Third party cookies may be stored when visiting this site. Please see the cookie information.

Penguin Fortress YouTube Channel

Video transcript: Introduction to Cryptography part 3

This is a transcript for a video linked here: Introduction to Cryptography part 3.

Video transcript - Introduction to Cryptography part 3

00:00:00.360 --> 00:00:03.960

this is the third of my videos on 

an introduction to cryptography  

00:00:04.560 --> 00:00:09.360

I've already covered some of the basic theory 

of cryptography including an explanation of  

00:00:09.360 --> 00:00:13.800

symmetric and asymmetric encryption in 

this video I'm going to look a bit deeper  

00:00:13.800 --> 00:00:18.780

into different modes of operation in effect 

different ways that the encryption is performed  

00:00:20.040 --> 00:00:25.980

I'm only given an overview in this video and some 

of the examples that I share may be simplified

00:00:29.280 --> 00:00:35.160

what do I mean by mode of operation it's ways 

that the algorithms transform data to increase  

00:00:35.160 --> 00:00:40.620

complexity and hence better security it 

makes it harder to attack the algorithm

00:00:43.020 --> 00:00:47.340

the modes of operation covered 

are electronic code book mode  

00:00:48.000 --> 00:00:54.720

Cipher blockchain mode Cipher feedback 

mode output feedback mode counter mode  

00:00:55.500 --> 00:01:03.480

and the galois counter mode all have advantages 

and disadvantages depending upon the situation

00:01:08.040 --> 00:01:13.320

the electronic code book mode 

which encrypts in 64-bit blocks  

00:01:13.920 --> 00:01:17.280

this is the simplest form of 

mode but also the least secure

00:01:19.920 --> 00:01:23.040

as each 64-bit block is encrypted the algorithm  

00:01:23.040 --> 00:01:25.920

combines that with the key 

to get the encrypted data

00:01:28.080 --> 00:01:34.080

it then takes the next block and encrypts 

that one of the problems is that if it  

00:01:34.080 --> 00:01:38.400

encounters a repeated block then it 

will be encrypted to the same value  

00:01:40.380 --> 00:01:44.760

this provides an opportunity to crack 

the encryption with sufficient data it's  

00:01:44.760 --> 00:01:48.900

possible to create a code book with the 

different values then use cryptographic  

00:01:48.900 --> 00:01:53.220

techniques to decipher some of the blocks 

and eventually to break the encryption  

00:01:54.420 --> 00:01:59.640

this vulnerability makes electronic code book 

modes insecure except for very short messages  

00:02:00.480 --> 00:02:03.780

it can be used for exchanging keys 

and parameters to enable other  

00:02:03.780 --> 00:02:09.780

encryption modes or for encrypting cells in 

a database but otherwise it's not recommended

00:02:13.020 --> 00:02:18.240

Cipher block chaining adds an additional level 

of complexity combining the current block with  

00:02:18.240 --> 00:02:27.960

the previous block the symbol shown here indicates 

an exclusive or operation otherwise known as xor  

00:02:28.920 --> 00:02:34.440

the first block is xored 

with an initialization vector  

00:02:35.160 --> 00:02:38.880

then goes through the encryption 

algorithm given the first encrypted block  

00:02:39.960 --> 00:02:44.940

the key is used by the encryption algorithm 

here but it's not being shown for Simplicity

00:02:47.040 --> 00:02:54.000

the second block is then xored with the first 

blocks output before passing it through the  

00:02:54.000 --> 00:02:59.580

encryption algorithm and the same for 

the third block and subsequent blocks

00:03:01.800 --> 00:03:05.460

this is more secure than 

electronic code book encryption  

00:03:06.000 --> 00:03:09.900

but it does have a disadvantage 

in that if the data is corrupted  

00:03:09.900 --> 00:03:14.820

during transmission then it will prevent 

all subsequent data from being decrypted

00:03:18.840 --> 00:03:23.940

Cipher feedback mode is a streaming Cipher 

version of the cipher block chaining  

00:03:24.840 --> 00:03:30.960

starts with an initialization Vector which is 

n-bits long this could be considered a seed  

00:03:30.960 --> 00:03:36.360

for the algorithm the initialization Vector 

is passed through the encryption algorithm  

00:03:37.080 --> 00:03:47.340

but then only the first s bits of the data is used 

to provide an encrypted block using S-bits of data  

00:03:48.300 --> 00:03:54.300

which is xored with this s-bits from 

the output from the encryption algorithm  

00:03:55.860 --> 00:04:01.680

the next block of data starts with initialization 

Vector but shifted to the left so effective  

00:04:01.680 --> 00:04:07.140

this right most part of the initialization 

Vector becomes the left hand part of here

