Cryptography/SSL 101 #3: Digital signatures

Показать описание

This video builds on the first two and unites the concepts of public/private key encryption and cryptographic hash functions to explain digital signatures - a key concept that underpins the security model web transactions and bitcoin among many other things

Рекомендации по теме

Комментарии

Thank you for this video series! You are a great teacher and I really appreciate your sharing this material. I look forward to watching some of your other videos and hope to see more content from you in the future!

annespire

Yet another excellent video! Way to go Matt.

virajpadte

In minute 13:10 you are referring to Existential Forgery attacks whereby an attacker can easily generate a message and its signature without the consent of the original sender and the recipient will accept it. Padding can be used to avoid these attacks but certificates and other higher layers are the solution since RSA is not capable of guaranteeing non-repudiation security service.
Nice and succinct explanation.😃

tomasdenisreyessanchez

Such a Nice way of explanation and contains all meaningful info..please keep doing good job!
and also keep posting videos

bulujena

I love this, thank you so much Matt Thomas.

anhvutranthai

I have a question. Around the 8:00 mark, you mention that the hash that was RSA encrypted ends up being the same length as the original one. Are you sure about this? AES is a same length type of encryption, but RSA encrypted is in practice (always?) larger than the original. That's one of the inefficiencies of RSA that make AES attractive.

But if what you saying is true, and its not a mistake, how do they get the RSA encrypted hash down to the same size as the original un-encrypted hash?

davidbrewster

I'm curious if you could provide command line (using openssl) examples for the manual verification of a certificate digital signature. For example, extract the signature from the cert and the public key from the next-level cert, hash the cert (minus digest) with sha1 or sha256, decrypt existing signature using public key, compare results, etc. I haven't found the entire procedure laid out a in step-by-step fashion, but I bet that it would help make the steps clear .Thanks

ericpearce

Great Video but I have some questions. How is the public key sent to the recipient? Does it get encrypted? Is this separate from what you explained in the public key video?

Krypto-P

This is a good video. Just one minor thing: G is not a Hex value.

edithmicheleb

I really like how you explain everything in detail and all your videos about certificates, SHA-256 and common attacks ect. I know the root certs are being stored in a java Keystore but I have a hard time finding even a single video that explains how Keystores work or how to create them. Do you think you can make a video on that?

chrismcalpine

Earlier you said that public key is used for the encryption and private key gor the decryption but here you are saying that humpty is encrypting his docs. using private key and Gingerman is decrypting that using public didn't get this :(

ashishprasad

Dear Matt, thank you for your videos I am not in IT and (I think) I can follow them quite well. After seeing this 3rd video one two questions came to my mind: 1.) crypographic hash functions like SHA 265 are not secret funcions am I right? What I mean is that in theory everyone could process the input data (let's say a contract) through this specific hash function and receive the same digest?
2.) is it correct to say that the algorythm to produce an asymetric pair of keys -you mentioned the RSA-algorithm - is also a cryptographic hash function but in this case it is a function that is secret?

Thank you for your help, Franz

franzbrudl

The who point of using the asymmetric chest is to make sure only the right receiver is able to open it. If the chest is opened with the public key, then anyone can check the digital signature. Assuming HumptyDumpty and GingerBread Man are a trusted pair, shouldn't GB Man already have the Private Key? Meaning HD should have closed the chest with the public key, so only GB Man would be able to check if the document is signed. Otherwise anyone can check that it's signed. Are Digital Signatures viewable by all?

googamanga

When is the series on blockchain? I think that would be more interesting than SSL :)

marionthomas

how will we securely transfer the public key this time? Since, any one can have access to the public key and can read the important doc!!

SwatiMishra-nwtd

"click here to go next" button is not clickable

hlf

Cryptography/SSL 101 #3: Digital signatures

Cryptography/SSL 101 #3: Digital signatures

Digital Signatures

L36 09 Secure Hashing and Digital Signatures

Digital Signatures - Data authenticity and integrity protection

Asymmetric Encryption - Simply explained

Applied Cryptography: Intro to Digital Signatures - Part 1

Cryptography/SSL 101 #5: SSL certificate chain in depth

Signatures - Applied Cryptography

CySec101 / EP.22 / Public Key Cryptography Intro / TryHackMe Cyber Security 101

Lecture 18: Digital Signatures and Security Services by Christof Paar

Cryptography/SSL 101 #1: public, private and symmetric keys concepts

Digital Signature

Digital Certificates: Chain of Trust

Cryptography for Data Integrity & Digital Signature | Philippe Janson

SSL/TLS Explained in 7 Minutes

Digital Signatures in SSL Certification Authority 3:30min

SSL, TLS, HTTPS Explained

Signing - Applied Cryptography

Digital Signatures: Part 1

Digital Signatures

Certificates from Scratch - X.509 Certificates explained

Digital Signatures (CISSP Free by Skillset.com)

Cryptography/SSL 101 #2: Cryptographic hash functions

7 Cryptography Concepts EVERY Developer Should Know