CompTIA Security+ SY0-601 – 2.9 Basics of cryptographic concepts
March 25, 2023

1. Introduction to cryptography

In this video, we’re going to be talking about cryptography. So cryptography affects all aspects of your life in the digital world. There is no way the digital world that we live in today would have been what it is today without cryptography. Imagine a world where no data is encrypted. That means there would be no ecommerce transactions. There would be no way for you to check your health records online or even the doctors will be able to store it. In fact, if there was no cryptography in the digital world, there probably wouldn’t be very much of it.

So in this section, we’re going to explore all the terms and the processes you’re going to need to understand about cryptography in order to pass your exam. So let’s get started. What exactly is cryptography definition? Cryptography is defined as the art and science of hiding the meaning of information. Okay, let’s stop right there. So what exactly does this mean? Basically, we’re hiding the meaning of information. I forgot to mention the end part of that from unintended recipient.

 So cryptography is the ark and science of hiding the meaning of information from unintended recipient. You see, cryptography definition is pretty simple. Basically, if I want to get a message to a receiver, I’m going to encrypt the message, send it to the receiver, and only the receiver should be able to decrypt the message. Now this brings me to some words we’re going to be using a whole lot of, and those words are going to be cipher text and plain text and the process of encrypting and decrypting. Let’s get that out of the way really quickly. So remember the definition, the hide and the meaning of information from unintended recipient. So in cryptography, it’s pretty simple. All we’re going to be doing is we are going to be taking plain text. Now, plain text is message that is readable message that’s human readable by us. We’re going to encrypt it with algorithm and keys, which will come to later and that will give us ciphertext. Now, ciphertext is message that is not readable, message that cannot be read. And then when the intended recipient gets it, they will decrypt it. When they decrypt the message, they will then get the plain text. That way, if any, let’s say a hacker. Hacker, my handwriting is always so bad.

 I guess my hacker, not my hacker. A hacker intercepts the message. What they would get is a cipher text. And they’re not going to be able to decrypt that because they’re not going to have the decryption keys. This of itself is the basis of cryptography. We basically want to take messages, we want to encrypt it to get ciphertext, have the ciphertext traverse the network, let it get on its way, and then when it reaches the intended recipient, they’ll be able to decrypt the message and get back to plain text.

 This isn’t the basics of what cryptography is all about. Now, there are a bunch of terms in this section that we’re going to have to be going over. Things like and this is just the introduction of things that we’re going to be covering. We’re going to have to talk about what exactly are keys and algorithm, how those work together. We’re going to have to talk about symmetric and asymmetric encryption. We’ll talk about hashing and how we can combine all of that to form things like digital signatures, public key infrastructure and certificates and a variety of other miscellaneous terms here and there. So I want you to sit back, relax, take out a pen and paper, make some notes, and let’s some fun in the world of cryptography.

2. Goals of cryptography

In this video I’m going to be talking about the goals of cryptography. So let’s get started. Now, cryptography basically has four goals that we need to know for our exam. And it also misses a really important security goal that we also need to know. For example, let’s take a look. So cryptography has four main goals. It’s confidentiality, integrity, authentication, and non repudiation. Can you guys think of a very important security goal that I don’t have listed here? Did you guess it correct? Hopefully it did. Availability. First of all, let me just start off by saying encryption really has nothing to do with availability. When you think of availability, think of things to keep services running. If they drop, think of rate systems, redundant power supply ups, generators, clusters and load balancers and so on.

Those are availability. But when it comes to confidentiality, it does not address that. So let’s go back here to our four goals. So, confidentiality, integrity, authentication, and non repudiation. Now we have to understand why in depth. Let’s start with confidentiality. Confidentiality in its definition is about keeping secret things secret. Only the intended recipients should be able to view the information. Well, if you think about it, that really is what encryption is all about, right? If you think about this, if Mary wants to give data to Bob, now in the world of confidentiality, if Mary wants to give it to Bob, then Bob should be only the intended recipient to view that information.

