,,0000,0000,0000,,and now I produce this readme MD file
Dialogue: 0,0:32:15.32,0:32:21.08,Default,,0000,0000,0000,,and if I look at this it kind of looks
Dialogue: 0,0:32:19.31,0:32:23.00,Default,,0000,0000,0000,,like garbage and that's at a high level
Dialogue: 0,0:32:21.08,0:32:24.89,Default,,0000,0000,0000,,the point of a symmetric cipher it
Dialogue: 0,0:32:23.00,0:32:26.45,Default,,0000,0000,0000,,produces some cipher text that should be
Dialogue: 0,0:32:24.89,0:32:29.69,Default,,0000,0000,0000,,kind of indistinguishable from random
Dialogue: 0,0:32:26.45,0:32:33.68,Default,,0000,0000,0000,,data and when I want to decrypt this I
Dialogue: 0,0:32:29.69,0:32:37.67,Default,,0000,0000,0000,,can run a similar command open SSL AES
Dialogue: 0,0:32:33.68,0:32:40.34,Default,,0000,0000,0000,,256 cbc dash D for decrypt take the
Dialogue: 0,0:32:37.67,0:32:44.23,Default,,0000,0000,0000,,input from readme tank done MD and I
Dialogue: 0,0:32:40.34,0:32:49.01,Default,,0000,0000,0000,,like do like readme dot read need
Dialogue: 0,0:32:44.23,0:32:53.93,Default,,0000,0000,0000,,decrypted MD as the output and I can
Dialogue: 0,0:32:49.01,0:32:55.85,Default,,0000,0000,0000,,compare these two files and the
Dialogue: 0,0:32:53.93,0:32:57.53,Default,,0000,0000,0000,,correctness property of symmetric
Dialogue: 0,0:32:55.85,0:32:59.12,Default,,0000,0000,0000,,cryptography tells me that this should
Dialogue: 0,0:32:57.53,0:33:01.07,Default,,0000,0000,0000,,be identical and this indeed is
Dialogue: 0,0:32:59.12,0:33:02.72,Default,,0000,0000,0000,,identical if I look at the return value
Dialogue: 0,0:33:01.07,0:33:04.92,Default,,0000,0000,0000,,compare return 0 so that means that are
Dialogue: 0,0:33:02.72,0:33:08.32,Default,,0000,0000,0000,,the same file
Dialogue: 0,0:33:04.92,0:33:08.32,Default,,0000,0000,0000,,[Applause]
Dialogue: 0,0:33:08.96,0:33:14.36,Default,,0000,0000,0000,,so any questions about symmetric key
Dialogue: 0,0:33:11.55,0:33:14.36,Default,,0000,0000,0000,,cryptography yeah
Dialogue: 0,0:33:20.34,0:33:26.04,Default,,0000,0000,0000,,so the this particular command did make
Dialogue: 0,0:33:23.70,0:33:29.10,Default,,0000,0000,0000,,a new file so it took us input readme MD
Dialogue: 0,0:33:26.04,0:33:31.29,Default,,0000,0000,0000,,and produces output this file so that is
Dialogue: 0,0:33:29.10,0:33:32.88,Default,,0000,0000,0000,,the encrypted version of the file it
Dialogue: 0,0:33:31.29,0:33:35.78,Default,,0000,0000,0000,,left the original untouched but then of
Dialogue: 0,0:33:32.88,0:33:47.64,Default,,0000,0000,0000,,course I could delete it if I wanted to
Dialogue: 0,0:33:35.78,0:33:48.60,Default,,0000,0000,0000,,yeah that's a good question this is
Dialogue: 0,0:33:47.64,0:33:50.19,Default,,0000,0000,0000,,something I wasn't gonna talk about in
Dialogue: 0,0:33:48.60,0:33:52.56,Default,,0000,0000,0000,,too much detail the question is I
Dialogue: 0,0:33:50.19,0:33:55.83,Default,,0000,0000,0000,,provided the salt argument here and
Dialogue: 0,0:33:52.56,0:33:58.49,Default,,0000,0000,0000,,where is that stored so the answer is
Dialogue: 0,0:33:55.83,0:34:01.86,Default,,0000,0000,0000,,that that is stored in this output here
Dialogue: 0,0:33:58.49,0:34:05.46,Default,,0000,0000,0000,,so this output format stores both the
Dialogue: 0,0:34:01.86,0:34:06.87,Default,,0000,0000,0000,,salt and the actual output ciphertext so
Dialogue: 0,0:34:05.46,0:34:13.32,Default,,0000,0000,0000,,can be used in the reconstruction and
Dialogue: 0,0:34:06.87,0:34:14.82,Default,,0000,0000,0000,,decrypt yeah that's correct it doesn't
Dialogue: 0,0:34:13.32,0:34:19.95,Default,,0000,0000,0000,,keep any database or anything this is
Dialogue: 0,0:34:14.82,0:34:23.19,Default,,0000,0000,0000,,fully self-contained yeah and as John
Dialogue: 0,0:34:19.95,0:34:24.87,Default,,0000,0000,0000,,says the salt is not the secret like the
Dialogue: 0,0:34:23.19,0:34:33.57,Default,,0000,0000,0000,,the passphrase is what is the secret
Dialogue: 0,0:34:24.87,0:34:36.84,Default,,0000,0000,0000,,thing here okay so let's go back to so
Dialogue: 0,0:34:33.57,0:34:39.81,Default,,0000,0000,0000,,the so the question is what is salt the
Dialogue: 0,0:34:36.84,0:34:42.09,Default,,0000,0000,0000,,idea of a cryptographic salt is probably
Dialogue: 0,0:34:39.81,0:34:47.79,Default,,0000,0000,0000,,best explained in the context of hash
Dialogue: 0,0:34:42.09,0:34:49.56,Default,,0000,0000,0000,,functions so one common application of
Dialogue: 0,0:34:47.79,0:34:51.30,Default,,0000,0000,0000,,hash functions is to store passwords in
Dialogue: 0,0:34:49.56,0:34:53.67,Default,,0000,0000,0000,,a password database if I have a website
Dialogue: 0,0:34:51.30,0:34:55.29,Default,,0000,0000,0000,,and I have logins for users like people
Dialogue: 0,0:34:53.67,0:34:57.33,Default,,0000,0000,0000,,log in with their username and password
Dialogue: 0,0:34:55.29,0:34:59.64,Default,,0000,0000,0000,,I don't actually want to store people's
Dialogue: 0,0:34:57.33,0:35:01.35,Default,,0000,0000,0000,,passwords in plain text just like as is
Dialogue: 0,0:34:59.64,0:35:06.44,Default,,0000,0000,0000,,does anybody know why I wouldn't want to
Dialogue: 0,0:35:01.35,0:35:08.28,Default,,0000,0000,0000,,do that yes
Dialogue: 0,0:35:06.44,0:35:10.35,Default,,0000,0000,0000,,exactly what if there was a breach and
Dialogue: 0,0:35:08.28,0:35:12.48,Default,,0000,0000,0000,,someone got all your data so it's really
Dialogue: 0,0:35:10.35,0:35:13.86,Default,,0000,0000,0000,,bad if you leak all your users passwords
Dialogue: 0,0:35:12.48,0:35:15.15,Default,,0000,0000,0000,,it's especially bad because a lot of
Dialogue: 0,0:35:13.86,0:35:17.13,Default,,0000,0000,0000,,people reuse their passwords across
Dialogue: 0,0:35:15.15,0:35:18.54,Default,,0000,0000,0000,,different sites so you'll see attackers
Dialogue: 0,0:35:17.13,0:35:20.25,Default,,0000,0000,0000,,break into one thing like there was big
Dialogue: 0,0:35:18.54,0:35:22.02,Default,,0000,0000,0000,,yahoo breach a while ago and they find
Dialogue: 0,0:35:20.25,0:35:23.73,Default,,0000,0000,0000,,all these usernames and passwords and
Dialogue: 0,0:35:22.02,0:35:25.56,Default,,0000,0000,0000,,then they go and try those same login
Dialogue: 0,0:35:23.73,0:35:27.27,Default,,0000,0000,0000,,credentials on Google and on Facebook
Dialogue: 0,0:35:25.56,0:35:30.03,Default,,0000,0000,0000,,and on YouTube and whatnot these people
Dialogue: 0,0:35:27.27,0:35:32.64,Default,,0000,0000,0000,,reuse passwords so it's bad to store
Dialogue: 0,0:35:30.03,0:35:33.75,Default,,0000,0000,0000,,plaintext passwords so one thing you
Dialogue: 0,0:35:32.64,0:35:35.40,Default,,0000,0000,0000,,should do is you should store hashed
Dialogue: 0,0:35:33.75,0:35:37.62,Default,,0000,0000,0000,,passwords with a hash function or
Dialogue: 0,0:35:35.40,0:35:39.26,Default,,0000,0000,0000,,ideally a password hashing function
Dialogue: 0,0:35:37.62,0:35:42.36,Default,,0000,0000,0000,,that's intentionally designed to be slow
Dialogue: 0,0:35:39.26,0:35:44.16,Default,,0000,0000,0000,,but one thing attackers one thing
Dialogue: 0,0:35:42.36,0:35:45.39,Default,,0000,0000,0000,,attacker started doing once they realize
Dialogue: 0,0:35:44.16,0:35:47.31,Default,,0000,0000,0000,,that people started storing hashed
Dialogue: 0,0:35:45.39,0:35:49.17,Default,,0000,0000,0000,,passwords is they built these things
Dialogue: 0,0:35:47.31,0:35:52.56,Default,,0000,0000,0000,,called rainbow tables what people did
Dialogue: 0,0:35:49.17,0:35:54.57,Default,,0000,0000,0000,,was they took a way of generating big
Dialogue: 0,0:35:52.56,0:35:56.70,Default,,0000,0000,0000,,password lists like the kind of model
Dialogue: 0,0:35:54.57,0:35:58.20,Default,,0000,0000,0000,,what passwords might look like say take
Dialogue: 0,0:35:56.70,0:36:00.51,Default,,0000,0000,0000,,all the dictionary words take all
Dialogue: 0,0:35:58.20,0:36:01.77,Default,,0000,0000,0000,,strings of like length from zero to
Dialogue: 0,0:36:00.51,0:36:03.84,Default,,0000,0000,0000,,eight and whatnot
Dialogue: 0,0:36:01.77,0:36:06.18,Default,,0000,0000,0000,,take all of those and then hash them and
Dialogue: 0,0:36:03.84,0:36:08.91,Default,,0000,0000,0000,,produce a big database mapping hashes
