I like the way this guy talks and explains things, duno what it is. He obviously really knows his stuff to be able to explain it so well and simplify it enough for me to understand!😊 Thanks
To me it seems like he's explaining from a design perspective, that is "how the protocol addresses the problem", and has the knowledge to back it up. I think it's the correct level of abstraction to explain the problem clearly with only the important details.
I would be interested in a separate video about TLS 1.3 versus 1.2, especially related to Encrypted SNI (ESNI) and how if affects transparent proxies and other security tools
I am in rabbit hole, he said in every video "that's what we talk about last time" so I am looking for last video and again and again and again... HELP :D
I believe these are all of them, chronologically. LMK if I missed any. Apr 18, 2014 | Heartbleed, Running the Code Jul 22, 2014 | Public Key Cryptography Oct 23, 2015 | Man in the Middle Attacks & Superfish Mar 22, 2016 | Secure Web Browsing Mar 30, 2017 | End to End Encryption (E2EE) Apr 11, 2017 | SHA: Secure Hashing Algorithm Dec 15, 2017 | Secret Key Exchange (Diffie-Hellman) Dec 29, 2017 | Key Exchange Problems Jan 16, 2018 | Elliptic Curves Aug 14, 2019 | Almost All Web Encryption Works Like This (SP Networks) Nov 20, 2019 | One Encryption Standard to Rule Them All! Nov 22, 2019 | AES Explained (Advanced Encryption Standard) Oct 23, 2020 | Transport Layer Security (TLS)
@@WilliamAndrea Thank you so much. If a blank sheet of paper wants to learn this, would watching the series in release chronological order be appropriate?
It's very convenient that you created these videos just when I decided to start learning TLS. Very clear and easy to understand. Only bad thing is that the adverts come at rather annoying times.
New record for advert: 2:15. Two of them, of course, after two at the start. 2030: videos are now entirely adverts, no content. 2040: content is back, but only videos containing nothing but adverts are accepted
not even just product placement. It has to be full on "paid programming" level of advertisement. But wait, there's more! Comment today and we'll throw in this free sub to a channel you'll never watch again!
Thank you for explaining with context and really breaking it down. It’s the context and bit of history on how something came to being is what makes things interesting. Thousand kudos.
As an aside, 2:22 the example cipher suite just happens to be one of the ones that Windows 7 and Windows 8 do not support - it only supports those parameters if an ECDSA certificate is used - so 6:20 the server will respond with a failure message when using e.g. the Windows TLS libraries to communicate with such a server.
I think this video can serve as a sort of hub or strarting point for many Dr. Pound's videos, both existing and upcoming. Basically it lists in one string a lot of topics he covered, which is quite convenient.
@@Acorn_Anomaly dammit well what do I know. I have no practical experience with handshakes (yet). I only know how to reply at all because college courses LOL TBH, said inexperience is part of the reason I clicked this video... That and of course I was going to make the handshake joke if nobody had already
MQTT is a service that provides detailed connection session storage. Since the same device connecting to the server can use the same connection states, so it can immediate resume receiving topics with retained information.
I'd love to see a video on ACME considering it's largely replaced most of how servers set up trust now. I understand pretty solidly how it all works (I help maintain the Caddy project) but I'm sure it would help for more of the public to understand how this all works. i.e. how the ACME challenges replace the legacy method of paying for certificates, etc.
anyone else notice that the clip from at 8:40 says "obi one" rather than Obi Wan? surely someone had at least noticed it and commented on the previous video, even if no one (besides me) noticed today.
Great video! I do have a question that has been bothering me for a while, though. Why are both RSA and ECDH used? The server sends the certificate, couldn't the client just encrypt a randomly generated AES key with the server's RSA public key, send it, and skip Diffie-Hellman?
@@leogama3422 True, however: - Both the client and the server only have to use it once per connection. - They are already using it anyway since the server signs stuff, and as far as I know, encrypting and signing are equivalent operations in RSA. The server currently signs doing PKCS#1, powering to 'd'. The client checks the signature powering to 'e'. This is equivalent to encryption, but in reverse order, isn't it?
