Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Crypto Primer: Understanding Encryption, Certificates, Public/Private Key & Digital Signatures

Download

Right click “Save as…”

If you Bing (or Google!) "Crypto Primer", an article I wrote on my blog some time ago will come back as the first result. It seems to have been a very popular read and is linked from all over the Internet. From the email I've received about it, I think people have always been vaguely curious about what goes on under the covers when they use certain security APIs, or have to set up certificates in a specific order and that blog post explains it.

Well, now I've created a video; a "cartoon" if you will, of the blog post which explains crypto in animated form. You should walk away with a good understanding of how public/private key works and why things like digital signatures, certificates, hashing, CAs, PKI and so on end up as part of the crypto conversation. Maybe if you find it very intriguing, you might want to watch it then read the article at your own pace.

Hope you enjoy the video.

Tag:

Follow the Discussion

  • Great talk, thank you! Smiley

  • Thanks bPratik. Hope it helped your understanding...

  • Collisions for MD4 have been known for more than 15 years. These days finding a collision takes less than one second. Likewise, collisions for MD5 can be found in less than one minute. Both are considered totally broken from a security point of view.

    Amateurs shouldn't be writing about cryptography.

  • Hi carstenbh,

    Thanks for the insight. I had considered posting some example collisions - there are examples on the net. Ron Rivest predicted collisions for MD4 many years before it was released, which was 23 years ago and the creation of collisions for fixed-length function outputs have been known for many hundreds of years.

    Yes - there are groups who assert that MD4/5 are broken, with the availability of modern high-speed computers. MD4/5 are still heavily used as the digest in many systems and protocols so I guess we live with what's out there in the real world. We have to be realistic about what we want to change and what's already in circulation

    What you say about finding MD4 collisions is interesting. When you say they "can" be found in less than one second do you mean "it has been shown to be possible to do it in less than 1 second" or "you will find a collision in less than 1 second". I didn't know that, if it's the former. Could you post some example code that would do it? - and I'll add that factoid in to the video. It'd certainly make it more interesting showing a demo spewing out MD4 collisions at 60 per minute! That'd be incredible!

    "Amateurs shouldn't be writing about cryptography" - I guess you can please all of the people some of the time, or some of the people all of the time - but you can't please all of the people all of the time Sad 

    Thanks for the expert insightful observations on MD4 collisions.

    Planky

  • Captain KCaptain K

    Your vid is a great intro to crypto. You don't say anything in it that's wrong. It's just that since the widespread use of GPUs it's become possible to calculate hundreds of millions of hashes a second. Also there are weaknesses in MD4/5 that allow you to calculate collisions directly - not sure how fast you could generate them though. You'll see MD4/MD5 used less and less as time goes forward in preference to other hashing functions.

    It's a good vid that does a good job of explaining what most see as a black art. You demonstrate the math but you even emphasize that you don't understand why it works that way. I say that's enough for most people. It's not the math that's important to developers who use crypto APIs, it's the principles. That's what your vid captures.

  • MichaelBMichaelB

    I wish I'd watched this before I tried to get SSL working on IIS. It all makes perfect sense now. It's more than I need to know but it fills in all the blanks and I'm sure it's given me the background I need to troubleshoot next time I get a certificate error...

  • DevildevDevildev

    planky (weird name but cool) this is a really good overview. i saw the written version on your blog too. ive sent lots of workmates to have a look and watch the vid. neat job. its untangled lots of questions I used to have. thanks.

  • one of the best explanation i read recently. thanks.

  • LinkyyLinkyy

    Really great explanation, thank you!

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.