A free video tutorial from Total Seminars • 500,000+ Enrollments
Home of Mike Meyers and his Team of IT Certification Pros
4.6 instructor rating • 30 courses • 283,935 students
In this episode, Mike goes over the goals and methods used in cryptography.
Learn more from the full courseTOTAL: CompTIA Security+ Certification (SY0-501).
Everything you need to pass the CompTIA Security+ SY0-501 Exam, from Mike Meyers. CompTIA expert and bestselling author.
18:57:19 of on-demand video • Updated March 2020
- This is a complete and comprehensive CompTIA Security+ Certification (SY0-501) course. It is designed to prepare you to be able to take and pass the exam to become CompTIA Security+ Certified.
- Once you complete the course, you will have the knowledge and confidence to pass the CompTIA exam AND the skills to be a great IT security tech. This course is ideal as both a study tool and an on-the-job reference.
- Your new skills and the CompTIA Security+ Certification will help you land a great IT security tech job. Or, if you are already a security tech, get that raise or advancement you are after.
English [Auto] Of any episode that I do in this entire series This is my favorite because this my friends is cryptography Cryptography is the science the study of taking data and making it hidden in some way so that other people can't see it. And then bringing the data back. So the big word we want to use when we talk about cryptography is taking some kind of information and providing confidentiality to that. Now we do this through a number of different ways. But the magic word I want to use right now is our view station obviously nation is to take something that looks like it makes sense and to hide it so that it does not make sense to the casual outside observer. Now there's a lot of different ways we can do obviously nation to provide confidentiality. One of the things we can do is diffusion. So here here's a picture of my grandson right here. Let's take a look at that. That's Steve and Andy gorgeous. So what I'm gonna do is I'm going to diffuse this image and make it fuzzier. Now in this particular case we didn't diffuse it too much. So if you look at it you could probably tell there's still a cute little kid there and he is cute but diffusion only allows us to make it less visible less obvious. Now what we can also do is confusion. So let's take that same image of Steve and one more time and just stir it up. Let's just make a mess out of it. Now in this particular case we've created a lot of confusion of the image it's basically stirred up and it would be very difficult for somebody to simply look at this and go Oh that must be Mike's grandson Steven. So the other challenge we have with cryptography is we go through this process of taking some kind of data and we go through this obfuscation process. But and here's the important one is that we've then got to take this obfuscated data and some way bring it back into its original form. So we call this encryption and decryption and cryptography is the process of making this happen. Cryptography has been around for a long long time. In fact probably one of the oldest type of cryptography has ever been around is something called the Caesar cipher. I don't know about you but when I was a little kid and I was eating a box of cereal you dump out the box of cereal you'd get some kind of prize inside and one of the things we'd get is called a secret decoder ring. So what am I to do here. Let's. Can we put up a picture of a secret decoder ring real quick. OK. So this is a classic old school kids decoder ring. Now what I want to do is I've made my own decoder ring right here and I'd like us to take a little peek at this guy and what you're going to see here is I basically got a wheel with all the letters of the alphabet A through Z and on the inside I've got letters the alphabet A through Z. So right now I've got them lined up a to a b to b c to see now what I can do to make a secret code is let's say I can turn this to I can rotate this two times. And what we can do is we can take our original plane information what we call the plaintext our message that we want to encrypt and we just change the letters. So we call this substitution. What we'll do is we'll take one value and substitute for another. Now in this case I've rotated it twice. So we actually have a term for this we call it our o t too just like that. And if I turned to three times it would be Aro T three. Now so we can take like the word ace A E and I can change ACA E to C G get the idea. So that's the cornerstone of the Caesar Cipher. So to convert something with a Caesar cipher and in fact let's just go through the process real quick. Now what I'm going to do. Let's put up a piece of plain text that we want to encrypt. We attack at dawn. So here it is we attack at dawn. Now first we are going to do get rid of all the spaces. So now just says We attack at dawn very readable. We don't worry about upper or lower case in this particular situation. Now let's go ahead and put our groovy little secret decoder ring up there and let's go ahead and turn it in this particular case five times. All right. So we're doing an R O T five. So let's turn it. One two three four five times. So now what we can do is by using the secret decoder ring we can go ahead and encrypt. We attack at dawn as follows. So what we now have generated is a classic Caesar Cipher. Now there's a problem with Caesar ciphers