To anyone that might read this, I just got it. The handshake I proposed is called "RSA key-exchange". Its problem is that it does not offer forward secrecy, so all previous traffic, if recorded, could be decrypted if the server's RSA key is compromised. ECDHE prevents this: previous communications will never be decrypted, even though future ones could.
+1 to that. I was looking for videos on it about a month back and wasn’t happy with any of them really. Happy to have Dr. Mike Pounder showing us how it’s done
@@lakshminarasimmanv Well, I know TH-cam creators often make their videos based around general internet search terms frequency as a way of being timely and catching wind from trends. I haven’t looked into what the TH-cam creator dashboard looks like these days, but I wonder if Google has an API that could easily display “People who watch Computerphile regularly have been searching for” stats.
Hey Guys! It would be great to see you guys doing the promised difference between TLS1.2 and 1.3. I really like your videos! They are great to understand the basics of computer science and I like to watch videos related to the toppics i have in my master course. Greetings from Germany!
1:44 Is this video old? How does he still have that Sketchpad program available? A previous windows update has removed it for me? I only have this Whiteboard app now.
Client and Server: [does handshake things] Client and Server: "We done? Here's a transcript of what we just said, encrypted. We'll talk again under this encryption kthxbye. [they both check what they sent against what they received. They don't match] Client and Server: "..." (uhh I'm just gonna NOPE RIGHT TF OUT OF THIS ONE!) Attacker: "Aw shucks."
But it's still susceptible to MitM attacks that simply communicate with both in TLS, if you can't verify that the public key you get actually belongs to the party you thing you're speaking to. Which you can't for sure, unless you trust a CA or meet in person and compare keys.
I dunno why but this video reminded me of something I read an article about long time ago - encrypted calculations. Essentially these allow you to perform various operations on ciphertext(like addition and multiplication) as if it was plaintext, but without actually knowing the values. The formal name for these is homomorphic encryption systems. It would be cool if you did a video on them
Huh. The new TLS session after inactivity would definitely explain why tabs reload after I've been tabbed away from them for a while. Learn something new everyday!
that should not explain it. there's something else going on which triggers the reload. otherwise you would just look at the page as you loaded it last.
Thanks for your explanation of TLS. My question: Why do the client and server not just use the opposite public keys to encrypt and their private keys to decrypt all the communication. Why the need for more keys e.g session keys etc ?
They are using Elliptic-curve Diffie-Hellman when they use their public/private key pairs. ECDH is fairly fast, but session keys use even faster cryptography like AES. If the cryptography is faster, loading the website would also be faster.
Another problem with using it is that if someone takes over the private key, they can decipher all previous communication, but with Diffie Helmand a new key is generated each session
Asymmetric cryptography is great, but slow and demanding. One operation or RSA is much more complicated than one AES operation for example. Symmetric crypto is MUCH more efficient and also has some bonus features, like automatically included integrity checking. Therefore it makes sense to use public key crypto for exchanging a key, which is then used in symmetric crypto shenaningans. This way, we make use of the best of both worlds and get great security as well as great performance.
Hey @Computerphile great video and I always come back here to refresh my memory about how TLS works. Can you also do an extension video of this with mTLS? Thanks
Would you do a video on trying to detect tor over tlsv1.3 as the subject and issuer are now not known in the handshake. And to build on this in future iterations of tls1.3, if the server name is also not known.
I love your videos, your doodles could be better, but it is great to have a British expert on TH-cam. I have one picky comment on this video , and that is that you have not mentioned "Transport Layer Security". I just wonder if sometimes just explaining the acronym might help some people. I am in IT security and I know we use abbreviations and in-terms like words, it's only natural, but I think saying the whole word might help us sometimes. Thank you for your great work on this channel, your a fantastic team.
In Key exchange part, server sends the hash function of previous messages in digital signature which signed using private key and you say client verifies it using public key how this is shared to client?
The server sends its certificate to the client. The client then verifies the certificate and then extracts the server's public key from the certificate.
I did have to allow TLS1.2 explicitly on nodejs wss connection for Iphone because apparently it assumes that every browser in use can do 1.3 which is not the case for Iphones version 7 and lower
Thank you for this amazing video !! Could you please do a video on Certificate Transparency and IKP in the future ?