Dialogue: 0,0:36:06.18,0:36:10.53,Default,,0000,0000,0000,,back to their pre image and so given the
Dialogue: 0,0:36:08.91,0:36:12.03,Default,,0000,0000,0000,,output of a hash function rather than
Dialogue: 0,0:36:10.53,0:36:13.62,Default,,0000,0000,0000,,have to like brute force said on the fly
Dialogue: 0,0:36:12.03,0:36:15.21,Default,,0000,0000,0000,,you can just go look up in this database
Dialogue: 0,0:36:13.62,0:36:16.83,Default,,0000,0000,0000,,Oh what is the input that corresponds to
Dialogue: 0,0:36:15.21,0:36:19.41,Default,,0000,0000,0000,,this output and people have built these
Dialogue: 0,0:36:16.83,0:36:22.65,Default,,0000,0000,0000,,for reasonably large password databases
Dialogue: 0,0:36:19.41,0:36:25.08,Default,,0000,0000,0000,,and so one thing that you can do in
Dialogue: 0,0:36:22.65,0:36:28.50,Default,,0000,0000,0000,,reaction to that as a defense is rather
Dialogue: 0,0:36:25.08,0:36:31.35,Default,,0000,0000,0000,,than storing in your database as your to
Dialogue: 0,0:36:28.50,0:36:34.86,Default,,0000,0000,0000,,write it rather than storing just the
Dialogue: 0,0:36:31.35,0:36:42.08,Default,,0000,0000,0000,,hash of the password what you do is you
Dialogue: 0,0:36:34.86,0:36:44.64,Default,,0000,0000,0000,,compute what's called a salt value and
Dialogue: 0,0:36:42.08,0:36:47.01,Default,,0000,0000,0000,,what this is is a large random string
Dialogue: 0,0:36:44.64,0:36:50.16,Default,,0000,0000,0000,,and then what you do is you store in
Dialogue: 0,0:36:47.01,0:36:53.10,Default,,0000,0000,0000,,your password database the salt which is
Dialogue: 0,0:36:50.16,0:36:54.90,Default,,0000,0000,0000,,not really a secret like you can store
Dialogue: 0,0:36:53.10,0:36:59.73,Default,,0000,0000,0000,,this in your password database along
Dialogue: 0,0:36:54.90,0:37:04.98,Default,,0000,0000,0000,,with a hash of the password with the
Dialogue: 0,0:36:59.73,0:37:08.19,Default,,0000,0000,0000,,salt appended to it why is this useful
Dialogue: 0,0:37:04.98,0:37:10.32,Default,,0000,0000,0000,,well this salt is a random unique value
Dialogue: 0,0:37:08.19,0:37:12.06,Default,,0000,0000,0000,,for every user and so if someone has the
Dialogue: 0,0:37:10.32,0:37:14.64,Default,,0000,0000,0000,,password safe password one two three on
Dialogue: 0,0:37:12.06,0:37:16.35,Default,,0000,0000,0000,,one web service if you are just storing
Dialogue: 0,0:37:14.64,0:37:17.97,Default,,0000,0000,0000,,the hash of the password then the hash
Dialogue: 0,0:37:16.35,0:37:18.90,Default,,0000,0000,0000,,would be the same on both Web Services
Dialogue: 0,0:37:17.97,0:37:20.97,Default,,0000,0000,0000,,right because this hash
Dialogue: 0,0:37:18.90,0:37:22.62,Default,,0000,0000,0000,,function is a deterministic function but
Dialogue: 0,0:37:20.97,0:37:26.37,Default,,0000,0000,0000,,now since we're using this randomized
Dialogue: 0,0:37:22.62,0:37:28.47,Default,,0000,0000,0000,,salt value we store the hash of the
Dialogue: 0,0:37:26.37,0:37:29.70,Default,,0000,0000,0000,,password plus of salt and so even if
Dialogue: 0,0:37:28.47,0:37:32.64,Default,,0000,0000,0000,,someone's using the same password on
Dialogue: 0,0:37:29.70,0:37:34.59,Default,,0000,0000,0000,,multiple sites this thing looks
Dialogue: 0,0:37:32.64,0:37:37.14,Default,,0000,0000,0000,,different in both cases and it makes it
Dialogue: 0,0:37:34.59,0:37:40.77,Default,,0000,0000,0000,,so these big databases mapping these
Dialogue: 0,0:37:37.14,0:37:42.21,Default,,0000,0000,0000,,short passwords or hash outputs to the
Dialogue: 0,0:37:40.77,0:37:44.61,Default,,0000,0000,0000,,short passwords that they came from
Dialogue: 0,0:37:42.21,0:37:47.10,Default,,0000,0000,0000,,those are no longer useful when you have
Dialogue: 0,0:37:44.61,0:37:48.90,Default,,0000,0000,0000,,salted passwords you kind of need to do
Dialogue: 0,0:37:47.10,0:37:51.15,Default,,0000,0000,0000,,the brute-force attack for every user
Dialogue: 0,0:37:48.90,0:37:52.08,Default,,0000,0000,0000,,once you find their salt value rather
Dialogue: 0,0:37:51.15,0:37:54.21,Default,,0000,0000,0000,,than being able to use this big
Dialogue: 0,0:37:52.08,0:37:58.83,Default,,0000,0000,0000,,precomputed database does that answer
Dialogue: 0,0:37:54.21,0:38:00.45,Default,,0000,0000,0000,,the question of what a salt is and so
Dialogue: 0,0:37:58.83,0:38:02.96,Default,,0000,0000,0000,,that's what that salt argument is
Dialogue: 0,0:38:00.45,0:38:02.96,Default,,0000,0000,0000,,related to
Dialogue: 0,0:38:05.58,0:38:12.80,Default,,0000,0000,0000,,let's see so any questions about
Dialogue: 0,0:38:08.43,0:38:16.74,Default,,0000,0000,0000,,anything we talked about so far great
Dialogue: 0,0:38:12.80,0:38:20.04,Default,,0000,0000,0000,,okay so the I'm gonna go ahead and erase
Dialogue: 0,0:38:16.74,0:38:22.23,Default,,0000,0000,0000,,this and then the last topic we'll talk
Dialogue: 0,0:38:20.04,0:38:23.64,Default,,0000,0000,0000,,about is one of the most exciting
Dialogue: 0,0:38:22.23,0:38:24.60,Default,,0000,0000,0000,,developments of cryptography happen
Dialogue: 0,0:38:23.64,0:38:26.58,Default,,0000,0000,0000,,quite a while ago but it's still a
Dialogue: 0,0:38:24.60,0:38:42.03,Default,,0000,0000,0000,,really cool concept something called a
Dialogue: 0,0:38:26.58,0:38:43.68,Default,,0000,0000,0000,,symmetric key cryptography and so this
Dialogue: 0,0:38:42.03,0:38:45.72,Default,,0000,0000,0000,,is an idea that actually enables a lot
Dialogue: 0,0:38:43.68,0:38:48.51,Default,,0000,0000,0000,,of the security and privacy related
Dialogue: 0,0:38:45.72,0:38:50.16,Default,,0000,0000,0000,,features of basically anything you use
Dialogue: 0,0:38:48.51,0:38:53.43,Default,,0000,0000,0000,,today like we need to go and type in
Dialogue: 0,0:38:50.16,0:38:56.88,Default,,0000,0000,0000,,like www.google.com/mapmaker flog Rafi
Dialogue: 0,0:38:53.43,0:38:58.29,Default,,0000,0000,0000,,is used as part of what goes on there so
Dialogue: 0,0:38:56.88,0:38:59.70,Default,,0000,0000,0000,,this is going to look pretty similar to
Dialogue: 0,0:38:58.29,0:39:04.83,Default,,0000,0000,0000,,what we talked about in symmetric key
Dialogue: 0,0:38:59.70,0:39:06.12,Default,,0000,0000,0000,,cryptography except with a twist there's
Dialogue: 0,0:39:04.83,0:39:08.43,Default,,0000,0000,0000,,a key generation function which
Dialogue: 0,0:39:06.12,0:39:10.53,Default,,0000,0000,0000,,similarly is randomized but instead of
Dialogue: 0,0:39:08.43,0:39:16.86,Default,,0000,0000,0000,,producing a single key it produces a
Dialogue: 0,0:39:10.53,0:39:21.57,Default,,0000,0000,0000,,pair of keys two different things one of
Dialogue: 0,0:39:16.86,0:39:25.26,Default,,0000,0000,0000,,which is referred to as a public key and
Dialogue: 0,0:39:21.57,0:39:27.75,Default,,0000,0000,0000,,the other is referred to as a private
Dialogue: 0,0:39:25.26,0:39:29.55,Default,,0000,0000,0000,,key and then these can be used for
Dialogue: 0,0:39:27.75,0:39:31.65,Default,,0000,0000,0000,,encryption and decryption in a manner
Dialogue: 0,0:39:29.55,0:39:33.27,Default,,0000,0000,0000,,kind of similar to symmetric key crypto
Dialogue: 0,0:39:31.65,0:39:35.34,Default,,0000,0000,0000,,except these different keys have
Dialogue: 0,0:39:33.27,0:39:39.15,Default,,0000,0000,0000,,different uses now so we have an
Dialogue: 0,0:39:35.34,0:39:41.34,Default,,0000,0000,0000,,encryption function which takes in a
Dialogue: 0,0:39:39.15,0:39:46.83,Default,,0000,0000,0000,,plaintext Isles right P here and it
Dialogue: 0,0:39:41.34,0:39:49.11,Default,,0000,0000,0000,,takes in the public key and praises the
Dialogue: 0,0:39:46.83,0:39:53.25,Default,,0000,0000,0000,,ciphertext and then I have a decryption
Dialogue: 0,0:39:49.11,0:39:59.19,Default,,0000,0000,0000,,function which takes in my ciphertext
Dialogue: 0,0:39:53.25,0:40:05.79,Default,,0000,0000,0000,,and the private key and gives me back my
Dialogue: 0,0:39:59.19,0:40:08.52,Default,,0000,0000,0000,,plaintext and then similarly to those
Dialogue: 0,0:40:05.79,0:40:11.01,Default,,0000,0000,0000,,two properties we had over there given
Dialogue: 0,0:40:08.52,0:40:14.07,Default,,0000,0000,0000,,just the ciphertext we can't figure out
Dialogue: 0,0:40:11.01,0:40:15.72,Default,,0000,0000,0000,,the plaintext unless we have the private
Dialogue: 0,0:40:14.07,0:40:17.46,Default,,0000,0000,0000,,key and then we have the obvious