 So how does Mary do it? So Mary encrypts the data, gives the decryption key to Bob. So now when Bob receives the data, bob will be able to decrypt it and only Bob should be able to decrypt it. If Joe the hacker is listening, he wouldn’t be able to decrypt the data because he doesn’t have the decryption keys. So in the world of cryptography, when you think of cryptography, really think of confidentiality. It’s really what it’s about. And what type of cryptography does this symmetric cryptography is generally used to encrypt data, but we’re going to be encrypting those symmetric keys with asymmetrics. So we’ll say for now, symmetric and asymmetric. Encryption does confidentiality, or at least it works to help do confidentiality.

The next goal we’re talking about is integrity. Integrity is about modification. Encryption allows us to detect modification in the information. One way of doing that is with cryptographic hashes.

Later on in the course, we’ll take a look at hashing and how that affects data. I’m actually going to use hashing algorithms and you’ll actually see that as I’m typing the information and modifying it, you’ll see how the hashes is detecting the modification. So cryptography is a big help when it comes to integrity. The next thing it does is authentication. So encryption in the world of public key infrastructure helps us with encryption. I’m sorry, authentication. Let me show you why. So when I go, if I open my browser and I go to amazon. Here I am at Amazon. Now, most of us know Amazon authentication as we, the user, authenticate into Amazon. How do I authenticate to Amazon a username and a password, right? But how does Amazon authenticate to us? How does this computer know that this is Amazon, right? Amazon needs to authenticate to me, to my browser, to let it know, hey, I’m legitimately the Amazon. That’s done with digital certificates. See right here? This is a lock at the top.

 If I go here and I click on certificates, here are these certificates. This certificate is what’s proven the identity and ensuring the identity of Amazon to me. So digital certificates are ways to help prove authentication. So remember, when using certificates, this is what’s going to help us to determine if that entity is who they say they are, like Amazon say that they say they are Amazon. We’ll get to digital certificates. When we get to the whole topic of public key infrastructure, you get an in depth understanding of how that entire process works coming up later in the class. The other one is nonrepudiation. Nonrepudiation, by its definition, is a subject cannot deny that an event has taken place. Well, how do you do that? This is done in cryptography with a digital signature, which is a combination of hashing and asymmetric encryption.

We’ll take a look at more in depth to that, of course, later in the class. But here’s what it means. So if I digitally sign an email and I send it to you, you will be 100% sure it came from me and I’ll be able to prove it came from me. That way I can’t deny that I didn’t send it. You’ll be able to prove that, hey, I did send it. And that, by its definition, is non repudiation. So these are the four main goals of cryptography confidentiality, integrity, authentication, and non repudiation. Okay, hopefully you’ve learned a lot in this particular video. Let’s keep on going and learn more into the world of cryptography.

3. Algorithm and Keys

In this video, I’m going to be talking about cryptography. What are algorithms and what is keys? Now, we already defined the word cryptography in the previous video, is the art and science of high and the meaning of information. In this video, what I really want to do is explain to you guys algorithm versus keys. And you got to understand how this thing works together, because algorithm and keys, you’re going to hear a lot of you guys can hear a lot of 128 bit, 256 bit encryption. What does that mean? Well, in this video, we’re going to figure it out. So before I get into it, I’m going to go back in time a couple of trillion years when Julius Caesar was alive, and we’re going to learn about I’m going to show you guys something called the Caesar cipher. So we’re going to learn about Caesar cipher today.

 Now I show students Caesar cipher because Caesar cipher is a great old school cipher that you shouldn’t be using today because it’s easily cracked. But it helps to illustrate what is an algorithm versus what is a key. So here’s the definition. The algorithm is basically the rules to incipher and decipher text. You also have the key. Now, the key is really what’s going to be what the algorithm is going to be using in order to incipher and decipher the text. So just remember that. You’ll see what I mean? I know it sounds kind of weird when I say those things, but you actually got to see it. Let’s go back here to my trusty desktop, and we’re going to look for Caesar cipher. All right? So we’re going to go online. We’re going to go online. We’re going to get a Caesar cipher. Where’s my browser? Here we go. So I got a great tool here. It’s obviously misspelled the hell out of that word. Let’s tool here. Okay, so it’s called xarg. org. That’s the one on Google that I found. And there’s many of these things online that you can find. See the site for decryption tool. It’s highly known, it’s highly used because a lot of educators use it. A lot of people use it. Just to illustrate the concept, I’m just going to show it to you really quickly because it’s really easy to understand. And then we’ll discuss it. So what this thing does is basically rotates the alphabet. It’s known as what is called an offset algorithm. And the key is basically the number that is being offsetted by. So let me just show you what it means.

