Blog Post

Crypto Primer: Understanding Encryption, Certificates, Public/Private Key & Digital Signatures

Download this episode

Download Video

Description

If you Bing (or Google!) "Crypto Primer", an article I wrote on my blog some time ago will come back as the first result. It seems to have been a very popular read and is linked from all over the Internet. From the email I've received about it, I think people have always been vaguely curious about what goes on under the covers when they use certain security APIs, or have to set up certificates in a specific order and that blog post explains it.

Well, now I've created a video; a "cartoon" if you will, of the blog post which explains crypto in animated form. You should walk away with a good understanding of how public/private key works and why things like digital signatures, certificates, hashing, CAs, PKI and so on end up as part of the crypto conversation. Maybe if you find it very intriguing, you might want to watch it then read the article at your own pace.

Hope you enjoy the video.

Tag:

Encryption

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      bPratik

      Great talk, thank you! Smiley

    • User profile image
      Planky

      Thanks bPratik. Hope it helped your understanding...

    • User profile image
      carstenbh

      Collisions for MD4 have been known for more than 15 years. These days finding a collision takes less than one second. Likewise, collisions for MD5 can be found in less than one minute. Both are considered totally broken from a security point of view.

      Amateurs shouldn't be writing about cryptography.

    • User profile image
      Planky

      Hi carstenbh,

      Thanks for the insight. I had considered posting some example collisions - there are examples on the net. Ron Rivest predicted collisions for MD4 many years before it was released, which was 23 years ago and the creation of collisions for fixed-length function outputs have been known for many hundreds of years.

      Yes - there are groups who assert that MD4/5 are broken, with the availability of modern high-speed computers. MD4/5 are still heavily used as the digest in many systems and protocols so I guess we live with what's out there in the real world. We have to be realistic about what we want to change and what's already in circulation

      What you say about finding MD4 collisions is interesting. When you say they "can" be found in less than one second do you mean "it has been shown to be possible to do it in less than 1 second" or "you will find a collision in less than 1 second". I didn't know that, if it's the former. Could you post some example code that would do it? - and I'll add that factoid in to the video. It'd certainly make it more interesting showing a demo spewing out MD4 collisions at 60 per minute! That'd be incredible!

      "Amateurs shouldn't be writing about cryptography" - I guess you can please all of the people some of the time, or some of the people all of the time - but you can't please all of the people all of the time Sad 

      Thanks for the expert insightful observations on MD4 collisions.

      Planky

    • User profile image
      Captain K

      Your vid is a great intro to crypto. You don't say anything in it that's wrong. It's just that since the widespread use of GPUs it's become possible to calculate hundreds of millions of hashes a second. Also there are weaknesses in MD4/5 that allow you to calculate collisions directly - not sure how fast you could generate them though. You'll see MD4/MD5 used less and less as time goes forward in preference to other hashing functions.

      It's a good vid that does a good job of explaining what most see as a black art. You demonstrate the math but you even emphasize that you don't understand why it works that way. I say that's enough for most people. It's not the math that's important to developers who use crypto APIs, it's the principles. That's what your vid captures.

    • User profile image
      MichaelB

      I wish I'd watched this before I tried to get SSL working on IIS. It all makes perfect sense now. It's more than I need to know but it fills in all the blanks and I'm sure it's given me the background I need to troubleshoot next time I get a certificate error...

    • User profile image
      Devildev

      planky (weird name but cool) this is a really good overview. i saw the written version on your blog too. ive sent lots of workmates to have a look and watch the vid. neat job. its untangled lots of questions I used to have. thanks.

    • User profile image
      gforguru

      one of the best explanation i read recently. thanks.

    • User profile image
      Linkyy

      Really great explanation, thank you!

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.