Dialogue: 0,0:40:15.72,0:40:18.81,Default,,0000,0000,0000,,correctness property that if we encrypt
Dialogue: 0,0:40:17.46,0:40:20.79,Default,,0000,0000,0000,,something with the private key
Dialogue: 0,0:40:18.81,0:40:23.22,Default,,0000,0000,0000,,sorry encrypt something with the public
Dialogue: 0,0:40:20.79,0:40:25.38,Default,,0000,0000,0000,,key and then take that cypher text and
Dialogue: 0,0:40:23.22,0:40:26.82,Default,,0000,0000,0000,,try decrypting it with the corresponding
Dialogue: 0,0:40:25.38,0:40:28.62,Default,,0000,0000,0000,,private key that came from this key
Dialogue: 0,0:40:26.82,0:40:30.81,Default,,0000,0000,0000,,generation process that outputs these
Dialogue: 0,0:40:28.62,0:40:36.06,Default,,0000,0000,0000,,two different things at once then I get
Dialogue: 0,0:40:30.81,0:40:37.89,Default,,0000,0000,0000,,the same result back so this is very
Dialogue: 0,0:40:36.06,0:40:39.03,Default,,0000,0000,0000,,similar to what's above but there's a
Dialogue: 0,0:40:37.89,0:40:40.77,Default,,0000,0000,0000,,twist that we have these two different
Dialogue: 0,0:40:39.03,0:40:42.84,Default,,0000,0000,0000,,keys that have different functions and
Dialogue: 0,0:40:40.77,0:40:44.100,Default,,0000,0000,0000,,it's really neat that this public key
Dialogue: 0,0:40:42.84,0:40:47.31,Default,,0000,0000,0000,,can actually be made as the name
Dialogue: 0,0:40:44.100,0:40:49.23,Default,,0000,0000,0000,,indicates public like I could be using a
Dialogue: 0,0:40:47.31,0:40:51.12,Default,,0000,0000,0000,,crypto system that works like this post
Dialogue: 0,0:40:49.23,0:40:53.28,Default,,0000,0000,0000,,a public key on the internet for anybody
Dialogue: 0,0:40:51.12,0:40:54.87,Default,,0000,0000,0000,,to see but keep my private key secret
Dialogue: 0,0:40:53.28,0:40:56.40,Default,,0000,0000,0000,,and then I have this interesting
Dialogue: 0,0:40:54.87,0:40:58.26,Default,,0000,0000,0000,,property that anybody on the internet
Dialogue: 0,0:40:56.40,0:41:00.78,Default,,0000,0000,0000,,can take any piece of content and
Dialogue: 0,0:40:58.26,0:41:02.40,Default,,0000,0000,0000,,encrypt it for me using my public key
Dialogue: 0,0:41:00.78,0:41:04.41,Default,,0000,0000,0000,,and send it over the Internet
Dialogue: 0,0:41:02.40,0:41:06.33,Default,,0000,0000,0000,,to me and then I can decrypt it using my
Dialogue: 0,0:41:04.41,0:41:08.40,Default,,0000,0000,0000,,private key and as long as my private
Dialogue: 0,0:41:06.33,0:41:10.41,Default,,0000,0000,0000,,key C's stays secret it doesn't matter
Dialogue: 0,0:41:08.40,0:41:11.76,Default,,0000,0000,0000,,if my public key is available to anybody
Dialogue: 0,0:41:10.41,0:41:15.09,Default,,0000,0000,0000,,on the Internet so here's where the
Dialogue: 0,0:41:11.76,0:41:18.57,Default,,0000,0000,0000,,asymmetry comes from before we were in a
Dialogue: 0,0:41:15.09,0:41:20.55,Default,,0000,0000,0000,,scenario where like suppose I was on the
Dialogue: 0,0:41:18.57,0:41:21.15,Default,,0000,0000,0000,,internet but you weren't like talking to
Dialogue: 0,0:41:20.55,0:41:22.89,Default,,0000,0000,0000,,me face-to-face
Dialogue: 0,0:41:21.15,0:41:25.35,Default,,0000,0000,0000,,and you wanted to send me some data over
Dialogue: 0,0:41:22.89,0:41:26.61,Default,,0000,0000,0000,,the Internet over some unencrypted
Dialogue: 0,0:41:25.35,0:41:28.14,Default,,0000,0000,0000,,Channel where anybody could listen on
Dialogue: 0,0:41:26.61,0:41:30.15,Default,,0000,0000,0000,,what you were saying and you wanted to
Dialogue: 0,0:41:28.14,0:41:32.01,Default,,0000,0000,0000,,use symmetric key cryptography well we
Dialogue: 0,0:41:30.15,0:41:33.48,Default,,0000,0000,0000,,need some way of exchanging a key in
Dialogue: 0,0:41:32.01,0:41:34.77,Default,,0000,0000,0000,,advance so that you could encrypt some
Dialogue: 0,0:41:33.48,0:41:36.66,Default,,0000,0000,0000,,plaintext with a key and give me that
Dialogue: 0,0:41:34.77,0:41:38.55,Default,,0000,0000,0000,,ciphertext over the Internet so that I
Dialogue: 0,0:41:36.66,0:41:41.28,Default,,0000,0000,0000,,could done decrypt it with that key in
Dialogue: 0,0:41:38.55,0:41:42.84,Default,,0000,0000,0000,,symmetric key crypto if the keys public
Dialogue: 0,0:41:41.28,0:41:45.30,Default,,0000,0000,0000,,it's game over like anybody can decrypt
Dialogue: 0,0:41:42.84,0:41:47.34,Default,,0000,0000,0000,,your stuff whereas an asymmetric key
Dialogue: 0,0:41:45.30,0:41:49.02,Default,,0000,0000,0000,,cryptography I could take my public key
Dialogue: 0,0:41:47.34,0:41:50.91,Default,,0000,0000,0000,,and like post it on a bulletin board on
Dialogue: 0,0:41:49.02,0:41:52.65,Default,,0000,0000,0000,,the Internet and you can go look at that
Dialogue: 0,0:41:50.91,0:41:54.75,Default,,0000,0000,0000,,take some contents and encrypt them for
Dialogue: 0,0:41:52.65,0:41:55.80,Default,,0000,0000,0000,,me and then send them over and that
Dialogue: 0,0:41:54.75,0:41:57.27,Default,,0000,0000,0000,,would be totally fine
Dialogue: 0,0:41:55.80,0:41:59.97,Default,,0000,0000,0000,,you can only decrypt it with the private
Dialogue: 0,0:41:57.27,0:42:02.25,Default,,0000,0000,0000,,key and so one analogy that may be
Dialogue: 0,0:41:59.97,0:42:05.61,Default,,0000,0000,0000,,helpful is comparing these mathematical
Dialogue: 0,0:42:02.25,0:42:07.44,Default,,0000,0000,0000,,ideas to physical locks so you probably
Dialogue: 0,0:42:05.61,0:42:09.33,Default,,0000,0000,0000,,have a lock on your door to your house
Dialogue: 0,0:42:07.44,0:42:11.19,Default,,0000,0000,0000,,and you can put in a key and like turn
Dialogue: 0,0:42:09.33,0:42:12.48,Default,,0000,0000,0000,,the thing in order to lock the door or
Dialogue: 0,0:42:11.19,0:42:14.34,Default,,0000,0000,0000,,you can turn it the other way to unlock
Dialogue: 0,0:42:12.48,0:42:15.93,Default,,0000,0000,0000,,the door so there's a single key and it
Dialogue: 0,0:42:14.34,0:42:17.46,Default,,0000,0000,0000,,can both lock and unlock the door
Dialogue: 0,0:42:15.93,0:42:19.26,Default,,0000,0000,0000,,but now consider this alternative
Dialogue: 0,0:42:17.46,0:42:20.64,Default,,0000,0000,0000,,construction which you might use if say
Dialogue: 0,0:42:19.26,0:42:23.43,Default,,0000,0000,0000,,I want you to be able to send me a
Dialogue: 0,0:42:20.64,0:42:25.02,Default,,0000,0000,0000,,message and have it be sent over the
Dialogue: 0,0:42:23.43,0:42:27.21,Default,,0000,0000,0000,,internet and you I don't really need a
Dialogue: 0,0:42:25.02,0:42:29.55,Default,,0000,0000,0000,,way to exchange a key with you
Dialogue: 0,0:42:27.21,0:42:30.72,Default,,0000,0000,0000,,beforehand I could get a box which you
Dialogue: 0,0:42:29.55,0:42:32.35,Default,,0000,0000,0000,,could put a letter inside and you can
Dialogue: 0,0:42:30.72,0:42:36.01,Default,,0000,0000,0000,,close the box and I can get one of the
Dialogue: 0,0:42:32.35,0:42:37.54,Default,,0000,0000,0000,,padlock things which I can give you by I
Dialogue: 0,0:42:36.01,0:42:39.82,Default,,0000,0000,0000,,could like take those padlock and open
Dialogue: 0,0:42:37.54,0:42:41.53,Default,,0000,0000,0000,,it and give it to you and you at your
Dialogue: 0,0:42:39.82,0:42:43.36,Default,,0000,0000,0000,,own leisure could put your message
Dialogue: 0,0:42:41.53,0:42:45.85,Default,,0000,0000,0000,,inside a box and take this padlock which
Dialogue: 0,0:42:43.36,0:42:48.43,Default,,0000,0000,0000,,is open and shut it around the box and
Dialogue: 0,0:42:45.85,0:42:50.35,Default,,0000,0000,0000,,then send it over to me and then I could
Dialogue: 0,0:42:48.43,0:42:52.09,Default,,0000,0000,0000,,put in my key and unlock it so do you
Dialogue: 0,0:42:50.35,0:42:54.31,Default,,0000,0000,0000,,see how there is this asymmetry there as
Dialogue: 0,0:42:52.09,0:42:56.05,Default,,0000,0000,0000,,opposed to the key that I used to open
Dialogue: 0,0:42:54.31,0:42:57.76,Default,,0000,0000,0000,,the door to my house where the same key
Dialogue: 0,0:42:56.05,0:42:59.92,Default,,0000,0000,0000,,opens and closes the thing instead I
Dialogue: 0,0:42:57.76,0:43:01.75,Default,,0000,0000,0000,,give you this open padlock that you have
Dialogue: 0,0:42:59.92,0:43:03.88,Default,,0000,0000,0000,,the ability to close but not open and
Dialogue: 0,0:43:01.75,0:43:05.59,Default,,0000,0000,0000,,after you closed it I can use my key