and the biggest problem we have with the more than anything else is that in fact people who by crossword puzzle books will pay money to be able to do this is that we can decrypt them. We can just by looking at them we can provide what's known as crypto analysis crypto analysis is breaking these encrypted codes. So the problem is is that anybody who's good at these things could pretty easily crack this. So the Caesar Cipher even though it is a substitution cipher it does have the problem is that it's just too easy to predict what this is because we're used to looking at words. So what I want to do is make it a little bit more challenging. The first thing I'd like to try to do is I want to bring in something called the Vision a cipher the cornerstone a vision a cipher is that it's really just a Caesar Cipher with a little bit of extra confusion involved. So what I've got here is a table that shows all the possible Caesar ciphers there are. So here up at the top we're gonna have the word plaintext. I'll show you how that works in just a minute and then you'll see on the far left hand side it says zero through twenty five. So these are all the possible ROTC values you can have from ROTC zero which means a equals a B equals B all the way down to ROTC. Twenty five. So what we're gonna do. Let's hold onto this for a minute. And now let's go ahead and start with a piece of plain text let's use we attack at dawn one more time. And what I'm gonna do this time is we're going to apply a key. The key is simply a word that's going to help us do this encryption. In this particular case I'm going to use the word face F A C E. Now what I'm gonna do is I'm going to put F A C E above the first four letters of We attack at dawn. So here we go. F AC and then I'm going to keep just keep repeating that so we put face again. I'm going to put face again and you'll see I've got two letters left over. No big deal I'll just put F A and what we've done is we have applied a key to our plaintext. Now what we're gonna do is we're going to use the key to change the Caesar Cipher Aro t value for every single letter. So let's go ahead and do this. Now what I'm gonna do is I'm going to reference my little chart here. So the first letter of the plain text is the W and we. So here's the W up at the top and the key value is F. So let's go down on the y axis here till we get to an F. Now you see that f you'll see the number five right next to it. So this is r o t five. So all I need to do is do the intersection of these and we get the letter B grade. Let's do it again. Now in this case the second time it's the letter E from we. And in this particular case the key value is a which is kind of interesting because that's ROTC. Zero. But that still works. So we start up at the top find the letter E then we find that a. And in this case because it's our O T Zero by coincidence e is going to stay as e let's do the third value. Now this time it's the A's in attack. So we go up the top there's a letter A and the key value is C is and Charlie. So we go down to the C that's our o t two and we then see that the letter A is now going to be C. OK let's do one more real quick in this particular case it's the first T and attack. So we come over to the ts and now the key value is E is is an FE So we go down here that's our O T for we do the intersection and now we've got an x. So the first four letters of our encrypted code is B E C X. So let's go ahead and run through and do the rest of these real quick. Just put those in for you and we have now encrypted in the vision a style so the beauty of the visa day is that it actually gives us all the pieces we need to create a classic piece of cryptography. Number one we have an algorithm and the algorithm are the different types of Caesar ciphers and the rotations. And second we have a key and the key allows us to make any type of changes we want within our t 0 to our to twenty five to be able to encrypt our values. Any algorithm out there is going to use a key in today's world. So when we're talking about cryptography today we're always going to be talking about algorithms and keys. Now the problem with the visa day is that well number one it's surprisingly trackable isn't that interesting. But the bigger problem is this vision a works just great for letters of the alphabet. Unfortunately it's terrible for encrypting pictures or sequel databases or your credit card information in the computer world. Everything is binary. Everything is ones and zeros. So what we need to do is come up with algorithms that provide the type of encryption and decryption we need to encrypt and decrypt long strings of just ones and zeros. Now if you look at a string of ones and zeros you go hot. How does anybody make anything out of this. Well they do that. You've got a string of ones and zeros may look like nothing to you to a human being but to Microsoft Word that could be a word document or it could be a voice over IP conversation or it could be a database stored on a hard drive. I don't know. But just because as human beings we look at long strings of ones and zeros and get confused. Trust me the computers don't what we need to do though is we need to come up with algorithms which unlike Caesar's or vision aids that will work with binary data. Now luckily for us there are a lot of different ways to do this. So what we're gonna do is I've got an example of a algorithm we're going to use that encrypts a