This is a complete and comprehensive CompTIA Security+ Certification (SY0-501) course. It is designed to prepare you to be able to take and pass the exam to become CompTIA Security+ Certified.
Once you complete the course, you will have the knowledge and confidence to pass the CompTIA exam AND the skills to be a great IT security tech. This course is ideal as both a study tool and an on-the-job reference.
Your new skills and the CompTIA Security+ Certification will help you land a great IT security tech job. Or, if you are already a security tech, get that raise or advancement you are after.
Let me introduce you to my friends Alice and Bob. Now Alice and Bob want to send each other encrypted data. Now if you've been watching the episodes in order you've seen examples of encryption where we take some piece of plain text we use a key and then we encrypt it with that key and then we decrypt it with the exact same key. That's what we call symmetric encryption. So if Alice wants to encrypt something she's going to encrypt it with a key and then in order for Bob to decrypt it he's going to need the same key. And that is a big problem with symmetric encryption. You see with symmetric encryption it's easy to send the encrypted stuff from one person to another. But how do you send the key? And this is always a big problem. So the key that Alice and Bob are using right now to deal with this one particular bit of thing they're doing is going to be called a session key. They might use a different key later but for this one piece of encryption and decryption they're going to have one session key. So how does Alice get it to Bob? And well you've got some choices. The big thing we use when we talk about these forms of symmetric keys is the words in-band out-of-band. When we say in-band we're basically saying well I'm going to send the key with the encrypted data. Doesn't sound very smart does it. Well it isn't because if we were to send the key with the encrypted data assuming that Kirchhoff's principle is involved somebody could figure out the algorithm and decrypt it on their own. So sending stuff in-band is risky. Now we could go to out-of-band. For example Alice could get on her bicycle and ride over to Bob's. But then we almost kill the whole concept of wanting to do encryption right? Because in that case she could just send a letter or something put it in her back pocket and hand it to Bob. So this is a big challenge that we run into with symmetric encryption. Now what I need to stress to you right now is that symmetric encryption is the primary way that we encrypt data and I'm about to show you some very clever ways that we do things that allow us to exchange a session key without anybody being able to figure out how this works. So another term we run into is the concept called ephemeral key. An ephemeral key simply means a key that's temporary. In this particular case, Alice can invent a key out of the blue and she'll never use it again. And that way the key is simply temporary and never used. When you set up keys in such a way that knowledge of a key used in a previous session keeps you from being able to crack in a current session we call that perfect forward secrecy. So the beautiful part about ephemeral keys assuming that Alice can generate keys that are arbitrary to the outside person. Is that an ephemeral key, done right, always provides perfect forward secrecy. So if somebody cracked a session six months ago it's not going to do them any good today. So that's an important concept. So we still have the problem though of how do we exchange a session key? And to do that we do something that's absolutely fascinating. We do something that's called asymmetric encryption. Asymmetric encryption doesn't use a key. It uses, you ready, a key pair. So Alice is going to do is on her computer she's going to generate two completely separate keys. Now these two keys are known as a public key and a private key and the cornerstone of asymmetric decryption works like this. The public key is given to anybody. All right. And the private key is kept by Alice. In fact it's put on a protected part of her harddrive so that nobody can accidentally get to it. It's very protected. The public key is only used to encrypt and the private key is only used to decrypt. So let's watch how this works. So what'll happen is that Alice will generate a key pair and then she will send this public key she can send it in-band, she can do anything she wants, over to Bob. Now Bob with that public key he can take whatever he wants to encrypt, he will encrypt it with Alice's public key and the only person who can decrypt it is Alice because she has the private key. So it's actually fascinating where we have this public and private key. Now the downside to asymmetric encryption is that, let's use these, is that Bob can only encrypt and send stuff to Alice. Now if we want to reverse that process Bob is going to have to generate himself a public and a private key and we'll say the yellow is the public key. I'm going to put his private key over here and he can send this to Alice and send it to anybody who he wants to. And now Alice can now encrypt stuff for Bob and that way we can actually go through this process of creating these forms of encryption. Now the important thing you need to understand here is that it sounds that this asymmetric is going to be a lot better than symmetric and in many ways it is. The big problem is is that asymmetric encryption first of all it requires these key generations these keys have to be exchanged somebody has to keep track of where these keys are. So asymmetric while it works very well and it certainly protects your keys, the downside is that it is slow and a little bit onerous. So in other episodes we're going to see that we use asymmetric encryption not really so much to encrypt but to simply be able to exchange a session key in a secure way. And once that session is generated we go back to good ole symmetric encryption. So what you start to see is that we develop these fairly complex what we call cryptosystems. A cryptosystem is a very very defined piece of cryptography that programmers can use to actually get stuff done. If we were looking at that XOR encryption we talked about in another episode you would say stuff like the key has to be at a very thick size and you only run one XOR encryption. If we were doing symmetric keys a crypto system would define the key must be so long what are the different types of communication that go back and forth between Alice and Bob to properly do the exchange. What's actually going on on Bob's machine or Alice's machine to encrypt and decrypt. So cryptography may be algorithms and keys but a cryptosystem is a highly defined process that programs do that actually make cryptography work in the I.T. world. . . .