Dialogue: 0,0:43:03.88,0:43:07.12,Default,,0000,0000,0000,,which I've kept secret in order to open
Dialogue: 0,0:43:05.59,0:43:09.10,Default,,0000,0000,0000,,the thing and retrieve what's inside
Dialogue: 0,0:43:07.12,0:43:10.93,Default,,0000,0000,0000,,maybe this analogy is helpful maybe it's
Dialogue: 0,0:43:09.10,0:43:13.72,Default,,0000,0000,0000,,not the mathematical construction works
Dialogue: 0,0:43:10.93,0:43:17.35,Default,,0000,0000,0000,,just fine if that works for a year so
Dialogue: 0,0:43:13.72,0:43:18.79,Default,,0000,0000,0000,,any questions about a symmetric key
Dialogue: 0,0:43:17.35,0:43:21.19,Default,,0000,0000,0000,,encryption and decryption and how it
Dialogue: 0,0:43:18.79,0:43:25.90,Default,,0000,0000,0000,,relates to symmetric key crypto how it's
Dialogue: 0,0:43:21.19,0:43:27.94,Default,,0000,0000,0000,,a little bit different so before we talk
Dialogue: 0,0:43:25.90,0:43:30.37,Default,,0000,0000,0000,,about applications of this idea I'm
Dialogue: 0,0:43:27.94,0:43:33.58,Default,,0000,0000,0000,,going to talk about one other set of
Dialogue: 0,0:43:30.37,0:43:36.16,Default,,0000,0000,0000,,concepts in a symmetric key cryptography
Dialogue: 0,0:43:33.58,0:43:37.87,Default,,0000,0000,0000,,so these crypto systems give you another
Dialogue: 0,0:43:36.16,0:43:39.94,Default,,0000,0000,0000,,set of tools which are related to
Dialogue: 0,0:43:37.87,0:43:42.37,Default,,0000,0000,0000,,encryption and decryption something
Dialogue: 0,0:43:39.94,0:43:44.35,Default,,0000,0000,0000,,called signing and verifying and this is
Dialogue: 0,0:43:42.37,0:43:46.21,Default,,0000,0000,0000,,kind of similar to the real world like I
Dialogue: 0,0:43:44.35,0:43:48.37,Default,,0000,0000,0000,,can get a document and sign it with my
Dialogue: 0,0:43:46.21,0:43:50.26,Default,,0000,0000,0000,,signature except real world signatures
Dialogue: 0,0:43:48.37,0:43:52.21,Default,,0000,0000,0000,,are I don't think that hard to forge
Dialogue: 0,0:43:50.26,0:43:56.26,Default,,0000,0000,0000,,these are pretty hard to forge and
Dialogue: 0,0:43:52.21,0:43:57.94,Default,,0000,0000,0000,,therefore more useful what does
Dialogue: 0,0:43:56.26,0:44:00.60,Default,,0000,0000,0000,,signature schemes look like there's a
Dialogue: 0,0:43:57.94,0:44:08.38,Default,,0000,0000,0000,,function sign that takes us some message
Dialogue: 0,0:44:00.60,0:44:09.91,Default,,0000,0000,0000,,and the private key so notice this this
Dialogue: 0,0:44:08.38,0:44:14.62,Default,,0000,0000,0000,,is the private key not the public key
Dialogue: 0,0:44:09.91,0:44:18.37,Default,,0000,0000,0000,,and it produces a signature and then
Dialogue: 0,0:44:14.62,0:44:23.64,Default,,0000,0000,0000,,there's another function verify which
Dialogue: 0,0:44:18.37,0:44:27.54,Default,,0000,0000,0000,,takes in the message the signature and
Dialogue: 0,0:44:23.64,0:44:27.54,Default,,0000,0000,0000,,the public key this time
Dialogue: 0,0:44:30.43,0:44:35.75,Default,,0000,0000,0000,,and it tells me it returns a boolean
Dialogue: 0,0:44:33.89,0:44:40.61,Default,,0000,0000,0000,,whether or not the signature checks out
Dialogue: 0,0:44:35.75,0:44:43.64,Default,,0000,0000,0000,,and then this pair of functions has the
Dialogue: 0,0:44:40.61,0:44:45.08,Default,,0000,0000,0000,,property that again these are kind of
Dialogue: 0,0:44:43.64,0:44:49.07,Default,,0000,0000,0000,,properties that follow the intuition
Dialogue: 0,0:44:45.08,0:44:54.17,Default,,0000,0000,0000,,that come from physical signatures that
Dialogue: 0,0:44:49.07,0:44:56.99,Default,,0000,0000,0000,,uh without the private key it's hard to
Dialogue: 0,0:44:54.17,0:44:58.85,Default,,0000,0000,0000,,produce a signature for any message such
Dialogue: 0,0:44:56.99,0:45:00.38,Default,,0000,0000,0000,,that you can give the message in the
Dialogue: 0,0:44:58.85,0:45:02.36,Default,,0000,0000,0000,,signature and the public key to the
Dialogue: 0,0:45:00.38,0:45:07.54,Default,,0000,0000,0000,,verify function to get it to return true
Dialogue: 0,0:45:02.36,0:45:07.54,Default,,0000,0000,0000,,like at a high level it's hard to Forge
Dialogue: 0,0:45:09.52,0:45:20.72,Default,,0000,0000,0000,,it's hard to forge a signature of course
Dialogue: 0,0:45:11.93,0:45:24.20,Default,,0000,0000,0000,,without the private key and then there's
Dialogue: 0,0:45:20.72,0:45:25.61,Default,,0000,0000,0000,,the obvious correctness property that if
Dialogue: 0,0:45:24.20,0:45:26.69,Default,,0000,0000,0000,,you signed a thing with a public key and
Dialogue: 0,0:45:25.61,0:45:28.67,Default,,0000,0000,0000,,then try verifying it with the
Dialogue: 0,0:45:26.69,0:45:30.17,Default,,0000,0000,0000,,corresponding sorry if you sign a thing
Dialogue: 0,0:45:28.67,0:45:31.52,Default,,0000,0000,0000,,with the private key and try to verify
Dialogue: 0,0:45:30.17,0:45:34.01,Default,,0000,0000,0000,,it with the corresponding public key
Dialogue: 0,0:45:31.52,0:45:38.30,Default,,0000,0000,0000,,it returns okay that this verification
Dialogue: 0,0:45:34.01,0:45:41.08,Default,,0000,0000,0000,,checks out so these are two different
Dialogue: 0,0:45:38.30,0:45:44.03,Default,,0000,0000,0000,,kinds of things you can do with
Dialogue: 0,0:45:41.08,0:45:46.28,Default,,0000,0000,0000,,asymmetric key cryptosystems
Dialogue: 0,0:45:44.03,0:45:47.51,Default,,0000,0000,0000,,an example of an asymmetric key
Dialogue: 0,0:45:46.28,0:45:50.36,Default,,0000,0000,0000,,cryptosystem that you might have heard
Dialogue: 0,0:45:47.51,0:45:51.80,Default,,0000,0000,0000,,of is something called RSA so RSA is
Dialogue: 0,0:45:50.36,0:45:53.18,Default,,0000,0000,0000,,designed by a number of people one of
Dialogue: 0,0:45:51.80,0:45:59.33,Default,,0000,0000,0000,,whom is ron rivest who's a professor
Dialogue: 0,0:45:53.18,0:46:01.73,Default,,0000,0000,0000,,here so there are couple of interesting
Dialogue: 0,0:45:59.33,0:46:03.17,Default,,0000,0000,0000,,applications of asymmetric key crypto
Dialogue: 0,0:46:01.73,0:46:04.58,Default,,0000,0000,0000,,actually like tons and tons and tons of
Dialogue: 0,0:46:03.17,0:46:06.80,Default,,0000,0000,0000,,you spend like days talking about this
Dialogue: 0,0:46:04.58,0:46:08.54,Default,,0000,0000,0000,,but a couple examples are email
Dialogue: 0,0:46:06.80,0:46:10.40,Default,,0000,0000,0000,,encryption so we talked a little bit
Dialogue: 0,0:46:08.54,0:46:12.41,Default,,0000,0000,0000,,about sending messages what we can do
Dialogue: 0,0:46:10.40,0:46:14.36,Default,,0000,0000,0000,,with asymmetric key crypto is that you
Dialogue: 0,0:46:12.41,0:46:16.67,Default,,0000,0000,0000,,can have public keys posted online I
Dialogue: 0,0:46:14.36,0:46:18.53,Default,,0000,0000,0000,,think some of the instructors have PGP
Dialogue: 0,0:46:16.67,0:46:19.85,Default,,0000,0000,0000,,public keys on their website so for
Dialogue: 0,0:46:18.53,0:46:21.74,Default,,0000,0000,0000,,example you go to my website or John's
Dialogue: 0,0:46:19.85,0:46:24.74,Default,,0000,0000,0000,,website you'll find a public key and
Dialogue: 0,0:46:21.74,0:46:27.41,Default,,0000,0000,0000,,then what you can do is you can send us
Dialogue: 0,0:46:24.74,0:46:29.06,Default,,0000,0000,0000,,an encrypted email and so even if that
Dialogue: 0,0:46:27.41,0:46:30.26,Default,,0000,0000,0000,,message goes through Gmail or whatever
Dialogue: 0,0:46:29.06,0:46:31.97,Default,,0000,0000,0000,,other mail service throughout my T's
Dialogue: 0,0:46:30.26,0:46:34.04,Default,,0000,0000,0000,,mail servers if there happens to be an
Dialogue: 0,0:46:31.97,0:46:35.54,Default,,0000,0000,0000,,attacker snooping on the messages they
Dialogue: 0,0:46:34.04,0:46:38.00,Default,,0000,0000,0000,,can't make any sense of their contents
Dialogue: 0,0:46:35.54,0:46:39.65,Default,,0000,0000,0000,,because they're all encrypted and this
Dialogue: 0,0:46:38.00,0:46:42.44,Default,,0000,0000,0000,,is really cool because you can do this
Dialogue: 0,0:46:39.65,0:46:43.11,Default,,0000,0000,0000,,without kind of finding us in person and
Dialogue: 0,0:46:42.44,0:46:44.10,Default,,0000,0000,0000,,exchanging
Dialogue: 0,0:46:43.11,0:46:45.99,Default,,0000,0000,0000,,which you might have to do in a
Dialogue: 0,0:46:44.10,0:46:47.61,Default,,0000,0000,0000,,symmetric key cryptosystem you can just