4 ปีที่แล้ว
I may be missing something. During handshake things are not encrypted...things like the secrets that are going to be used? So if someone sniffs that traffic could use that secret for decrypt the communications?
Can you do a video on the mathematical algorithms used in encryption? Euler, Extended Euclidean, matrices, multiplicative inverses, etc. There are a lot of college students who are looking for these videos and there are not that many and the videos available are not very well explained. I'm sure you will gain a lot of traffic if you do this.
This video is pure gold. I work in the IT industry and it's hard to find a better explanation than this about TLS.
I agree. Insane domain of the topic.
Yeah its excellent, its a guy who knows what he is talking about in a simple way to an IT tech who always gets overwhelmed by encryption
I like the way this guy talks and explains things, duno what it is.
He obviously really knows his stuff to be able to explain it so well and simplify it enough for me to understand!😊
Thanks
Didn't study Computer Science but I really wish I had someone like Sir Dr Mike Pound at my university. Those folk at Nottingham are lucky
He seems like he enjoy what he is doing and that is reflected on his presentations.
Some days I spend 8 hours listening to the playlist of only him. He makes everything he says make sense, even if you don't get it the first timr
To me it seems like he's explaining from a design perspective, that is "how the protocol addresses the problem", and has the knowledge to back it up. I think it's the correct level of abstraction to explain the problem clearly with only the important details.
He's got passion for computer science...
11:28 this is an underrated piece of editing right here.
I searched lots of resources to understand the full picture behind TLS. This is the best explanation ever
I would be interested in a separate video about TLS 1.3 versus 1.2, especially related to Encrypted SNI (ESNI) and how if affects transparent proxies and other security tools
@Dr Mike - same request.
ESNI is being replaced with ECH, both still very young protocols
Nothing better than a Friday Pounding.
I-
That sounds so homosexual. (Not that there's anything wrong with that.)
giggity
@@WmSrite-pi8ck What do you mean? Getting Pounded isn't sexual.
@@jackc3727 Maybe not where you're from.
Cryptography is such a cool subject. Absolutely love it when Mike is on!
I like how he screams at the start.
I THOUGHT EVERYONE STARTed conversations that way?
@@swine13 lol 😂
yeah such a sudden portion of british accent :D
@@danieljaszczyszczykoeczews2616 Yup ^^
Class clown are we? 🤡
I am in rabbit hole, he said in every video "that's what we talk about last time" so I am looking for last video and again and again and again... HELP :D
if you search for numberphile cryptography you ll find the whole playlist in this topic
I believe these are all of them, chronologically. LMK if I missed any.
Apr 18, 2014 | Heartbleed, Running the Code
Jul 22, 2014 | Public Key Cryptography
Oct 23, 2015 | Man in the Middle Attacks & Superfish
Mar 22, 2016 | Secure Web Browsing
Mar 30, 2017 | End to End Encryption (E2EE)
Apr 11, 2017 | SHA: Secure Hashing Algorithm
Dec 15, 2017 | Secret Key Exchange (Diffie-Hellman)
Dec 29, 2017 | Key Exchange Problems
Jan 16, 2018 | Elliptic Curves
Aug 14, 2019 | Almost All Web Encryption Works Like This (SP Networks)
Nov 20, 2019 | One Encryption Standard to Rule Them All!
Nov 22, 2019 | AES Explained (Advanced Encryption Standard)
Oct 23, 2020 | Transport Layer Security (TLS)
@@WilliamAndrea best comment ever, thanks
@@WilliamAndrea Thank you so much. If a blank sheet of paper wants to learn this, would watching the series in release chronological order be appropriate?
@@fanllawf I guess so, yeah. You could probably skip the first one.
It's very convenient that you created these videos just when I decided to start learning TLS. Very clear and easy to understand. Only bad thing is that the adverts come at rather annoying times.
New record for advert: 2:15. Two of them, of course, after two at the start.
2030: videos are now entirely adverts, no content.
2040: content is back, but only videos containing nothing but adverts are accepted
not even just product placement. It has to be full on "paid programming" level of advertisement. But wait, there's more! Comment today and we'll throw in this free sub to a channel you'll never watch again!
youtube-dl is still available.