00:04:09.300 --> 00:04:13.320

and this is combined with 

the previous encryption block  

00:04:14.340 --> 00:04:19.440

this goes through the same encryption algorithm 

obviously the key is used at that point as well  

00:04:20.340 --> 00:04:27.600

and then only aspects is used to combine 

through the XOR with s-bits of data to  

00:04:27.600 --> 00:04:31.320

create the next encrypted block and 

so that carries on through the chain

00:04:34.800 --> 00:04:39.720

output feedback mode is a stream in Cipher 

and it's similar to Cipher feedback mode  

00:04:40.380 --> 00:04:45.660

instead of taking the output from the encrypted 

data to uses the seed for the next block  

00:04:47.460 --> 00:04:56.280

the right part of the seed comes from the 

output to the encryption algorithm instead

00:04:58.560 --> 00:05:01.320

and this is before it's xored with the data  

00:05:02.280 --> 00:05:07.740

and this removes the data from the 

subsequent entries removing the chain in  

00:05:07.740 --> 00:05:12.960

means that a single transmission error will 

not prevent the decryption of future blocks

00:05:15.780 --> 00:05:22.260

counter mode is another form of streaming 

Cipher it uses a nonce which is a one-time  

00:05:22.260 --> 00:05:28.740

unpredictable value essentially the same as 

the initialization Vector that we used before  

00:05:29.880 --> 00:05:33.660

it combines that with a counter value 

and then that is used through the  

00:05:33.660 --> 00:05:37.380

encryption algorithm xored with the 

data to provide the encrypted block  

00:05:39.360 --> 00:05:47.580

the next block uses the same nonce value but then 

uses a counter as well and increments that counter  

00:05:47.580 --> 00:05:53.280

and then performs that and again it includes 

meant to counter a third time for the next block  

00:05:53.280 --> 00:05:59.700

and onwards and this means that there's always 

a unique output from the encryption algorithm  

00:06:00.840 --> 00:06:06.780

each time but it avoids the chaining issues 

that we had with the earlier our examples  

00:06:07.740 --> 00:06:12.720

also allows the encryption or decryption 

and operations to be broken up into multiple  

00:06:12.720 --> 00:06:19.620

independent steps which means that this method 

is well suited for use in parallel processing  

00:06:21.000 --> 00:06:27.540

the galois counter mode uses the counter mode 

encryption method but adds Integrity checking  

00:06:27.540 --> 00:06:36.780

so this part is all the same as the previous 

examples and then this Integrity checking is  

00:06:36.780 --> 00:06:41.580

used to ensure that the data is received 

as intended I've simplified this diagram  

00:06:41.580 --> 00:06:48.480

by omitting the generation of the first hash and 

the final hash these use an initial hash generated  

00:06:48.480 --> 00:06:54.180

using all zeros and at the length end of the 

sequence the length is incorporated into the hash  

00:06:55.140 --> 00:07:00.180

authentication tags can also be added to 

the encryption process again I've skipped  

00:07:00.180 --> 00:07:06.120

that to keep this diagram simple this is 

known as authenticated mode of encryption  

00:07:06.120 --> 00:07:11.640

whereas the others only provide confidentiality 

and are therefore known as unencrypted promotes  

00:07:13.500 --> 00:07:18.180

there are other modes many of which are just a 

specific variation of another example already seen  

00:07:18.960 --> 00:07:24.300

one example noticeable for its length of its 

name is counter with Cipher Block Chain in  

00:07:24.300 --> 00:07:29.820

message authentication code mode this is 

similar to The galois Counter mode in that  

00:07:29.820 --> 00:07:35.640

it combines a confidentiality mode with 

a data authentication mode so that's just  

00:07:35.640 --> 00:07:41.400

another example of an authenticated mode of 

encryption that can be used there are others

00:07:44.100 --> 00:07:47.100

this has covered the theory 

of how encryption modes work  

00:07:47.760 --> 00:07:52.260

it showed that there are pros and cons to the 

different modes depending upon the complexity  

00:07:52.260 --> 00:07:56.580

and suitability for streaming as well as 

whether the mode includes Authentication  

00:07:57.360 --> 00:08:01.560

I'll be covering more about cryptography and 

different encryption algorithms in future videos  

00:08:02.160 --> 00:08:06.720

if you haven't already subscribed please do 

so click the notification icon to get notified  

00:08:06.720 --> 00:08:11.340

about my future videos thanks for watching I 

look forward to seeing you in a future video

Previous Application Security Testing
Application Security Testing