 If we do A-B-C. Let’s say this is your plain text. You decided to offset the alphabet by three places. A would become D and A, B would become E, and A C would become F. You see, if you offset it by four, you rotate the alphabet by four. Now, a become E, B becomes F. If you rotate this by five, a becomes F and so on. So you could see how this is now basically it’s pushing everything over by how many other places you select by the key. So if I take all of this data and I copy it and I paste it here and I say, you know what, I’m going to rotate this by ten places, basically it’s going to rotate everything here by ten. Now what happens if it gets back to X? If it gets back to the later part of the alphabet, X-Y-Z then it just keeps going ABC, you can see that. See right now Z is at P. But if I was to rotate this by eleven, now P is A, so it just keeps rotating around the alphabet.

 That is all this thing does. So if you ever wanted to send a message to someone in an email, right, if you ever wanted to send a message to someone in an email, you can actually use this. Most people would know what they look, what they’re looking at. If they just see text like this at the bottom of the screen, they would know what they’re looking at. But you would know because you use Caesar cipher. Okay? So this is what this basically does, and this is going to teach us a lot of things. First of all, the algorithm. So the algorithm is the rules. So the rules here to encipher and decipher is to rotate the alphabet going forward to rotate the alphabet going forward to encrypt the data.

 Now to decrypt the data, you just rotate the alphabet to going back. So the algorithm would say that, hey, go forward to encrypt, go backwards to decrypt on the alphabet. Now the key that’s being used is the number of rotations, right? How much you’re going to offset it by. So this brings me to a very important concept in cryptography. Now, I’m not going to get into the principle, you don’t need to know it for your exam. But there is a cryptographic principle we follow called Kirkhoff’s Principle. Now, Kirkov principle basically states that everything in the cipher system should be public except the key. It should be secure and it should be public except the key. Which means that we know the system you’re using, we just don’t know the key. Like, for example, later on in this class when we get to PKI and how certificates work and all that good stuff, you’ll know how it works, you’ll see the process, you’ll know how the SSL handshake works. You’ll know the algorithm, you’ll know, I’m encrypted with AES, so you know the algorithm I’m using. What you don’t know is the key.

 So the key is the secret. What’s actually doing the encipher and deciphering is the algorithm, right? The algorithm is the rules that say do this, do this, do this, to take the plain text and turn it into ciphertext. And the algorithm is also saying do this, do this, do this to take the decipher text, turn it back into the plain text. But you need that key, right? The key is really important that you can’t encrypt the data. So you always got to keep your keys secret. Let’s talk about this cipher. Caesar cipher is known. Now, I’m going to give you a whole bunch of words, all right? So a whole bunch of words. Just follow me on this. CD cipher is a symmetric substitution, rotational alphabetical cipher. Okay? So symmetric substitution, alphabetical, rotational cipher. Well, let’s break all those words down. First of all, it’s an alphabetical cipher because it uses the English alphabet. It’s a rotational cipher because it literally rotates the alphabet, but it is a symmetric substitution.

Now, the word symmetric means the key that’s using to encrypt. It the same key using to decrypt. We’re going to cover more symmetric encryption coming up in another video. But for now, just remember, symmetric encryption is what we really use to encrypt data today. So in symmetric encryption, the key using to encrypt the data is the same key that’s going to be using to decrypt the data. The other word I mentioned was substitution. This is known as a substitution cipher because what it’s doing is basically substituting characters. Look. This I became an S. This F became a P. So this here would be substitution. Again, this Y is being substituted for this I.

The opposite of substitution is going to be transposition. Transposition ciphers takes plain text data like the word war, WA, R, and jumbles it up. It becomes AWR or R-E-W. So the letters are still there. They’re just in different order. You have to reposition them. You reposition the plain text to get the ciphertext and reposition the ciphertext to get back to plaintext. In today’s world, algorithms that we have today does multiple of these substitution and transposition we call rounds of encryption. You’ll see, you’ll hear, but you’ll hear those terms coming up more a little bit later. You know what else I’m going to talk about here is we are going to make sense of what we see in today’s world algorithms. You guys heard of AES 256 bit AES 128, bit RSA 1024, 2048 bits.

