agreed

@@t3buron513 indeed.

Hmm, not sure I agree with you on that. As a student studying an IT degree having recently covered a module on cryptography, I was able to understand most of what he was saying, but if i came here with no background knowledge I would have been completely lost. I'm not criticising him or anything, that's just my opinion on the matter.

Truly the sign of somebody who has absolutely mastered their craft.

He is cool as a cucumber!

So thats why Dr. Mike Pound looked familiar xD

Nah Mike looks like HUGH GRANT / Frodo and I'm a big Toby McGuire fan but never thought of Toby looking like Mike. It's the Frodo Baggins look

brilliant but lazy 🤣

@@klyanadkmorr Elijah

@@AcornElectron I couldn't remember his name on the tip of my tongue but didn't feel like searching☺

I just paused the video to look for "this" comment. #wellDoneSir

very exciting

When I see Mike, I pound that like button.

:) Yes!

He is working full-time at a university so I guess this is just a side hustle for him

But if they are not the public key from your intended sender then they won't be able to decrypt the encrypted message from your intended sender. So, if the public key itself gets tampered you will know something's not right. Or did I miss something?

@@akashchoudhary8162 You could get fooled into accepting messages from a fake sender instead. So you need to obtain the public key from a trusted source.

@@lawrencedoliveiro9104 Interesting, thanks for the clarification

If I'm not wrong for that we use digital certificates

he reminds me more of Ralph Macchio in Cobra Kai

It works both ways: Encrypt with public key -> only decrypt through private key Encrypt with private key -> only decrypt through public key

Remember, the specifications of all standard crypto is out in the open. So virtually the only way of attacking a scheme like you said would be to wrongly implement it. And you'd still have to do it in a way that it's compatible with other implementations. Everything else would be noticed quickly for open source projects. For closed source, it get's harder to notice this, but not necessarily impossible. Many crypto algorithms use some source of randomness and their security relies critically on this randomness. If you could somehow implement a random generator where only you could predict it's values, that would give you the upper hand. For some schemes you might be able to recover the plaintexts this way. For example because you could predict the choice of secret key or of some information that is used to "cover"/blind the message. It's hard to describe this stuff without going into the details. If you propose a new algorithm, the situation is different, of course. But that is one of the reasons why cryptographers advocate so much for using standard and well-researched schemes. :)

He does in the video

@@nilen r/wooosh

would it by just a thousand times slower? if openssl can do 2000 private key operations per second with 2048 bit keys, that translates to about 480KiB/s throughput. With AES-128-GCM and AES-NI acceleration you should be getting something like 4GiB/s on the same CPU, so it's like 10 thousand times slower

@@666Tomato666 I remember seeing a factor of 3000 times, so you’re not too far off. Also remember you’re not comparing like with like: hardware acceleration for AES versus none for RSA.

@@lawrencedoliveiro9104 oh, true, but hardware acceleration for AES is very common, hardware acceleration for RSA is in custom hardware with price tag in the 4+ digit range (garden variety smartcards are not accelerators, they barely achieve 1op/s)

Hello Rob, this largely depends on the way this box is implememted. Usually these store a small amount of data such as the digital representation of the signature and a timestamp. Quite often this is not verified (even though possible via Timeservers). These basic signatures largely have only the effect of a tick in a checkbox.

@@WolkenDesigns Thanks for your reply. Much appreciated. 👍🏻

Sorry, this is actually the inbuilt compressor in Mike's camera. It sparked some conversation afterwards :) (when I ask a Q, his gain climbs and by the time he answers the compressor crashes in and the gradually eases off the gain until next question...) -Sean

@@Computerphile :)

I don't quite understand what you're saying. Your computer does generate a new digital signature every time it sends out a new message that requires it.

@@trogdorstrngbd Do you really? I have been "digitally signing" Windows drivers for _years._ You generate the signature _once,_ then attach it to every instance. Embedded firmware tends to be even worse: you do not even generate a new signature for every release. You get _one_ for a company and every firmware release from that company is "signed" with the same one. As I say, they are more like rubber stamps than "signatures".

@@olmostgudinaf8100 I see what you're getting at now. I was focusing on that a new signature is generated every time for a _new_ file, whereas you're focusing on the signature being the same (and therefore more like a stamp) when the _same_ file is being distributed over and over to different computers. Note that I am making a distinction between the signature (different for each file) and the Code Signing Certificate (which the company uses over and over until it expires).

Yeah, I love Numberphile, but the merger on butcher paper sound can get annoying. @(>~

A little late to the party, but I think the explanation is this: C tries to decrypt the document signed by B with A's public key. This won't yield the correct results, as it was not signed with A's private key. Of course this means that the public key that C has from A is not tampered with. This is the job of PKI (Public Key Infrastructure)

Well, A would try to decrypt the email/file with B's public key, and it wouldn't work because it would be signed by M instead of B

Actually, I think they all do. Wasn’t DSA designed as an alternative to RSA that was only useful for signatures, not encryption? And didn’t somebody discover that you could use it for encryption, albeit very clumsily and inefficiently?

@paulo Ebermann where can I go study how Signatures really work?

What are "most signature schemes" that don't use public/private keys?

@@Theferg1 There's an excellent textbook by Jonathan Katz on that topic simply called "Digital Signatuers". Another book by Katz "Introduction to Modern Cryptography" would be a better start if you're new to crypto, though!

Thank you, happy to see someone else comment this! Exactly my thoughts! I don't know understand why this analogy is still being used either.

Every get an answer to this? +1

A bit late but I believe the client also sents its public key to the server. So the server encrypts the response with the client pub key and only the client can decrypt it with its private key

Because of the digital certificates, that will contain the public key and also the digital signature

​@@estebangomez1823 we can still emit false certificates too

1) Avoid using Microsoft Windows.

@Dusty 99 If avoiding unnecessarily complex OSes is “lazy”, I don’t wanna be hardworking!

@@lawrencedoliveiro9104 Most people don't have a choice about this, as some of the software people need is proprietary Windows stuff. And Apple like their customers' money just a bit too much.

@@WujuStyler So far the only ones insisting on using Windows are gamers.

Arent hashes one way functions how would you decrypt that

@@Ort618 I was trying to understand how assymetric encryption (Public & private key) worked. I understand it now. Pretty simple when I realized both the client and server would participate.

That’s basically what a Certificate Authority will do as a third party

@@leahblack4417 Totally make sense .. Thank you!

No, RSA deals with the public/private keys, SHA256 deals with the hashes.

You are talking about confidentality. Public keys can encrypt and decrypt, the same as private keys. Encryting with a private keys doesn't make sense to ensure confidentiality but you could use it to verify that a person is really who tell it is.

Request the client to encrypt a part of their game data and send it to server, then send new data to the client and expect them to encrypt the data again. Server would be knowing the correct answer, but the modified client would need to keep track of what answer it should be expecting.

That’s called “remote attestation”. It’s impossible to trust a PC that is under the control of someone you don’t trust. Unless it has something like a TPM chip in it. And that gets controversial.