simple phrase that we're going to we're going to convert those to binary by the way. And we're going to do this using a very interesting type of binary calculation called exclusive or for our first encryption. I'm going to encrypt my name. So here's my name. Mike M. IKB. Now the first thing we have to do is we're going to have to convert this to the binary that a computer would use. So I'm going to be using the binary equivalence of these texts values. So let me go ahead and convert these into their binary equivalents. And anybody who's ever looked at ASCII code or Unicode should be aware that we can convert these into binary. OK. So here we go. So here's M I K E converted into binary. Now notice that each character takes eight binary digits. So we've got thirty two bits of data that we need to encrypt. So that's our clear text. Now in order to do this we're gonna need two things First of all we're gonna need an algorithm and then we're gonna need a key. Now keep in mind what I'm making up is like the both simple version of encryption you can possibly do. So let's go ahead and first of all set up our algorithm. Now our algorithm is extremely simple using what we call an exclusive or. So here's the exclusive or this is what we call a truth table. So what I'm gonna do is I'm going to choose because this mike algorithm arbitrarily chooses this is I'm going to be using a five bit key. Now there's a reason I'm using a tiny tiny short key like this in the real world. Keys can be thousands of bytes long but for right now we're just gonna use a five bit key so to make this work let's start placing the key. So I'm going to put the key over the first five bits. So here at the letter M for Mike and now we can look at this table and we can start doing the conversion so let's convert those first two values. Then the next then the next than the next. OK. So now we've converted a whole keys worth but in order to keep going all we have to do is schlep that key right back up there. OK. In fact let's go ahead and extend the key all the way out. So now the key we just keep repeating it and you'll see here at the end it doesn't quite line up. No problem. Just add whatever amount of key you need to go ahead and fill up the rest of this. So there we go OK. So now we can go ahead and complete this. Now let's just do it fast. You can double check me if you want but as we go through here using the exclusive or algorithm we then create our cipher text good and spot check a couple of those for me and make sure I got them right OK. Beautiful now. So this is the ciphertext. Notice that we have an algorithm which is extremely simplistic. We have a key which is very very simple and short but we now have an absolutely perfect example of binary encryption not a decrypt this we'd simply reverse the process. So I'm not going to go through all that but appreciate that we would take the ciphertext play the place the key up to it and then basically run the algorithm backwards and then we would have the decrypted data so even though we've only seen three types of encryption so far. Keep in mind that these really do everything that we're going to be seeing in later episodes just a lot more complicated. Now a couple of things we need to think about here first of all what's interesting is that if we always have an algorithm and a key there is a gentleman named Auguste Kirchhoff who came up with a very very interesting concept Kirchhoff principle says this as long as you don't know what the key is to an encryption you can actually understand the algorithm completely. Now this is really really important. Today's big super duper encryption tools that we use out there to protect you on the Internet are all open standards. Everybody knows how the algorithms work. Now you would think wait a minute now if I know how the lock works in essence wouldn't I be able to pick it easier. And the answer is interestingly enough no. In our society by showing everybody the lock everybody can check the lock to make sure it isn't pickle. So when we talk about proprietary encryption everybody gets nervous because if we don't all know how the lock works we can't all test the lock to make it work. So Kirchhoff principle and something we stand to today simply says everybody knows the algorithm. But if you don't know the key it's not going to do you any good so the last thing I want to talk about in cryptography basics is the idea of what data are we encrypting. Because in the I.T. world data is all over the place. The first place we might think about is what we call data at rest now data at rest simply means something stored on a hard drive or on optical media or on a thumb drive or whatever it might be. And in these types of cases we encrypt the data when we put it onto the drive itself. So it sits on the stored media in encrypted format. The other one is called data in transit. So if I've got a voice over IP call or I'm sending a text message that data is moving it's going through the internets and all the different tubes and is that data to be encrypted while the data is in transit or not. This is a big issue. And the last one is data in process. So we take a big database and we pull it off of a hard drive and we start calculating on that database. So it's sitting in RAM or it's sitting in you. Those are important areas for us to consider when we're talking about cryptography. Where are we going to be encrypting and decrypting that data.