What does that mean? Well, first of all, let me just say this. In today’s world, we do not use alphabetical ciphers, right? This is Caesar ciphers and alphabetical ciphers. In today’s world, we use what is known as binary, right? Everything is a bit binaries. Ones and zeros are bits. So in today’s world, we’re going to use these types of ciphers, and this is going to allow us to create a large amount of keys. This is an important concept. You see, in the world of cryptography, cryptography’s worst enemy. The one thing that could absolutely break your cryptography is the attack called a brute force attack, in which case they guess all the keys. So if I was to encrypt data, and if I was to encrypt data with Cesar cipher.

 And I was to give it to you. And you remember the principle, corkov’s principle is, I’m going to tell you I encrypted with Cesar site firm. Can you defeat it? And the answer is easy. Yeah, Andrew, I could break that because there’s not a lot of keys to try, right? You see, in see the cipher, there were 25 usable keys, right? So you could encrypt data all the way up until key number 25, and you still get what looks like cipher text. Key 26 a literally rotates back to A. So it was really just 25 usable keys you really could have used. So a brute force attack was easy. To break this, in other words, you only have to try 25 times, right? If you know I had to use a cipher, you only have to try 25 times to break this. This was pretty easy. So in today’s world, with these binary ciphers that we have, like 128 bits, these are giant numbers, and brute force attack just doesn’t work against them. That’s not it doesn’t work. It would take too long to work against them because there’s just so many keys. Let me explain to you guys. Let’s take a look here at my drawing pad. And we’re going to come back here to this here. Here’s a Kirk off principle I wanted to review. It’s a cryptographic system should be secure even if everything about the system is public. So we just mentioned that, all right? Everything about the system is public except the key.

So we always want to make sure the key is secret. All right, so I want to just to go over some things here with you guys. So when you guys see an algorithm, you guys are going to see an algorithm that looks like this. AES, 128 bits. This is how you see it. This is how we write it. What does that mean? Well, this here specifies the algorithm, and this here specifies the key size. Okay? So one is the algorithm, one is the key size. You may see des with 56 bit or triple des with 168 bit and so on. So in this particular one now we have to see what this means. So this is the algorithm, right? So this is going to be the rules to encrypt and decrypt the data. And 128 bit specifies the key size. This basically tells me how many keys there are. Now, 128 is a giant number. Let me just show you guys. What exactly does it mean? Now I’m going to make my own. Let’s say you have Andrew’s algorithm.

 We’re going to say AR, two bits. So this is my algorithm. It’s called the Andrew algorithm. What does it do? Don’t worry about that. All right, let’s not get into the math here, but let’s say I want you guys to tell me what is the two bit? So the two bit specifies the key size. Now there is a difference between the word key size size and the word key space. So you have key size and key space. Now the numbers are different, but the bigger the key size, the more the key space is. So look, how many keys does Andrew’s algorithm has, right? How many keys does Andrew algorithm has? Well, it’s two bits. Number of binary is ones and zeros. So Andrew’s algorithm would have four keys. And I’ll sure if you guys got that, it would be 110010 and one, that would be the four keys. Because with two binary digits, remember, binary is either one or zero. So the key size is two bits here. So the size is two bits. But this key space is four keys, right? Now the key space is really what’s important. But notice, as the size goes up, the spaces will go up too. So two bits is not good because if I’m going to be encrypted data, I’m going to have to use one of these keys because my algorithm is running on two bits.

 In fact, he decipher is better than my algorithm. At least he deciphered 25 keys. So if I said, hey, guys, I want you to decrypt my data, you only have to try four keys. But what if I say, well, I have three bits, right? Three bits. So three bits. Now how many keys would I have? It’s going to be what? It’s going to be 11100. And everything in between that to find the number of keys, actually you do. Two to the number of keys equals eight. That would be two times two times two.

