Diffie-Hellman Key Exchange - the MAGIC that makes it possible - Cryptography - Practical TLS
Ғылым және технология
The Diffie-Hellman protocol is the underpinning of so many other security protocols on the Internet. It's the most popular answer to the question: How do we establish a shared key over an unsecure wire?
Diffie-Hellman uses a sequence of math calculations to answer that question. And in this video I'm going to prove it to you.
This lesson is a free sample lesson from the the greatest TLS and SSL training course ever created. No instructor rambling on about pointless stories. No slides with massive walls of text. No time wasting. Only simple, effective, and precise explanations. Complimented with practical illustrations and visuals.
🔐 More details about the course:
classes.pracnet.net/courses/p...
🏢 Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =)
💬 Join Practical Networking Discord
/ discord
🖧 Want to learn how how data moves through a network?
• Networking Fundamentals
0:00 - Diffie Hellman Purpose
1:10 - The Math of Diffie-Hellman (Cryptography 101)
4:03 - Using DH's Shared Secret to generate Symmetric Keys
4:27 - How secure is Diffie-Hellman?
5:55 - Outro / Try it yourself!
6:23 - Practical TLS - The best SSL/TLS course ever created
Since you've made it to the bottom of the Description, here's a $100 off coupon code you can use on the full course =)
YT100
Пікірлер: 96
👉 *More free lessons:* kzread.info/head/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY ✨ *Full course:* pracnet.net/tls 💲 *Coupon Code* for 50% off: youtube50
This was by far the easiest example on KZread for understanding Diffie-Hellman. Thanks!
@PracticalNetworking
2 жыл бұрын
Glad you enjoyed it =)
@sofiachumpitazi7880
3 ай бұрын
agreed!
I have to subscribe to this channel. Thank you.
Probably the best video on Diffie-Hellman algorithm, so well done!
That is exactly what I was looking for a while. I also signed up for the TLS course. Well done for the great content.
Thank you for this series, It's really well made. I would probably reference each time I forget a concept.
@PracticalNetworking
2 жыл бұрын
Glad you enjoyed it!
Ohh yesssss. Whilst going through your TLS series got notification of this video and oh boy am I ready for Diffi. It’s not easy to understand but I can almost be certain you’ll have broke it down in such a way my 80 year old grandma will make sense of it!
@PracticalNetworking
2 жыл бұрын
Hope it lived up to your expectation!
Hey Ed, as I['ve ]read through them: You really earn these praises here. Thank you! Best regards, CC.
Perfect simplest explanation found on youtube
I dont know how to say thankyou to this channel as it made me to understand all these complicated concepts in very simple explanation.... Good work & keep doing it 🙂
@PracticalNetworking
Жыл бұрын
Renu! I've rather enjoyed seeing your kind comments on all the videos. Thank you for the positive energies! Truly happy you are learning so much from the channel. Cheers, friend. Happy (continued) learning! =)
so damn good course. I am registering the course. Keep good work, Ed!
Many Thanks for your Amazing topics, keep it up
You are a great teacher!
Another great monday. Thanks for the upload
@PracticalNetworking
2 жыл бұрын
You're welcome! Glad you liked it!
Perfect explanation.
Like always, you make it look easy. Thanks
@PracticalNetworking
2 жыл бұрын
You're welcome, Azza!
Thanks for the excellent video.
As always, very great lecture, very useful, thank you so much brother
@PracticalNetworking
2 жыл бұрын
You're welcome!
Hey hey, tried with Private key =2 and Private key =7, ending up with Public key =10 and Public key =7. And Shared one is 10. Thank you for your work! You are the best 😎🤓
Very cool, thank you!
Thank you so much :) As Always, Great!
@PracticalNetworking
2 жыл бұрын
You're welcome, Hosein =)
Thank you for Teaching very easily understand difficult concept.
@PracticalNetworking
2 жыл бұрын
You're welcome, Karthik!