TH-cam-dl
you just reinvented the "info-mercial" :)
TH-cam Premium
Dr. Pound + CS + Accent = Complete Package Thanks Computerphile as always
That was the most concise explanation of TLS 1.3 I have ever heard.
it was for TLS 1.2
@@credence7777777 He discusses TLS 1.3 towards the end of the video.
Thank you for explaining with context and really breaking it down. It’s the context and bit of history on how something came to being is what makes things interesting. Thousand kudos.
I forgive the camera man for hollering in to the mic so that it distorted like that cause he got Mike Pound on
He really should wear a microphone
The best explanation, that someone could find on the Internet. Thank you Michael
what a energetic man, wish had a teacher like him. I could learn from him till I die
This guy explaining is awesome and inspired me to do my thesis on ROCA attack.
you rock
This video is pure fantastic.Hey after the handshake the client and server uses symmetric key encryption.
Perfect candidate for a TV Tech Show which goes into more depth on how things work.
I miss TechTV. 😭
I wanna hear Dr Mike say "My name is Pound, Mike Pound"
Wow ! I wish he was my teacher in college! I am glad that I found this channel. Thank you 🙏🏻
As an aside, 2:22 the example cipher suite just happens to be one of the ones that Windows 7 and Windows 8 do not support - it only supports those parameters if an ECDSA certificate is used - so 6:20 the server will respond with a failure message when using e.g. the Windows TLS libraries to communicate with such a server.
I love how he can talk about something boring with such enthusiasm. He makes it interesting.
I'm a fan. well explained. not rigid. and you guys come across as human. which is hard to do when teaching anything, especially computers.
I think this video can serve as a sort of hub or strarting point for many Dr. Pound's videos, both existing and upcoming. Basically it lists in one string a lot of topics he covered, which is quite convenient.
Mike Pound for president. Mike Pound 2020.
Man I could have really used this when working on a project a year ago.
Everyone: We can't do handshakes
TCP: SYN
ACK
(dammit you beat me to it by 1 hour)
The internet is full of syn.
@@Twisted_Code You missed the SYN/ACK. :P
@@Acorn_Anomaly dammit well what do I know. I have no practical experience with handshakes (yet). I only know how to reply at all because college courses LOL
TBH, said inexperience is part of the reason I clicked this video... That and of course I was going to make the handshake joke if nobody had already
ACK ACK ACK, said the Martian.
This is the TH-cam I we need to be watching.
MQTT is a service that provides detailed connection session storage.
Since the same device connecting to the server can use the same connection states, so it can immediate resume receiving topics with retained information.
I'd love to see a video on ACME considering it's largely replaced most of how servers set up trust now. I understand pretty solidly how it all works (I help maintain the Caddy project) but I'm sure it would help for more of the public to understand how this all works. i.e. how the ACME challenges replace the legacy method of paying for certificates, etc.
Say hi to Matt for me. :)
It would be awesome if you created a playlist of all these TLS-handshake related videos mentioned and linked to it in the description of this video.
Excellent instructor, excellent TH-cam channel ! As a medical doctor I find this stuff amusing.
Is see Dr Mike Pound, I hit like.
It sounds like you could use a different suite of ciphers in the future, and this system would be all that's ever needed for these communications.
anyone else notice that the clip from at 8:40 says "obi one" rather than Obi Wan? surely someone had at least noticed it and commented on the previous video, even if no one (besides me) noticed today.
Can you do a video on the single round-trip next?
Great video! I do have a question that has been bothering me for a while, though.
Why are both RSA and ECDH used? The server sends the certificate, couldn't the client just encrypt a randomly generated AES key with the server's RSA public key, send it, and skip Diffie-Hellman?
RSA encryption is too slow for on-the-fly encryption (and in massive amounts for the server) like web traffic...
@@leogama3422 True, however:
- Both the client and the server only have to use it once per connection.
- They are already using it anyway since the server signs stuff, and as far as I know, encrypting and signing are equivalent operations in RSA. The server currently signs doing PKCS#1, powering to 'd'. The client checks the signature powering to 'e'. This is equivalent to encryption, but in reverse order, isn't it?
