Encryption - Symmetric Encryption vs Asymmetric Encryption - Cryptography - Practical TLS

[Music] encryption is all about providing confidentiality if you remember from the earlier lesson confidentiality is the idea that only the intended recipient should be able to interpret the data you're trying to send so the way that would work is let's just say my original data is the word hello I'm going to put that through an encryption algorithm that's going to turn that into something that is undecipherable by anybody else now the data before I encrypted it is referred to as plain text it's also sometimes referred to as clear text those are both two words that

mean the same thing the data after it was encrypted is referred to as Cipher text the idea is that the sender is going to generate some plain text encrypt it and then send it across the wire as Cipher text the only person that should be able to take the cipher text and turn it back into the plain text otherwise known as decryption should be the ended Target the intended recipient of the message now what we are looking at here is referred to as simple encryption where all we are doing is taking plain text and transforming

it into something else but there are problems with simple encryption let's talk about it let's say I have this blue user on the left over here trying to send the word hello in a secure fashion to this orange user well he can use encryption to turn into Cipher text to send it across the wire but let's now say the blue user wants to send the same word hello to this purple user well it doesn't make sense for the blue user to use the same encryption algorithm they used before because then the orange user will have

Insight in how to turn that back into plain text or the purple user will know how to turn that back into PL text instead for every user the blue user wants to speak to the blue user is going to have to develop a new transformation this way the users they are speaking to don't have insight into what was sent on the wire if the blue user wants to speak to yet another person he's going to have to create yet another algorithm to securely transform the word he's trying to send on The Wire so as you

can see simple encryption doesn't scale every user that I have to speak to I have to generate a new way of transforming text into something indecipherable which by the way is very hard to do securely it's not a trivial thing to find a way to scramble text to make it uninterpretable by anybody else on the wire it takes cryptographers and mathematicians years to come up with proper encryption algorithms and if all I'm doing is simple transformation I can't just use a publicly known algorithm because then the entire public knows the mechanism to decrypt so instead

what the world uses is what's known as key based encryption key based encryption is going to combine a publicly vetted algorithm with a secret key the algorithm itself is created by mathematicians and cryptographers and experts in the field moreover it's vetted by each other so they actually validate each other's work to make sure that the algorithm are secure and then the secret key is just a random set of ones and zeros and even though I'm using the same word to all three of these users and the exact same protocol for all three of these users

because I've generated randomly new keys for each user on The Wire the cipher text will look completely unique from one another this way the orange user has zero insight into what was encrypted and sent to the purple user nor does the purple user have any insight into what was sent to the orange user the cool thing about this is I can let the experts do the hard work of creating the algorithm and it's very easy for me to randomly generate a set of ones and zeros to use as a key this is what allows encryption

to scale to the whole internet now there are two ways to do key based encryption those two ways are Sy encryption and asymmetric encryption and we'll be talking about both of those for the rest of this lesson the main difference between these two is that symmetric encryption is going to encrypt and decrypt content using the same keys and asymetric encryption is going to encrypt and decrypt using different keys so let's talk about what that means to show you how this is going to work we're going to use the alphabet now for these examples we're going

to assume that there's only lowercase A through Z there's no uppercase characters there's no numbers there's no symbols we're going to keep it simple for for the explanation symmetric encryption uses the same key for encryption and decryption so let's say I start with the word hello I'm going to use a symmetric encryption algorithm in combination with a secret key now the algorithm I'm going to use for this example is simply moving the letters forward and I'm going to move it that amount of times in this case three well if I start at the H and

I move forward three times I'll end up at K if I did the same for the rest of the letters in the word I'd end up with k h o o r to decrypt this I would simply take my Cipher text and do the inverse of the algorithm so if my algorithm was to move forward my decryption algorithm is going to be to move backwards and I'm going to use the same key so if I move forward three times to encrypt I'm going to move backwards three times to decrypt and if I start at the

K and I move backwards three times I'll end up back at the H and again I could do this for the rest of the letters to decrypt the whole word so that's a simple example of symmetric encryption notice in particular the same key was used for both encryption and decryption now let's talk about asymmetric encryption and you're going to see it's a little different with asymmetric encryption I'm still going to use an encryption algorithm but the keys I use for encryption and decryption are going to be different here I'm going to use the encryption key

of five again I'm going to start with h and I'm going to move forward five times to get to m i could do it with the rest of the letters in this word to get to MJ qqt now it might seem like you can just go backwards to get back to H but in asymmetric encryption algorithms the math features what's known as trapdoor algorithms these are mathematical operations that can only be done in one way you can't do them backwards so in the case of asymmetric encryption we can't actually go backwards instead we have to

go forward a different amount to decrypt this I'm going to have to take my Cipher text and use a different key going forward again so starting with the m if I go forward 21 positions I'll end up back at the H and I could do it again for the rest of the letters to decrypt the rest of the word but notice I went forward to encrypt and forward again to decrypt whereas in symmetric encryption you can do forward and backwards and of course with symmetric encryption I was able to use the same key to encrypt

and decrypt whereas with asymmetric encryption I had to use different keys to encrypt and decrypt now let's talk about those keys a little bit more those two keys I used in this case 5 and 21 are mathematically related whatever I encrypted with five could only be decrypted with 21 there are other combinations of keys that you could use in our little example using just the alphabet actually anything that adds up to 26 would work so I could have also used an encryption key of six a decryption key of 20 or an encryption key of 10