Just liked it before watching, we all know it's gonna be a great Video
@PracticalNetworking
2 жыл бұрын
;)
Excellent explanation. 👍
@PracticalNetworking
2 жыл бұрын
Thank you!
Thank you, this helped a lot!
@PracticalNetworking
Жыл бұрын
Glad to hear!
CA certificates contain publicPrivate keyPairs stamped by a trusted authority.......Great Course ED.... well done
@PracticalNetworking
3 ай бұрын
Thanks for supporting the channel =)
Thank you :)
Thank you sir,, best video.
@PracticalNetworking
2 жыл бұрын
You're welcome!
Cheers , made that a lot easier than most do . not an easy one to explain and welcome back Alice and Bob :) . These Martin Helman and Whitfield Diffie guys have some brain capacity don't they .
@PracticalNetworking
2 жыл бұрын
Yea, it's incredible that these algorithms were developed 30~ years ago and are still the foundation of the crypto we use today. Cheers Don!
The math in this one is very cool :)
@PracticalNetworking
2 жыл бұрын
Agreed =)
Super!!
@PracticalNetworking
2 жыл бұрын
=)
Thanks!
@PracticalNetworking
Жыл бұрын
Hey Ward, I just wanted to say a huge thank you for the Super Thanks donation! Your support truly brightens my day and motivates me to create even more content. Thank you!
SpongeBob and cryptography 🔐 are a FANTASTIC pair!
@PracticalNetworking
2 жыл бұрын
Agreed ;)
These videos are life changing, I appreciate your teaching style and notes! Question: Do you think we will go to elliptic curve crypto, away from DH and RSA due to key sizes etc, at least for key exchange? I would love to see you do a 101 video on ECC, as it's blowing my head around the maths and how it works!
@PracticalNetworking
Жыл бұрын
Yes, it's on my list! EC crypto is just using a different set of "numbers" than what we are used to. IT's still the same algorithms, just using points on a curve instead of real numbers (1, 2, 5, 100, 9999, etc...). So yes, we will always be using DH, RSA, DSA, etc... just sometimes on a curve (hence ECDH, ECRSA, ECDSA). Well, at least until quantum safe algorithms take over, I suppose.
@robpowell9162
Жыл бұрын
@@PracticalNetworking I'd love to see ECSDSA! Thankyou for making it so much easier to learn, I appreciate you so much. Do you think we will have quantum safe? Or "safe for now"? I wonder if that's measured in years, decades, or more?
@PracticalNetworking
11 ай бұрын
Everything in crypto is always a "safe for now" gamble ;p
Thank you man for the video :)
@PracticalNetworking
2 жыл бұрын
You're welcome, Ayrad!
@PracticalNetworking
2 жыл бұрын
Congrats Ayrad. You won the random course giveaway =). Reach out to me on Discord to claim your prize: pracnet.net/discord (I just realized that I never picked a Winner for this video, sorry for the long delay)
@ayradizem2770
2 жыл бұрын
@@PracticalNetworking thank you very much :)
@ayradizem2770
2 жыл бұрын
@@PracticalNetworking I'm in your groupe in discord but I don't know how to get what I have won :D
+1 for the 'why' it is difficult te reverse engineer!
In standard tls, a separate secret key is generated by the client and encrypted with servers public key is sent to the server. That is only the servers public/private key pair is used to exchange the symmetric key. Is that different than the secret key generation and sharing discussed here.
6 being a generator of 13 in this context means that any number from 1 to 12 can be written as 6^k (mod 13) for some k between 1 and 12. Not only does the speaker not define what "generator" means, he then goes on to say that Alice and Bob each "generate" a private number without defining what that means. Indeed the private numbers can be "generated" in the sense above because a and b are constrained to be whole numbers between 1 and 12, and we have just seen that all such numbers can be "generated" by writing them as 6^k (mod 13). But surely it would have been simpler to say that Alice and Bob each choose an arbitrary whole number between 1 and 12.
how does this video only have 772 likes as of this moment....smdh
so DH negotiates session key to encrypt data symmetric. However, RSA generates key pairs that are used to encrypt the session key when exchanged? then that session key is used symmetric to encrypt bulk data?
hello how are the agreed number defined to be used bu both parties?