To anyone that might read this, I just got it. The handshake I proposed is called "RSA key-exchange". Its problem is that it does not offer forward secrecy, so all previous traffic, if recorded, could be decrypted if the server's RSA key is compromised. ECDHE prevents this: previous communications will never be decrypted, even though future ones could.
I love your channel, the content is just incredible. English subtitles are missing ... this needs to be easily accessible.
Finding a website that supports 1.3 was easy. I am on it right now.
TH-cam use QUIC, not TLS.
@@TotalImmort7l It says TLS 1.3 on the padlock tho
@@NeunEinser which device are you using? On a phone, it shows QUIC.
@@TotalImmort7l Desktop, Win 10, Firefox
WTF I was just studying that thingy and boom! Couldn't timed better ^^
+1 to that. I was looking for videos on it about a month back and wasn’t happy with any of them really. Happy to have Dr. Mike Pounder showing us how it’s done
Google also tracks and read minds.
@@qzbnyv I could have really used this at the end of August when I was writing a paper on this 😂
@@lakshminarasimmanv Well, I know TH-cam creators often make their videos based around general internet search terms frequency as a way of being timely and catching wind from trends.
I haven’t looked into what the TH-cam creator dashboard looks like these days, but I wonder if Google has an API that could easily display “People who watch Computerphile regularly have been searching for” stats.
8:30 Is this correct? Thought RSA can be "proxied".
Hey Guys!
It would be great to see you guys doing the promised difference between TLS1.2 and 1.3. I really like your videos! They are great to understand the basics of computer science and I like to watch videos related to the toppics i have in my master course. Greetings from Germany!
1:44 Is this video old? How does he still have that Sketchpad program available? A previous windows update has removed it for me? I only have this Whiteboard app now.
the only voice i like to hear, amazing explanations =)
Client and Server: [does handshake things]
Client and Server: "We done? Here's a transcript of what we just said, encrypted. We'll talk again under this encryption kthxbye.
[they both check what they sent against what they received. They don't match]
Client and Server: "..." (uhh I'm just gonna NOPE RIGHT TF OUT OF THIS ONE!)
Attacker: "Aw shucks."
But it's still susceptible to MitM attacks that simply communicate with both in TLS, if you can't verify that the public key you get actually belongs to the party you thing you're speaking to.
Which you can't for sure, unless you trust a CA or meet in person and compare keys.
Thank-you for these post they are helpful, informative, and just plain entertaining
Awesome video! What is the best way to see the full exchange--Wireshark?
I dunno why but this video reminded me of something I read an article about long time ago - encrypted calculations. Essentially these allow you to perform various operations on ciphertext(like addition and multiplication) as if it was plaintext, but without actually knowing the values. The formal name for these is homomorphic encryption systems. It would be cool if you did a video on them
Huh. The new TLS session after inactivity would definitely explain why tabs reload after I've been tabbed away from them for a while. Learn something new everyday!
that should not explain it. there's something else going on which triggers the reload. otherwise you would just look at the page as you loaded it last.
Thank you to share this knowledge. Dr Pound explain so clear this matters. Thank you for this channels and this videos. Greetings from Argentina.
these videos are gold a couple weeks before exams
so awesome that Jared from Silicon Valley is on the channel
🤣🤣🤣
Thanks for your explanation of TLS. My question: Why do the client and server not just use the opposite public keys to encrypt and their private keys to decrypt all the communication. Why the need for more keys e.g session keys etc ?
They are using Elliptic-curve Diffie-Hellman when they use their public/private key pairs. ECDH is fairly fast, but session keys use even faster cryptography like AES. If the cryptography is faster, loading the website would also be faster.
Another problem with using it is that if someone takes over the private key, they can decipher all previous communication, but with Diffie Helmand a new key is generated each session
Perfect Forward Secrecy is the keyword here
Asymmetric cryptography is great, but slow and demanding. One operation or RSA is much more complicated than one AES operation for example. Symmetric crypto is MUCH more efficient and also has some bonus features, like automatically included integrity checking. Therefore it makes sense to use public key crypto for exchanging a key, which is then used in symmetric crypto shenaningans. This way, we make use of the best of both worlds and get great security as well as great performance.
Love the videos with Dr. Pound. Hope you guys make one on IPSec.
