Man in the Middle & Needham-Schroeder Protocol - Computerphile 

LOL!

He said they would be much larger numbers in reality and these are very rare numbers that you would almost never find

@@reedy8585 you definitely don’t know what these numbers mean :)

@@smicro6758 It depends on what context you are refering to them

Lol

Key exchange is an orthogonal issue, which the likes of Needham-Schroeder-Lowe isn't intended to solve. For that, you need something like trust networks, CAs, &c., and it's not a trivial issue. There are also other videos on the channel dealing with those, so it's apt to gloss over that part of the problem. However, the whole point of this is session initiation, so it _can_ be used to establish a shared connection.

What if every time Bob send out his public key, Pat secretly switches it for his own key? Pat will be able to decrypt everything Alice sends, examine it, and re-encrypt it with Alice's public key and send it to Bob.

@@ElectricGears I think you meant Bob's public key at the end there. The big limit in Pat only replacing Bob's public key with "Bob" 's public key, but not doing anything with Alice's keys is that Pat's only options with Bob's messages to Alice are to delete them or to pass them on unaltered - for the former, Pat doesn't know what responses Bob is expecting, and can't fake them reliably; for the latter, Pat is limited to tricking Alice into responding in ways that reveal Bob's secrets, without Alice realising that Bob and "Bob" are different.

u find the public key like in telephonebooks - but u should check the trustworthyness of the publisher

PKI & certificates, I believe.

Oops, well that fix will have to wait a little while as I'm not at the computer! -Sean

Relatable.

Maybe that spelling in itself was the encryption

@@Computerphile Writing from a phone? Technically a computer too!

yeah! This is exactly my question! How would they know the public key they're receiving is actually Coming from the person who said he is? The key has to go through the network after all, and anyone in between can intercept and swap that, don't they?

Yes there is, its called certificate pinning.

​@@CoughSyrup you do realize you completely missed the part where the attacker can intercept the certificate site right? Meaning I can plant my network right outside your home and intercept every single piece of data coming out of it. you: "hey pat, what's bob's public key?" fake pat: my public key returned to you, I request bob's public key for myself you: sends encrypted data with my key thinking it's bob fake pat: decrypts the data and re-encrypts it with bob's key and sends to bob with my address, changing any necessary information. When I receive it back, i decrypt and reencrypt with your key you: "oh, high bob, you are totally bob" nope...not at all, never was. Any event that can happen between your home and the wider network can be intercepted and everything forged for both sides. "I'll just VPN"....same problem, the VPN has to be handshaked for the connection, that handshake still passes through my jumped route, so all the data can be seen. "well what if we both had a authorizing server" then I'll just have an interceptor at both your location AND the recipient's location and jump both of you, so that I'll authorize fake certificates for you both. As I said, this attack can not be defended against using the same line communication. If I were to physically show up at your door and hand you an envelope with a secret code that only you and I know to identify each other, that can defend it....but that's a second line of communication, completely negating the premise I set.

@@sabriath well theoretically it works because the certificate authority public keys are baked into the browser, so that is what holds the big house of cards up. now if you get a hacked browser with bogus ca keys then you are hosed.

@@wmrieker you assume that every site in the entire world has their keys stored on every computer in every household on the planet in order to ensure they are the actual correct website....and new registered websites somehow use a singularity pulse to insert their certificate in every browser in every house? That's not how CA works.....when you access a site, it requests a cert from an independent authority site to verify the site I'm accessing is the correct site. If I'm jumping your location, then when you request from the independent authority, you are talking to me, I just give you a fake certificate....and when you request from the other site to verify, it's also me, and I give you the answer key to the fake certificate. The only time this might not work is if your computer has already visited the site in the timeframe the certificate hasn't expired....then it's just a waiting game, or I can force an early retirement of the certificate, pushing you to re-request the certificate from the authority....and guess who you'd be talking to? Me. It's one of the biggest problems in cryptography right now, other than proof-of-time, but that deals more with blockchain tech.

Drastically vulnerable to shitposting

Not bad but isn’t really analogous to *two way* secure communication.

@@benjidaniel5595 : _Until_ you mention that all possible recipients have an equivalent safe.

Yes, the physical paper envelope was very cumbersome. Something "smarter" like a transparent box would be more practical and visually appealing.

@@guilhermedantas5067 Sure. I just lost track of the content of the envelope at times.

@@satadorus5924 How do you lose track when they explain everything in pain stacking detail? Also if the box were transparent one could argue that some people might get confused because the postman "can just look inside, since it is transparent".

you seriously need this to be explained even simpler?

@@Valvex_ Right! Make the box half-transparent: the opaque side facing the people and the transparent side facing the camera.

You forgot Bosnianbill

Behold the mighty plastic bottle shim

@@cmuller1441 He fell

Click out of 3, 4 is binding... And we dropped into a deep false set.

That can be _slightly_ mitigated by occasionally providing a new secret which requires a time-consuming process (like BitCoin's proof of work stuff) to turn into a usable form, but regretfully such attacks are likely to be targeted enough that such brute-force techniques aren't guaranteed to work. Better is to use out-of-band signalling to provide "unsnoopable" secrets, or some sort of quantum entanglement system to detect snooping, but neither of those things is trivially achievable for most communicators.

I would have to disagree, I though them using a kidda real world example made it easier to understand rather than them writing all of this information down. I guess different people just have different ways of learning and this is what works for me.

@@Max-dc7xr completely agree with your points

lol but you got what he means by that, right?

It was right in front of our noses the whole time. ( ͡° ͜ʖ ͡°)

That's really a different subject, though semi-related. How it works is that the software on your computer _already_ has several public keys when you first get it, and _those_ keys are used to communicate with trusted third parties that can provide you with any key that they've issued, and so _prevent_ the need to _ever_ send unencrypted data. However, even those keys are vulnerable to being either broken, or replaced before the software reaches you.

is that due to more complicated calculations?

Needing to do arithmetic to hundreds or thousands of digits.

@@silaspoulson9935 Symmetric encryptions are mostly just repeated combination of -- key expansion, XORing with data, and shuffling bits around.

Or from Holland

@@jetzereitsma1276 thats the Netherlands

Holland is in the Netherlands, isn’t it?

liked for the Head over Heels profile pic

This is what Diffie-Hellman key exchange is

@@autohmae Sort of. Diffie-Hellman is kind of simpler. This would still involve encrypting and decrypting things, while Diffie-Hellman does not.

AMA Tim Muller so we can ask him if he likes frikandelbroodjes

It would've been quite short: just wave a magnet over the lock to induce a current so the electronics panic and the lock pops open.

Sure we do. Want my key? It's on the public key servers such as the one run by MIT. They can also be looked up in DNS records. I bet there are other ways public keys are being distributed too.

@@tracyrreed The problem here is that I don't know if I'm talking to the real MIT when I go to get its public key. This is the problem that certificates and certificate authorities address.

@@OcteractSG This is what the Web of Trust is for.

Just watch on 1.5x speed if it's too long for you