Dialogue: 0,0:46:45.99,0:46:49.29,Default,,0000,0000,0000,,find our public key which can be posted
Dialogue: 0,0:46:47.61,0:46:52.23,Default,,0000,0000,0000,,online without causing any issues and
Dialogue: 0,0:46:49.29,0:46:53.76,Default,,0000,0000,0000,,then send us encrypted email another
Dialogue: 0,0:46:52.23,0:46:56.16,Default,,0000,0000,0000,,thing asymmetric key crypto is used for
Dialogue: 0,0:46:53.76,0:46:58.02,Default,,0000,0000,0000,,is private messaging so raise your hand
Dialogue: 0,0:46:56.16,0:47:00.51,Default,,0000,0000,0000,,if you've used anything like signal or
Dialogue: 0,0:46:58.02,0:47:01.95,Default,,0000,0000,0000,,telegram or I think what's up is in
Dialogue: 0,0:47:00.51,0:47:05.04,Default,,0000,0000,0000,,theory antenna encrypted so a good
Dialogue: 0,0:47:01.95,0:47:07.38,Default,,0000,0000,0000,,number of you these private messaging
Dialogue: 0,0:47:05.04,0:47:09.48,Default,,0000,0000,0000,,applications also use asymmetric key
Dialogue: 0,0:47:07.38,0:47:11.82,Default,,0000,0000,0000,,crypto to establish private
Dialogue: 0,0:47:09.48,0:47:14.31,Default,,0000,0000,0000,,communication channels basically every
Dialogue: 0,0:47:11.82,0:47:16.50,Default,,0000,0000,0000,,person has associated with them a key
Dialogue: 0,0:47:14.31,0:47:18.39,Default,,0000,0000,0000,,pair and so your device has run this key
Dialogue: 0,0:47:16.50,0:47:20.40,Default,,0000,0000,0000,,generation function produced a public
Dialogue: 0,0:47:18.39,0:47:22.05,Default,,0000,0000,0000,,key and a private key and automatically
Dialogue: 0,0:47:20.40,0:47:23.67,Default,,0000,0000,0000,,posted your public key to the internet
Dialogue: 0,0:47:22.05,0:47:25.53,Default,,0000,0000,0000,,so for example if you're using signal
Dialogue: 0,0:47:23.67,0:47:27.03,Default,,0000,0000,0000,,your public key is on the signal servers
Dialogue: 0,0:47:25.53,0:47:30.03,Default,,0000,0000,0000,,and then when someone wants to contact
Dialogue: 0,0:47:27.03,0:47:31.71,Default,,0000,0000,0000,,you their phone can look up your public
Dialogue: 0,0:47:30.03,0:47:33.15,Default,,0000,0000,0000,,key retreat and once it's retrieve your
Dialogue: 0,0:47:31.71,0:47:35.28,Default,,0000,0000,0000,,public key they can encrypt information
Dialogue: 0,0:47:33.15,0:47:36.60,Default,,0000,0000,0000,,for you this is a kind of approximation
Dialogue: 0,0:47:35.28,0:47:38.51,Default,,0000,0000,0000,,of how their algorithm works but at a
Dialogue: 0,0:47:36.60,0:47:40.98,Default,,0000,0000,0000,,high level that's what's going on
Dialogue: 0,0:47:38.51,0:47:43.50,Default,,0000,0000,0000,,another neat application of asymmetric
Dialogue: 0,0:47:40.98,0:47:44.88,Default,,0000,0000,0000,,key crypto is we were talking about
Dialogue: 0,0:47:43.50,0:47:46.08,Default,,0000,0000,0000,,earlier like making sure you have the
Dialogue: 0,0:47:44.88,0:47:46.52,Default,,0000,0000,0000,,right software we downloaded from the
Dialogue: 0,0:47:46.08,0:47:48.60,Default,,0000,0000,0000,,internet
Dialogue: 0,0:47:46.52,0:47:50.61,Default,,0000,0000,0000,,asymmetric key crypto can be used to
Dialogue: 0,0:47:48.60,0:47:52.43,Default,,0000,0000,0000,,sign software releases and this is
Dialogue: 0,0:47:50.61,0:47:55.20,Default,,0000,0000,0000,,something that people do for example
Dialogue: 0,0:47:52.43,0:47:56.49,Default,,0000,0000,0000,,like Debian packages or whatever things
Dialogue: 0,0:47:55.20,0:47:57.96,Default,,0000,0000,0000,,you download from the internet the
Dialogue: 0,0:47:56.49,0:47:59.67,Default,,0000,0000,0000,,developer will try to sign their
Dialogue: 0,0:47:57.96,0:48:00.63,Default,,0000,0000,0000,,software so that you can make sure that
Dialogue: 0,0:47:59.67,0:48:01.77,Default,,0000,0000,0000,,whatever you've downloaded from the
Dialogue: 0,0:48:00.63,0:48:04.80,Default,,0000,0000,0000,,internet is actually the right thing
Dialogue: 0,0:48:01.77,0:48:06.66,Default,,0000,0000,0000,,that came from the right person we
Dialogue: 0,0:48:04.80,0:48:07.92,Default,,0000,0000,0000,,talked about in the get lecture all the
Dialogue: 0,0:48:06.66,0:48:10.44,Default,,0000,0000,0000,,interesting things you can do with git
Dialogue: 0,0:48:07.92,0:48:15.24,Default,,0000,0000,0000,,one thing we didn't cover was signing
Dialogue: 0,0:48:10.44,0:48:17.67,Default,,0000,0000,0000,,related functionality and get so git has
Dialogue: 0,0:48:15.24,0:48:19.80,Default,,0000,0000,0000,,commits and you can associate with
Dialogue: 0,0:48:17.67,0:48:21.15,Default,,0000,0000,0000,,commits something called tags at a high
Dialogue: 0,0:48:19.80,0:48:22.95,Default,,0000,0000,0000,,level you can basically take a git
Dialogue: 0,0:48:21.15,0:48:26.16,Default,,0000,0000,0000,,commit and attach a signature to it
Dialogue: 0,0:48:22.95,0:48:28.59,Default,,0000,0000,0000,,which binds your public key to this
Dialogue: 0,0:48:26.16,0:48:31.17,Default,,0000,0000,0000,,commit and then anybody who has your
Dialogue: 0,0:48:28.59,0:48:32.79,Default,,0000,0000,0000,,public key can take the commit and your
Dialogue: 0,0:48:31.17,0:48:35.52,Default,,0000,0000,0000,,public key and make sure that there's a
Dialogue: 0,0:48:32.79,0:48:40.92,Default,,0000,0000,0000,,legitimate signature on the key or sorry
Dialogue: 0,0:48:35.52,0:48:44.67,Default,,0000,0000,0000,,on the commit so let me go to like some
Dialogue: 0,0:48:40.92,0:48:46.65,Default,,0000,0000,0000,,random repository that I have I can look
Dialogue: 0,0:48:44.67,0:48:51.96,Default,,0000,0000,0000,,at a bunch of tags associated with
Dialogue: 0,0:48:46.65,0:48:55.28,Default,,0000,0000,0000,,repository if I do look at the raw data
Dialogue: 0,0:48:51.96,0:48:55.28,Default,,0000,0000,0000,,associated with this tag
Dialogue: 0,0:48:55.50,0:49:02.82,Default,,0000,0000,0000,,it has some metadata and then a blob of
Dialogue: 0,0:48:59.40,0:49:05.70,Default,,0000,0000,0000,,like ascii encoded information that i
Dialogue: 0,0:49:02.82,0:49:08.88,Default,,0000,0000,0000,,can use the get tagged - v4 verify
Dialogue: 0,0:49:05.70,0:49:11.04,Default,,0000,0000,0000,,command to make sure that oh this is a
Dialogue: 0,0:49:08.88,0:49:13.05,Default,,0000,0000,0000,,good signature from this person happens
Dialogue: 0,0:49:11.04,0:49:14.22,Default,,0000,0000,0000,,to be me so I sign the software release
Dialogue: 0,0:49:13.05,0:49:15.63,Default,,0000,0000,0000,,so that anybody who downloads it from
Dialogue: 0,0:49:14.22,0:49:18.15,Default,,0000,0000,0000,,the Internet can make sure that they
Dialogue: 0,0:49:15.63,0:49:31.68,Default,,0000,0000,0000,,actually got an authentic copy yes
Dialogue: 0,0:49:18.15,0:49:33.60,Default,,0000,0000,0000,,question so the question is what exactly
Dialogue: 0,0:49:31.68,0:49:38.46,Default,,0000,0000,0000,,is the verify function doing or what is
Dialogue: 0,0:49:33.60,0:49:39.83,Default,,0000,0000,0000,,it checking against the like if you want
Dialogue: 0,0:49:38.46,0:49:41.13,Default,,0000,0000,0000,,to know mathematically what's going on
Dialogue: 0,0:49:39.83,0:49:43.62,Default,,0000,0000,0000,,talk to me
Dialogue: 0,0:49:41.13,0:49:45.51,Default,,0000,0000,0000,,after this lecture but for from kind of
Dialogue: 0,0:49:43.62,0:49:48.00,Default,,0000,0000,0000,,an API perspective what's going on here
Dialogue: 0,0:49:45.51,0:49:49.80,Default,,0000,0000,0000,,is that the signature and also the
Dialogue: 0,0:49:48.00,0:49:52.32,Default,,0000,0000,0000,,message here are just a blob of bytes
Dialogue: 0,0:49:49.80,0:49:56.13,Default,,0000,0000,0000,,and it happens to be the case that these
Dialogue: 0,0:49:52.32,0:49:58.56,Default,,0000,0000,0000,,things are designed such that basically
Dialogue: 0,0:49:56.13,0:50:00.66,Default,,0000,0000,0000,,if I take for some particular public key
Dialogue: 0,0:49:58.56,0:50:02.91,Default,,0000,0000,0000,,like if you take my public key it's
Dialogue: 0,0:50:00.66,0:50:06.45,Default,,0000,0000,0000,,impossible for you without knowledge of
Dialogue: 0,0:50:02.91,0:50:07.95,Default,,0000,0000,0000,,my private key for any message to find a
Dialogue: 0,0:50:06.45,0:50:10.80,Default,,0000,0000,0000,,second argument to this function that
Dialogue: 0,0:50:07.95,0:50:12.99,Default,,0000,0000,0000,,makes it return true you can kind of