Hey @Computerphile great video and I always come back here to refresh my memory about how TLS works. Can you also do an extension video of this with mTLS?
Thanks
13:55 two roundtrips (assuming you're 200ms away from a server) would be 800ms
I came to the comments looking for this hahah
Mike may have not described it clearly but network latency is measured by Round Trip Time. So his 400ms is correct.
Which of these steps use the mac for authentification?
WOW! I love this channel and he explains everything well. Keep up the good work 🙏
Very simple and clear explanation.
Great video, still waiting on that TLS 1.3 video though
Would you do a video on trying to detect tor over tlsv1.3 as the subject and issuer are now not known in the handshake. And to build on this in future iterations of tls1.3, if the server name is also not known.
Your videos are absolutely fantastic.
What does the last byte usually mean if it is repeated by a few instance but in no specific order?
Would you do a video, or set of videos on ACME ( RFC 8555 )?
I love your videos, your doodles could be better, but it is great to have a British expert on TH-cam.
I have one picky comment on this video , and that is that you have not mentioned "Transport Layer Security". I just wonder if sometimes just explaining the acronym might help some people.
I am in IT security and I know we use abbreviations and in-terms like words, it's only natural, but I think saying the whole word might help us sometimes.
Thank you for your great work on this channel, your a fantastic team.
Awesome 👏
Thanks for these videos
Incredibly helpful for my Sec+ studies thank you!
Will there be episode on TLS vs QUIC ?
As these have solidified and filled in a few gaps I had about TLS..
I know nothing about QUIC except it's UDP..
Which device is used in this demo?
This dude is one of my faves
What is shown is one way TLS. What about mTLS? Is the Client Cert / Public Key a part of the client Hello?
In what sequence will TCP handshake and TLS handshake happen? Which one happens first in a connection?
Excellent explanation Dr.Pound. :) i mean i thought i know TLS 1.3 but it seems i was wrong. I did not know about the Finish message.
What tablet/laptop is that? It and the pen write so well
Looks like a Microsoft Surface Pro
Can I make SSL like certificate if yes then What technology need to learn and adapt. thanks.
But the digital signature verifies the server's authencity, it does not verify the client?
In Key exchange part, server sends the hash function of previous messages in digital signature which signed using private key and you say client verifies it using public key how this is shared to client?
The server sends its certificate to the client. The client then verifies the certificate and then extracts the server's public key from the certificate.
How can we do downgrade attack?? I have heard a lot about it but don’t know how that happens. Can you please explain??
5:26 Basically my reaction
everytime
haha
Great video!
Frodo explaining TLS, who would of knew. Thank you very informative
Can you please add subtitles? And why is there no auto generate of subtitles?
Which tablet was Dr Mike using?
2:27 would be the perfect place to add an info card to the Kindle Text Problem video
Very much thanks for your excellent explanation, Mike. I appreciate a lot your work.
Isn't the certificate already sent encrypted?
Thank you sirs. We all appreciate ya.
Does Computerphile have merch? Say a black T-Shirt with a print of Bob an Alice in Mike's Graphics exchanging keys.
Far easier and clearer when shown via the iPad instead of a paper based drawing. Stick with that. (More colours too)
The thumbnail is just a classic x)
Please somehow manage and make captions of your videos.
I did have to allow TLS1.2 explicitly on nodejs wss connection for Iphone because apparently it assumes that every browser in use can do 1.3 which is not the case for Iphones version 7 and lower
Can we please have a video on TLS 1.3 🙏
Thank you for this amazing video !! Could you please do a video on Certificate Transparency and IKP in the future ?
I may be missing something. During handshake things are not encrypted...things like the secrets that are going to be used? So if someone sniffs that traffic could use that secret for decrypt the communications?
At this early stage, there is nothing to sniff.
You mentioned TLS 1.3, now you have to do a video about it!
I love there videos, please keep them coming
love the editing. Get him up for a BAFTA
Bafta
Can you do a video on the mathematical algorithms used in encryption? Euler, Extended Euclidean, matrices, multiplicative inverses, etc. There are a lot of college students who are looking for these videos and there are not that many and the videos available are not very well explained. I'm sure you will gain a lot of traffic if you do this.