and a decryption key of 16 but the interesting thing to note is here I used an encryption key of five and a decryption of key of 21 what if I use them in the reverse order what if I encrypted a 21 could I not then decrypt with five well let's give it a shot again I'm going to start at the H and I'm going to see if I can move forward 21 times that'll bring me back to the C and I could also do the same for the rest of the letters and then to decrypt

this I would again take my Cipher textt and then move forward another five times that would bring my C back to H successfully decrypting the first letter of my plain text I could again use the same decryption key to decrypt the rest of the letters the main thing I'm pointing out here is this property of aset encryption is that what you can encrypt with one key can only be decrypted by the other key but it works in either direction I can encrypt with 21 and decrypt with five or as we showed earlier I can encrypt

with five and decrypt 21 these two asymmetric keys are mathematically related now what the industry does with this is they take one key and they label it as the public key and they make it available to anybody that ask for it and then they take the other key and they call it the private key and they keep it to themselves they never share their private key with anybody else this way anybody can use your public key to encrypt something but only you possess the private key that allows you to decrypt it now we're going to

be talking about public and private keys in more detail in the next lesson we're going to show you the different operations you can do with public and private keys but for now I want I want to continue comparing and contrasting symmetric and asymmetric encryption next I want to tell you about the strength and weaknesses of either method of keybase encryption now you'll notice that these strength and weaknesses are in relation to each other the first one we're going to talk about is that symmetric encryption is faster it's easier for CPU to do the math and

work with the keys of symmetric encryption algorithms whereas asymmetric encryption is slower it is harder math and uses bigger Keys therefore When comparing the speed of asymmetric encryption and symmetric encryption symmetric encryption is much faster moreover symmetric encryption has this interesting property that the cipher text that you've encrypted ends up being approximately the same size as the plain text the benefit to that is that when you put something through an encryption algorithm that doesn't end up doubling or tripling the amount of data you have to put on The Wire asymmetric encryption has the unfortunate property

called Cipher Tex expansion where typically what you end up encrypting with asymmetric encryption ends up being larger sizewise to what you initially had as your plain text and finally a weakness of symmetric encryption is that since you're using the same key on both sides that secret key must be shared that's a problem because you have to figure out how do we get the same key on either sides of the wire in a secure way therefore symmetric encryption is considered less secure than its asymmetric counterpart with asymmetric encryption that private key never has to be shared

you never need to send that to anybody else therefore since that key never needs to be shared it ends up being more secure than its symmetric Counterpoint now these strength and weaknesses make symmetric encryption and asymmetric encryption ideal for different USAG symmetric encryption is ideally used for bulk data protection that is if you want to send a bunch of data from one party to the other you want to use symmetric encryption it's faster it's more efficient but unfortunately you have the problem that it is a little bit less secure if however you only need to

send a smaller data set then go ahead and use asymmetric encryption because it's more secure and since you're only using a smaller data scent you're not taking that big of a hit in so far as its slowness or the cipher text expansion so keep these strength and weaknesses in mind because in the next lesson I'm going to show you how we use the strength of one to compensate for the weaknesses of the other otherwise the last thing I want to show you in this lesson is just a few asymmetric and symmetric encryption algorithms just so

you know which are which this list is a bunch of asymmetric encryption algorithms DSA RSA Diffy Helman elliptic curve DSA and elliptic curve Diffy Helman those are all asymmetric encryption which means they are more taxing on CPUs and involve values known as public keys and private keys and these are a list of symmetric encryption algorithms which means they are less taxing on CPUs and require the same secret key on either side of the w wire now notice Dez and rc4 are in red that's because these algorithms have been considered completely insecure by today's standards generally

with symmetric encryption algorithms the bigger the key size the more secure the algorithm but that isn't always the case notice triple de over here has an advertised key strength of 168 bits but it is considered at best secure is it's definitely a better choice than using Dez or rc4 but ideally you start moving to using a and ChaCha 20 as the symmetric encryption algorithms you choose now the key sizes for the asymmetric encryption algorithms varies by different implementation and usage just to give you a comparison though the recommended key size for RSA is 248 bits

so hopefully that shows you some of the difference in so far as the key sizes between symmetric and asymmetric algorithms recall on the last slide I told you that the key sizes for asymmetric description was much bigger and so hopefully this proves that either way that's it for this lesson the main takeaways are understanding key based encryption and the difference between symmetric encryption and asymmetric encryption to include the strength and weaknesses of each in the next lesson we're going to pick apart asymmetric encryption in more detail we're going to show you what you can do

with public and private keys but that's it for this lesson I hope you enjoyed this video I want to thank you for watching and I'll see you in the next lesson hey YouTube If you enjoyed that lesson then you'll also enjoy the full full course that I came from practical TLS it's a deep dive into SSL and TLS taught methodically and intentionally full of easy illustrations and in the simplest way possible you'll get to learn cryptography certificates private Keys the handshake open cell and everything you need to become ANL expert to learn more check out

packet.net TLS and if you need more convincing that this is the best TLS training course then check out the other free lesson previews on YouTube thank you and have a great day