Dialogue: 0,0:50:10.80,0:50:14.46,Default,,0000,0000,0000,,compare it to signing a document like
Dialogue: 0,0:50:12.99,0:50:16.89,Default,,0000,0000,0000,,you don't know how to forge my signature
Dialogue: 0,0:50:14.46,0:50:19.14,Default,,0000,0000,0000,,I can take any piece of paper and sign
Dialogue: 0,0:50:16.89,0:50:20.97,Default,,0000,0000,0000,,it and then anybody who knows what my
Dialogue: 0,0:50:19.14,0:50:22.20,Default,,0000,0000,0000,,signature looks like I can show my
Dialogue: 0,0:50:20.97,0:50:24.69,Default,,0000,0000,0000,,document - you can be like yeah that
Dialogue: 0,0:50:22.20,0:50:27.15,Default,,0000,0000,0000,,checks out but nobody without the
Dialogue: 0,0:50:24.69,0:50:30.06,Default,,0000,0000,0000,,private key can produce a signature that
Dialogue: 0,0:50:27.15,0:50:35.34,Default,,0000,0000,0000,,will make this function return true for
Dialogue: 0,0:50:30.06,0:50:36.42,Default,,0000,0000,0000,,any particular message and any related
Dialogue: 0,0:50:35.34,0:50:39.47,Default,,0000,0000,0000,,questions started you want me to explain
Dialogue: 0,0:50:36.42,0:50:39.47,Default,,0000,0000,0000,,any other way or does that make sense
Dialogue: 0,0:50:50.18,0:50:54.12,Default,,0000,0000,0000,,so any questions about signing software
Dialogue: 0,0:50:52.68,0:50:55.92,Default,,0000,0000,0000,,or any of the other handful of
Dialogue: 0,0:50:54.12,0:51:01.05,Default,,0000,0000,0000,,applications talked about of asymmetric
Dialogue: 0,0:50:55.92,0:51:02.46,Default,,0000,0000,0000,,key crypto well so one final thing I
Dialogue: 0,0:51:01.05,0:51:05.10,Default,,0000,0000,0000,,want to talk about we're almost out of
Dialogue: 0,0:51:02.46,0:51:07.20,Default,,0000,0000,0000,,time is key distribution this is a kind
Dialogue: 0,0:51:05.10,0:51:08.13,Default,,0000,0000,0000,,of interesting side effect of asymmetric
Dialogue: 0,0:51:07.20,0:51:09.33,Default,,0000,0000,0000,,key cryptography
Dialogue: 0,0:51:08.13,0:51:11.73,Default,,0000,0000,0000,,it enables a bunch of interesting
Dialogue: 0,0:51:09.33,0:51:12.96,Default,,0000,0000,0000,,functionality like I can post my public
Dialogue: 0,0:51:11.73,0:51:14.82,Default,,0000,0000,0000,,key on the internet you can go find it
Dialogue: 0,0:51:12.96,0:51:16.17,Default,,0000,0000,0000,,and send me encrypted email but how do
Dialogue: 0,0:51:14.82,0:51:18.06,Default,,0000,0000,0000,,you know that the public key found is
Dialogue: 0,0:51:16.17,0:51:19.41,Default,,0000,0000,0000,,actually my public key it seems like
Dialogue: 0,0:51:18.06,0:51:22.71,Default,,0000,0000,0000,,there's a bootstrapping problem here
Dialogue: 0,0:51:19.41,0:51:24.81,Default,,0000,0000,0000,,right so there are a couple this is like
Dialogue: 0,0:51:22.71,0:51:27.93,Default,,0000,0000,0000,,a really interesting and really hard
Dialogue: 0,0:51:24.81,0:51:29.40,Default,,0000,0000,0000,,real-world problem and there are a
Dialogue: 0,0:51:27.93,0:51:31.80,Default,,0000,0000,0000,,couple different approaches you might
Dialogue: 0,0:51:29.40,0:51:33.78,Default,,0000,0000,0000,,take to this problem one is kind of a
Dialogue: 0,0:51:31.80,0:51:35.00,Default,,0000,0000,0000,,lame solution but this thing solves a
Dialogue: 0,0:51:33.78,0:51:37.05,Default,,0000,0000,0000,,lot of cryptography problems this
Dialogue: 0,0:51:35.00,0:51:39.63,Default,,0000,0000,0000,,exchange the information out-of-band
Dialogue: 0,0:51:37.05,0:51:41.43,Default,,0000,0000,0000,,what that means is you want to send me
Dialogue: 0,0:51:39.63,0:51:43.71,Default,,0000,0000,0000,,encrypted email we'll just talk to me
Dialogue: 0,0:51:41.43,0:51:45.21,Default,,0000,0000,0000,,after class I'll give you my public key
Dialogue: 0,0:51:43.71,0:51:46.56,Default,,0000,0000,0000,,on a piece of paper and since you were
Dialogue: 0,0:51:45.21,0:51:48.24,Default,,0000,0000,0000,,talking to me in person like you know
Dialogue: 0,0:51:46.56,0:51:49.77,Default,,0000,0000,0000,,that it's actually my public key not
Dialogue: 0,0:51:48.24,0:51:51.93,Default,,0000,0000,0000,,just somebody like hacked my website and
Dialogue: 0,0:51:49.77,0:51:53.16,Default,,0000,0000,0000,,stuck some random number on there that
Dialogue: 0,0:51:51.93,0:51:54.42,Default,,0000,0000,0000,,solves the problem but it's not the most
Dialogue: 0,0:51:53.16,0:51:55.74,Default,,0000,0000,0000,,elegant there are a couple other
Dialogue: 0,0:51:54.42,0:51:58.65,Default,,0000,0000,0000,,approaches that different applications
Dialogue: 0,0:51:55.74,0:52:01.41,Default,,0000,0000,0000,,use so those of you who use signal have
Dialogue: 0,0:51:58.65,0:52:02.97,Default,,0000,0000,0000,,you ever encountered the phrase safety
Dialogue: 0,0:52:01.41,0:52:06.81,Default,,0000,0000,0000,,number like verify your safety number
Dialogue: 0,0:52:02.97,0:52:09.18,Default,,0000,0000,0000,,with so and so so with signal they have
Dialogue: 0,0:52:06.81,0:52:10.95,Default,,0000,0000,0000,,a way of exchanging public keys which is
Dialogue: 0,0:52:09.18,0:52:12.84,Default,,0000,0000,0000,,through the signal servers whoever runs
Dialogue: 0,0:52:10.95,0:52:14.28,Default,,0000,0000,0000,,the signal service just maintains on
Dialogue: 0,0:52:12.84,0:52:16.17,Default,,0000,0000,0000,,their servers basically a mapping from
Dialogue: 0,0:52:14.28,0:52:17.67,Default,,0000,0000,0000,,phone numbers to public keys and when I
Dialogue: 0,0:52:16.17,0:52:19.11,Default,,0000,0000,0000,,say oh I want to message this person
Dialogue: 0,0:52:17.67,0:52:20.19,Default,,0000,0000,0000,,with this number my phone just goes and
Dialogue: 0,0:52:19.11,0:52:21.93,Default,,0000,0000,0000,,retrieves their public key from the
Dialogue: 0,0:52:20.19,0:52:24.06,Default,,0000,0000,0000,,internet and then encrypts the message
Dialogue: 0,0:52:21.93,0:52:27.08,Default,,0000,0000,0000,,for that public key now does anybody see
Dialogue: 0,0:52:24.06,0:52:27.08,Default,,0000,0000,0000,,a problem with the setup
Dialogue: 0,0:52:29.75,0:52:38.88,Default,,0000,0000,0000,,yeah yeah exactly the signal servers our
Dialogue: 0,0:52:36.90,0:52:40.83,Default,,0000,0000,0000,,point of failure there because if the
Dialogue: 0,0:52:38.88,0:52:42.90,Default,,0000,0000,0000,,signal servers give me the wrong public
Dialogue: 0,0:52:40.83,0:52:44.61,Default,,0000,0000,0000,,key like supposed signal just produces a
Dialogue: 0,0:52:42.90,0:52:46.20,Default,,0000,0000,0000,,new key pair and give me their public
Dialogue: 0,0:52:44.61,0:52:47.94,Default,,0000,0000,0000,,key now they can read all my messages
Dialogue: 0,0:52:46.20,0:52:50.22,Default,,0000,0000,0000,,and they could even sit in between and
Dialogue: 0,0:52:47.94,0:52:51.54,Default,,0000,0000,0000,,transparently decrypt the messages I
Dialogue: 0,0:52:50.22,0:52:52.95,Default,,0000,0000,0000,,send them and then re encrypt them and
Dialogue: 0,0:52:51.54,0:52:55.17,Default,,0000,0000,0000,,send them on to their final destination
Dialogue: 0,0:52:52.95,0:52:57.96,Default,,0000,0000,0000,,like basically I need some way of
Dialogue: 0,0:52:55.17,0:52:59.85,Default,,0000,0000,0000,,authenticating the public key I get and
Dialogue: 0,0:52:57.96,0:53:01.17,Default,,0000,0000,0000,,so signal has one solution to this which
Dialogue: 0,0:52:59.85,0:53:04.35,Default,,0000,0000,0000,,is also just kind of punting the issue
Dialogue: 0,0:53:01.17,0:53:05.22,Default,,0000,0000,0000,,to out-of-band key exchange you can meet
Dialogue: 0,0:53:04.35,0:53:07.32,Default,,0000,0000,0000,,up with somebody and they have a
Dialogue: 0,0:53:05.22,0:53:08.82,Default,,0000,0000,0000,,slightly streamline flow where they show
Dialogue: 0,0:53:07.32,0:53:09.75,Default,,0000,0000,0000,,QR codes on the screen you take one
Dialogue: 0,0:53:08.82,0:53:10.95,Default,,0000,0000,0000,,phone and take a picture of the other
Dialogue: 0,0:53:09.75,0:53:12.84,Default,,0000,0000,0000,,phone screen and vice versa
Dialogue: 0,0:53:10.95,0:53:14.58,Default,,0000,0000,0000,,and now you've exchanged public keys in
Dialogue: 0,0:53:12.84,0:53:15.93,Default,,0000,0000,0000,,person and from that point on you've
Dialogue: 0,0:53:14.58,0:53:19.35,Default,,0000,0000,0000,,bootstrap your encrypted end-to-end
Dialogue: 0,0:53:15.93,0:53:22.23,Default,,0000,0000,0000,,communication it also has an issue of or
Dialogue: 0,0:53:19.35,0:53:24.15,Default,,0000,0000,0000,,it also has approach of pinning a public