How did they agree on two numbers, 13 and 6, at the beginning of their conversation? Let's say Bob doesn't know Alice and wants to send her a message. How will their first exchange happen? I am still confuse about it
@PracticalNetworking
9 ай бұрын
The peers have to do a handshake before they can do DH, and in that handshake they "agree" on a DH Group (which contains the two numbers, P and G).
@rotorfpv4117
4 ай бұрын
no one will overhear this?
@dustcore
Ай бұрын
@rotorfpv4117 They will, but without knowing either peers private key, it's safe.
Aha! So they exchange each other's public but they don't see each other's private! Got it!
@PracticalNetworking
Жыл бұрын
Exactly. =)
Que vídeo do caralho.. nunca encontrei um vídeo no KZread com tamanha qualidade de detalhes..
sometimes i just wish i can give u a thousand likes with one account. #Simplified learning
@PracticalNetworking
Жыл бұрын
Thanks for the kind note =). I appreciate even the single like! Cheers.
Sanks q very much
@PracticalNetworking
2 жыл бұрын
You're welcome Eric.
👍👍👍
So if hacker get to know what the shared numbers are meant for (i:e maybe hacker manages to read an email which have them listed), then hacker will also end up generating the same secret key, right?
OK, nice explanation. What i can never find is how the keys are used to crypt and decrypt messages! Do you have some ressources on that by a chance?
@PracticalNetworking
11 ай бұрын
Yes, I have a video on my channel about RSA. It shows the math which creates keys, and the math which uses them to encrypt and decrypt messages.
Am I the only one to feel this topic is just a piece of cake after hearing this explanation?
@PracticalNetworking
2 жыл бұрын
That tells me I did my job correctly =).
@safwanumer3997
2 жыл бұрын
@@PracticalNetworking absolutely, just love your videos.
@PracticalNetworking
Жыл бұрын
@@safwanumer3997 If you're willing, sharing this content online would be a great help. =) Glad you enjoyed these either way. Cheers, Safwan.
Hi, what if the public key which Alice and Bob shares with each other is modified by hackers in public network? Both Alice and Bob would never be able to create same shared secret.
@PracticalNetworking
2 жыл бұрын
Yes! Correct. Hence, when sharing the Public Key, it's good to also implement something that also provides Integrity. This is why when you download a website's certificate (which includes a public key), the certificate also includes a Signature (providing Integrity and Authentication). More details on signatures here: kzread.info/dash/bejne/ka6trdiJpsueYJs.html
@burgundyhome7492
Жыл бұрын
So by this "integrity" mechanism they will both know IF the public key they received was tampered or not? Cool!
But what exactly is Generator of P? Is it randomly generating Prime numbers or just random numbers? In this case 6 is not a Prime number
@PracticalNetworking
2 жыл бұрын
Good question... I should write an article about it. Reach out to me on Discord and I can explain it to you briefly. But you are correct to point out Generator != Prime number. =)
👏👏👏✅
@PracticalNetworking
2 жыл бұрын
=)
the ENTIRE so-called Security of Diffie Hellman, is dependent on the premise that an attacker would need THOUSANDS of years to brute force matching keys 🤔🤔🤔 And we HAVE lottery winners who can PERFECTLY pick a sequence of 7 numbers OUT of a staggering 60-number ball RANDOMIZING machine 🙄🙄 i hope these numbers of Mr Diffie are BIG enough to **prevent** this sort of LUCKY matches 🙄🙄 Now watch out for that word again . . . do big numbers (being RANDOM themselves 😟🧐😳) actually **PREVENT** random LUCKY matches from attackers 😰😰 ?
So, to bob and alice decrypte the message first, it must alice and bob accept the public key both side witch A=(G x mod n) the result is the public key must be accepted both side and we called this digital certificate.