 People always say, Why are you using two? Because it’s binary. It’s either a one or a zero. And this three represents the number of bits that you have there. So two to the three is eight. So we have eight keys. So hey, we’re getting better, but we’re still not better in a season cipher. But you see, if I increase this to four keys, four bits. If I make it four bits. Now my key size is four, four bits. Now two to the four. I’m not sure if you guys are good at math here, but it’s basic. Hopefully I’m not turning you off with the math here. It’s basic math, though. It’s 16. So that means the key size is four bits and the key space is 16 keys. So we’re getting, okay, we’re not still there at the decipher. But once I turn this into five, hopefully you guys are getting the point here, right? If I turn this into five and this will become two to the five, right? Two to the five would become 32. Now. I’m better than C Decipher. So the key space here, the key size would be what? The key size would be five bits. And this year would be 32 key space. Now the key space is important because what happens is we want to talk about this term called work factor. In other words, you want to have so many key, the key space must have so many keys that the brute force attack cannot work against it. Let me explain. It looks small now, but here’s how you should understand it. Every single time I added one bit, my point of doing all that, the Jews, every single time I added one bit, the number doubled. So, look, if I knew it was two bits, you had four keys.

 If it was three bits, you had eight keys, right? If it was four, it became 16. So it was two, 4816, 32. By the time I got up to six, I was up 64. If you keep on going, by the time you hit 32, if you had 32 bits, you’ll be up to 4 billion keys, which is still not a lot. They have some simple computers. You can do a million keys a second, be able to crack that. So it’s still not secure. But once you get to like 128 bits, like AES encryption, which is at 128 bits, AES, 128 bits. Now, the key space is two to the 128. This here would give me a number with I think it’s 3. 4 or 38 zeros or something like that.

 It’s times ten with 38 zeros. There some giant number. It’s 3. 4380, something like that. So it’s a giant number, which means that it is uncrackable in today’s world. With today’s technology, us human brains, minds included, can’t comprehend how big that number is. It’s just a giant space. No computer really on Earth that in this year of 2020 could potentially crack that. I’ll show you guys an article just for your sake. People always say to me, can you crack AES? There was some studies done on this. Let’s see if I can find a quick article here. Here we go. So crack AES, the first one that popped up.

 I show my students this, because you guys need to understand 128 bit algorithms are giant. They’re massive. If you’re thinking, if I was to ask you, how long will it take to crack AES? And you’re probably thinking maybe 100 years or 200 years, well, you’re about to fall off your chair. Watch this. So they took a supercomputer ten petaflops, which is very, very fast from a supercomputer. This thing will check number of combinations. This thing will check, what is that, 1010. 5 times? So it’s 20 10 trillion keys a second. This thing will check number of seconds a year.

They tell you. So AES has 3. 438 zeros, is the size of the key. How long will a supercomputer take to crack? AES is a billion, billion years. Keep in mind, not a billion, a billion billion. 18 zeros. Keep in mind the Earth is about 4 billion years old, and the universe is said to be 14 billion years old. This is a billion billion. So some, some of you might say, what if you put all the population on Earth, can we crack it? Well, they’re telling you here if every person has ten computers or 7 billion people on the average will crack it just with just to guess half the key, then the entire earth population can crack one encryption keys in this many years. So if you’re thinking that 128 bit, how big that number is now, you see it’s a giant number.

Okay, so interesting things here on bit strength and the size of the key, right? This is really important to know, not just for your exam, but in real life, because in real life you’re going to see something mark 128 bit encryption, 256 bit encryption. So, you know, hey, that’s the AES. That’s the algorithm. 128 bit is super secure. 256, even more secure. Just keep in mind something, 256 is not doubling the key space of 128. 1256 is doubling the key size. To double the key space of 128 is 129. Right? Remember, every time you added a bit, the key space would double. So to double 128, you would go to 129 to the 120 and 130. What happens when you get to 56? It’s just insane. If I remember right, 560, something like that. It’s some crazy number. It’s pretty safe to say that’s super secure. Okay, so those are bit spread because I’m going to be mentioning bits a lot more coming up here. Hopefully this made good sense to you. Hopefully it’s clarified a lot of terms for you so you can better understand algorithm and keys with it. Okay? Interesting stuff. Let’s keep going into more into the world of cryptography.

Leave a Reply

How It Works

img
Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
img
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
img
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!