Dialogue: 0,0:53:22.23,0:53:25.98,Default,,0000,0000,0000,,key so once you know that a particular
Dialogue: 0,0:53:24.15,0:53:27.75,Default,,0000,0000,0000,,phone number has a particular public key
Dialogue: 0,0:53:25.98,0:53:30.36,Default,,0000,0000,0000,,your phone remembers that and if that
Dialogue: 0,0:53:27.75,0:53:32.34,Default,,0000,0000,0000,,ever changes it'll complain to you and
Dialogue: 0,0:53:30.36,0:53:34.95,Default,,0000,0000,0000,,then there are a couple other solutions
Dialogue: 0,0:53:32.34,0:53:36.75,Default,,0000,0000,0000,,to this problem PGP one pop to let used
Dialogue: 0,0:53:34.95,0:53:38.46,Default,,0000,0000,0000,,to be popular a while ago has this idea
Dialogue: 0,0:53:36.75,0:53:40.35,Default,,0000,0000,0000,,of web of trust so like I trust people
Dialogue: 0,0:53:38.46,0:53:41.94,Default,,0000,0000,0000,,who my friends trust so if like John has
Dialogue: 0,0:53:40.35,0:53:43.74,Default,,0000,0000,0000,,done an out-of-band exchange with say my
Dialogue: 0,0:53:41.94,0:53:45.66,Default,,0000,0000,0000,,professor then I can probably email my
Dialogue: 0,0:53:43.74,0:53:47.46,Default,,0000,0000,0000,,professor because like I know that John
Dialogue: 0,0:53:45.66,0:53:48.78,Default,,0000,0000,0000,,trusts my professor and I trust John so
Dialogue: 0,0:53:47.46,0:53:50.31,Default,,0000,0000,0000,,you got this chain of trust through
Dialogue: 0,0:53:48.78,0:53:52.38,Default,,0000,0000,0000,,there that's one interesting approach
Dialogue: 0,0:53:50.31,0:53:53.91,Default,,0000,0000,0000,,and then another model that's called
Dialogue: 0,0:53:52.38,0:53:55.77,Default,,0000,0000,0000,,pretty recently as something that a tool
Dialogue: 0,0:53:53.91,0:54:00.35,Default,,0000,0000,0000,,called key base uses this is a really
Dialogue: 0,0:53:55.77,0:54:00.35,Default,,0000,0000,0000,,neat whoops
Dialogue: 0,0:54:00.50,0:54:04.95,Default,,0000,0000,0000,,there's website called key based IO and
Dialogue: 0,0:54:03.75,0:54:06.78,Default,,0000,0000,0000,,they have a really interesting solution
Dialogue: 0,0:54:04.95,0:54:09.42,Default,,0000,0000,0000,,to this bootstrapping problem which is
Dialogue: 0,0:54:06.78,0:54:10.59,Default,,0000,0000,0000,,social proof so saying you probably have
Dialogue: 0,0:54:09.42,0:54:13.50,Default,,0000,0000,0000,,your friends on Facebook and on Twitter
Dialogue: 0,0:54:10.59,0:54:15.60,Default,,0000,0000,0000,,and whatnot and it's probably pretty
Dialogue: 0,0:54:13.50,0:54:17.07,Default,,0000,0000,0000,,hard for an attacker to break into your
Dialogue: 0,0:54:15.60,0:54:18.39,Default,,0000,0000,0000,,friend's Facebook account at the same
Dialogue: 0,0:54:17.07,0:54:19.68,Default,,0000,0000,0000,,time as their Twitter account as the
Dialogue: 0,0:54:18.39,0:54:21.00,Default,,0000,0000,0000,,same time as their hacker news account
Dialogue: 0,0:54:19.68,0:54:23.43,Default,,0000,0000,0000,,and so on and so there's this
Dialogue: 0,0:54:21.00,0:54:25.86,Default,,0000,0000,0000,,interesting way of binding public keys
Dialogue: 0,0:54:23.43,0:54:27.78,Default,,0000,0000,0000,,to a set of social identities such that
Dialogue: 0,0:54:25.86,0:54:30.24,Default,,0000,0000,0000,,you can retrieve a public key once you
Dialogue: 0,0:54:27.78,0:54:32.61,Default,,0000,0000,0000,,trust some number of social identities
Dialogue: 0,0:54:30.24,0:54:33.96,Default,,0000,0000,0000,,corresponding to your friend we have
Dialogue: 0,0:54:32.61,0:54:34.98,Default,,0000,0000,0000,,links to these in the lecture notes if
Dialogue: 0,0:54:33.96,0:54:38.40,Default,,0000,0000,0000,,you want to see these things in more
Dialogue: 0,0:54:34.98,0:54:41.16,Default,,0000,0000,0000,,detail so that's it for our security and
Dialogue: 0,0:54:38.40,0:54:42.69,Default,,0000,0000,0000,,cryptography lecture and tomorrow's
Dialogue: 0,0:54:41.16,0:54:43.23,Default,,0000,0000,0000,,lecture will be on a random collection
Dialogue: 0,0:54:42.69,0:54:45.12,Default,,0000,0000,0000,,of top
Dialogue: 0,0:54:43.23,0:54:48.65,Default,,0000,0000,0000,,that your instructors find interesting
Dialogue: 0,0:54:45.12,0:54:48.65,Default,,0000,0000,0000,,so hopefully see you in lecture tomorrow
Dialogue: 0,0:54:51.26,0:54:54.18,Default,,0000,0000,0000,,I'll also be here for a couple of
Dialogue: 0,0:54:53.04,0:55:08.91,Default,,0000,0000,0000,,minutes after class if anybody has
Dialogue: 0,0:54:54.18,0:55:09.87,Default,,0000,0000,0000,,questions yes okay so John feel free to
Dialogue: 0,0:55:08.91,0:55:11.07,Default,,0000,0000,0000,,leave if you have to leave but I think
Dialogue: 0,0:55:09.87,0:55:11.97,Default,,0000,0000,0000,,nobody's using the classroom after us
Dialogue: 0,0:55:11.07,0:55:15.15,Default,,0000,0000,0000,,I'm going to talk about one other
Dialogue: 0,0:55:11.97,0:55:16.77,Default,,0000,0000,0000,,interesting topic so john brought up the
Dialogue: 0,0:55:15.15,0:55:19.32,Default,,0000,0000,0000,,fact that a symmetric key cryptography
Dialogue: 0,0:55:16.77,0:55:23.13,Default,,0000,0000,0000,,is slow and symmetric key cryptography
Dialogue: 0,0:55:19.32,0:55:25.68,Default,,0000,0000,0000,,is fast and so in practice you don't
Dialogue: 0,0:55:23.13,0:55:28.08,Default,,0000,0000,0000,,really use just a symmetric key
Dialogue: 0,0:55:25.68,0:55:31.44,Default,,0000,0000,0000,,cryptography by itself it's usually used
Dialogue: 0,0:55:28.08,0:55:38.28,Default,,0000,0000,0000,,to bootstrap a more sophisticated
Dialogue: 0,0:55:31.44,0:55:40.71,Default,,0000,0000,0000,,protocol that you're using one thing you
Dialogue: 0,0:55:38.28,0:55:41.43,Default,,0000,0000,0000,,might want to do is use a symmetric key
Dialogue: 0,0:55:40.71,0:55:43.89,Default,,0000,0000,0000,,cryptography
Dialogue: 0,0:55:41.43,0:55:45.87,Default,,0000,0000,0000,,for signing encrypted email right we
Dialogue: 0,0:55:43.89,0:55:47.73,Default,,0000,0000,0000,,talked about that example and the way
Dialogue: 0,0:55:45.87,0:55:49.26,Default,,0000,0000,0000,,that works isn't what you might have
Dialogue: 0,0:55:47.73,0:55:50.91,Default,,0000,0000,0000,,guessed from our straightforward
Dialogue: 0,0:55:49.26,0:55:52.92,Default,,0000,0000,0000,,explanation of asymmetric key crypto
Dialogue: 0,0:55:50.91,0:55:54.74,Default,,0000,0000,0000,,like you don't just use that encrypt
Dialogue: 0,0:55:52.92,0:55:57.63,Default,,0000,0000,0000,,function up there and call it a day in
Dialogue: 0,0:55:54.74,0:56:05.40,Default,,0000,0000,0000,,practice what you do is you use hybrid
Dialogue: 0,0:55:57.63,0:56:07.41,Default,,0000,0000,0000,,encryption to use a combination of
Dialogue: 0,0:56:05.40,0:56:09.11,Default,,0000,0000,0000,,symmetric key and asymmetric key
Dialogue: 0,0:56:07.41,0:56:12.06,Default,,0000,0000,0000,,cryptography
Dialogue: 0,0:56:09.11,0:56:14.19,Default,,0000,0000,0000,,what you do is here I'll draw this as a
Dialogue: 0,0:56:12.06,0:56:21.27,Default,,0000,0000,0000,,big block diagram you take your message
Dialogue: 0,0:56:14.19,0:56:23.49,Default,,0000,0000,0000,,m and then I have my public key that I
Dialogue: 0,0:56:21.27,0:56:25.08,Default,,0000,0000,0000,,want to encrypt for but rather than just
Dialogue: 0,0:56:23.49,0:56:27.12,Default,,0000,0000,0000,,take these two things and pass it
Dialogue: 0,0:56:25.08,0:56:36.24,Default,,0000,0000,0000,,through the encryption up there what I
Dialogue: 0,0:56:27.12,0:56:41.82,Default,,0000,0000,0000,,do is I use the symmetric key gen
Dialogue: 0,0:56:36.24,0:56:43.38,Default,,0000,0000,0000,,function to produce a symmetric key okay
Dialogue: 0,0:56:41.82,0:56:44.70,Default,,0000,0000,0000,,I'm gonna like prepend this with
Dialogue: 0,0:56:43.38,0:56:46.38,Default,,0000,0000,0000,,symmetric so we can distinguish it from
Dialogue: 0,0:56:44.70,0:56:49.41,Default,,0000,0000,0000,,the public key key generation function
Dialogue: 0,0:56:46.38,0:56:52.05,Default,,0000,0000,0000,,and then what I do is I take these two
Dialogue: 0,0:56:49.41,0:56:55.25,Default,,0000,0000,0000,,things pass them through my symmetric
Dialogue: 0,0:56:52.05,0:56:55.25,Default,,0000,0000,0000,,encryption box
Dialogue: 0,0:57:02.25,0:57:13.75,Default,,0000,0000,0000,,this produces the ciphertext and now
Dialogue: 0,0:57:09.40,0:57:15.64,Default,,0000,0000,0000,,this by itself to the sender sorry this
Dialogue: 0,0:57:13.75,0:57:17.53,Default,,0000,0000,0000,,by itself to the receiver who has the
Dialogue: 0,0:57:15.64,0:57:19.90,Default,,0000,0000,0000,,private key corresponding to this public
Dialogue: 0,0:57:17.53,0:57:20.89,Default,,0000,0000,0000,,key here this is not really useful right
Dialogue: 0,0:57:19.90,0:57:26.02,Default,,0000,0000,0000,,because this is encrypted with a
Dialogue: 0,0:57:20.89,0:57:28.69,Default,,0000,0000,0000,,symmetric cipher with this key K that
Dialogue: 0,0:57:26.02,0:57:30.67,Default,,0000,0000,0000,,came from this function that I ran on my
Dialogue: 0,0:57:28.69,0:57:32.83,Default,,0000,0000,0000,,local machine so I need some way of
Dialogue: 0,0:57:30.67,0:57:34.66,Default,,0000,0000,0000,,getting this to the person who actually
Dialogue: 0,0:57:32.83,0:57:37.57,Default,,0000,0000,0000,,used to decrypt the email and so what I
Dialogue: 0,0:57:34.66,0:57:39.61,Default,,0000,0000,0000,,do is I take this thing and now this
Dialogue: 0,0:57:37.57,0:57:40.84,Default,,0000,0000,0000,,email might have been big and I use
Dialogue: 0,0:57:39.61,0:57:42.70,Default,,0000,0000,0000,,symmetric encryption with that because
Dialogue: 0,0:57:40.84,0:57:44.98,Default,,0000,0000,0000,,symmetric encryption is fast but this
Dialogue: 0,0:57:42.70,0:57:46.60,Default,,0000,0000,0000,,key is small like it might be 256 bits
Dialogue: 0,0:57:44.98,0:57:49.00,Default,,0000,0000,0000,,or something so I can take this thing
Dialogue: 0,0:57:46.60,0:58:05.62,Default,,0000,0000,0000,,and encrypt it with a symmetric
Dialogue: 0,0:57:49.00,0:58:09.64,Default,,0000,0000,0000,,encryption using the public key and this
Dialogue: 0,0:58:05.62,0:58:12.55,Default,,0000,0000,0000,,gives me an encrypted key and this thing
Dialogue: 0,0:58:09.64,0:58:14.52,Default,,0000,0000,0000,,can be decrypted using the private key
Dialogue: 0,0:58:12.55,0:58:18.25,Default,,0000,0000,0000,,corresponding to that public key to
Dialogue: 0,0:58:14.52,0:58:21.52,Default,,0000,0000,0000,,reconstruct this so this is on the
Dialogue: 0,0:58:18.25,0:58:23.59,Default,,0000,0000,0000,,sender's end now the receiver gets this
Dialogue: 0,0:58:21.52,0:58:24.76,Default,,0000,0000,0000,,and this and kind of does these things
Dialogue: 0,0:58:23.59,0:58:27.52,Default,,0000,0000,0000,,backwards so you start with the
Dialogue: 0,0:58:24.76,0:58:29.89,Default,,0000,0000,0000,,encrypted key and use asymmetric
Dialogue: 0,0:58:27.52,0:58:31.33,Default,,0000,0000,0000,,decryption using your public using your
Dialogue: 0,0:58:29.89,0:58:34.18,Default,,0000,0000,0000,,private key that corresponds to the
Dialogue: 0,0:58:31.33,0:58:35.35,Default,,0000,0000,0000,,posted public key to reconstruct this
Dialogue: 0,0:58:34.18,0:58:37.57,Default,,0000,0000,0000,,key that were used for the symmetric
Dialogue: 0,0:58:35.35,0:58:39.76,Default,,0000,0000,0000,,encryption box and then use symmetric
Dialogue: 0,0:58:37.57,0:58:41.56,Default,,0000,0000,0000,,key decryption using that key that was
Dialogue: 0,0:58:39.76,0:58:45.76,Default,,0000,0000,0000,,reconstructed to take this ciphertext
Dialogue: 0,0:58:41.56,0:58:47.59,Default,,0000,0000,0000,,and produce the original message so
Dialogue: 0,0:58:45.76,0:58:49.63,Default,,0000,0000,0000,,there's a kind of interesting example of
Dialogue: 0,0:58:47.59,0:58:56.91,Default,,0000,0000,0000,,how in practice symmetric and asymmetric
Dialogue: 0,0:58:49.63,0:58:56.91,Default,,0000,0000,0000,,key cryptography is combined question
Dialogue: 0,0:59:00.59,0:59:08.22,Default,,0000,0000,0000,,so the question is will you be using the
Dialogue: 0,0:59:02.79,0:59:11.04,Default,,0000,0000,0000,,same symmetric key generators yes okay
Dialogue: 0,0:59:08.22,0:59:13.65,Default,,0000,0000,0000,,so you need to kind of agree ahead of
Dialogue: 0,0:59:11.04,0:59:16.28,Default,,0000,0000,0000,,time which box you're using here so you
Dialogue: 0,0:59:13.65,0:59:21.36,Default,,0000,0000,0000,,might be like oh I'm going to use AES
Dialogue: 0,0:59:16.28,0:59:24.51,Default,,0000,0000,0000,,256 GC up here but this is a well known
Dialogue: 0,0:59:21.36,0:59:26.01,Default,,0000,0000,0000,,function and it's public like the
Dialogue: 0,0:59:24.51,0:59:27.93,Default,,0000,0000,0000,,attackers allowed to know all the
Dialogue: 0,0:59:26.01,0:59:29.19,Default,,0000,0000,0000,,parameters this function this is the
Dialogue: 0,0:59:27.93,0:59:34.19,Default,,0000,0000,0000,,only secret thing that the attacker
Dialogue: 0,0:59:29.19,0:59:40.65,Default,,0000,0000,0000,,doesn't know the key any other questions
Dialogue: 0,0:59:34.19,0:59:42.00,Default,,0000,0000,0000,,yeah that's a really good question what
Dialogue: 0,0:59:40.65,0:59:46.02,Default,,0000,0000,0000,,kind of data is important enough to
Dialogue: 0,0:59:42.00,0:59:47.91,Default,,0000,0000,0000,,encrypt and I think that depends on your
Dialogue: 0,0:59:46.02,0:59:49.35,Default,,0000,0000,0000,,threat model like who what kind of
Dialogue: 0,0:59:47.91,0:59:53.10,Default,,0000,0000,0000,,attackers are you concerned about what
Dialogue: 0,0:59:49.35,0:59:54.18,Default,,0000,0000,0000,,are you trying to protect against so you
Dialogue: 0,0:59:53.10,0:59:56.07,Default,,0000,0000,0000,,might have the stance that you just
Dialogue: 0,0:59:54.18,0:59:57.57,Default,,0000,0000,0000,,don't really care and that like anything
Dialogue: 0,0:59:56.07,0:59:58.98,Default,,0000,0000,0000,,you communicate with anybody is allowed
Dialogue: 0,0:59:57.57,1:00:00.72,Default,,0000,0000,0000,,to be public I might be willing to like
Dialogue: 0,0:59:58.98,1:00:03.36,Default,,0000,0000,0000,,post all my conversation with everybody
Dialogue: 0,1:00:00.72,1:00:05.76,Default,,0000,0000,0000,,for everybody to see publicly on the
Dialogue: 0,1:00:03.36,1:00:08.13,Default,,0000,0000,0000,,Internet on the other hand maybe you're
Dialogue: 0,1:00:05.76,1:00:10.56,Default,,0000,0000,0000,,doing some like security sensitive works
Dialogue: 0,1:00:08.13,1:00:11.97,Default,,0000,0000,0000,,here working under a contract for the US
Dialogue: 0,1:00:10.56,1:00:13.77,Default,,0000,0000,0000,,government developing some sensitive
Dialogue: 0,1:00:11.97,1:00:15.06,Default,,0000,0000,0000,,military stuff if you're sending that
Dialogue: 0,1:00:13.77,1:00:16.56,Default,,0000,0000,0000,,through the open Internet while you're
Dialogue: 0,1:00:15.06,1:00:18.90,Default,,0000,0000,0000,,traveling you probably want to be pretty
Dialogue: 0,1:00:16.56,1:00:20.58,Default,,0000,0000,0000,,darn sure that no eavesdroppers or
Dialogue: 0,1:00:18.90,1:00:22.08,Default,,0000,0000,0000,,anybody else along the way can see what
Dialogue: 0,1:00:20.58,1:00:23.10,Default,,0000,0000,0000,,you're sending and that whatever you're
Dialogue: 0,1:00:22.08,1:00:24.99,Default,,0000,0000,0000,,sending is in fact going to the right
Dialogue: 0,1:00:23.10,1:00:26.34,Default,,0000,0000,0000,,place and that whoever is receiving it
Dialogue: 0,1:00:24.99,1:00:29.85,Default,,0000,0000,0000,,can authenticate that it in fact came
Dialogue: 0,1:00:26.34,1:00:31.26,Default,,0000,0000,0000,,from you so you might be worried about
Dialogue: 0,1:00:29.85,1:00:33.36,Default,,0000,0000,0000,,all different kinds of adversaries
Dialogue: 0,1:00:31.26,1:00:34.44,Default,,0000,0000,0000,,depending on your scenario from random
Dialogue: 0,1:00:33.36,1:00:36.81,Default,,0000,0000,0000,,script kiddies who are trying to break
Dialogue: 0,1:00:34.44,1:00:38.49,Default,,0000,0000,0000,,into websites to nation state level
Dialogue: 0,1:00:36.81,1:00:40.26,Default,,0000,0000,0000,,attackers and you'll need different
Dialogue: 0,1:00:38.49,1:00:41.34,Default,,0000,0000,0000,,types of techniques for defending
Dialogue: 0,1:00:40.26,1:00:47.90,Default,,0000,0000,0000,,against the different categories of
Dialogue: 0,1:00:41.34,1:00:47.90,Default,,0000,0000,0000,,attackers any other questions
Dialogue: 0,1:00:51.19,1:00:55.30,Default,,0000,0000,0000,,well so hopefully see some of you
Dialogue: 0,1:00:53.62,1:00:57.31,Default,,0000,0000,0000,,tomorrow for a random collection of
Dialogue: 0,1:00:55.30,1:00:59.49,Default,,0000,0000,0000,,things that John Jose and I find
Dialogue: 0,1:00:57.31,1:00:59.49,Default,,0000,0000,0000,,interesting