In an earlier video, I recall Professor Messer stating that public keys are used for encryption and private keys are used for decryption. Why is it the other way round here? Also, if Bob was able to use Alice's public key di decrypt, and Alice's public key is well, public.... won't anyone be able to decrypt the signature hash?
While yes anyone would be able to decrypt the message using Alice's public key; only they are the one able to encrypt the message at all using their private key. For example in the video: Alice hashes the message "You're hired, Bob" and send it in plain text + the hash just created, while also encrypting the whole thing with her private key. When Bob receives the message, they decrypt it with Alice's public key, hashes the plain text message as Alice did, and compares their own hash with the original hash to see if the message has been modified. This method is usually used to verify that the person sending you the message is who the say they are and for things that are not entirely important / doesn't contain sensitive information. Hope this helps :)
In an enterprise environment, Bob would typically get Alice's public key from the organization's key management system. The key management system securely stores and distributes public keys, often using internally-issued certificates. Bob trusts this system to provide authentic keys. However, for sensitive operations, additional out-of-band verification is still prudent. The signed file itself doesn't contain the public key, only the signature created with the private key. The public key is stored separately in the key management system. Hope this helps!
Thank you Professor Messer! I passed my A+ now hoping to pass my Security + thanks to you!
how did you do in the Security+ exam ?
Trying again - How’d it go?
Thank you Prof Messer! You really help these concepts make sense and me much more comfortable with my learning pace!
"We refer to this extra information as ASSAULT" didn't know professor messer was built like that
He doesn't Messer around.
Hash yum haha
I always appreciate the humor in your clipart selections.
is it always the case that salts are unique to each user?
In an earlier video, I recall Professor Messer stating that public keys are used for encryption and private keys are used for decryption. Why is it the other way round here? Also, if Bob was able to use Alice's public key di decrypt, and Alice's public key is well, public.... won't anyone be able to decrypt the signature hash?
While yes anyone would be able to decrypt the message using Alice's public key; only they are the one able to encrypt the message at all using their private key.
For example in the video: Alice hashes the message "You're hired, Bob" and send it in plain text + the hash just created, while also encrypting the whole thing with her private key. When Bob receives the message, they decrypt it with Alice's public key, hashes the plain text message as Alice did, and compares their own hash with the original hash to see if the message has been modified.
This method is usually used to verify that the person sending you the message is who the say they are and for things that are not entirely important / doesn't contain sensitive information.
Hope this helps :)
Do we have to know all the SHA hashes for the test?
Yes
You don't already know how to process the algorithm in your head yet?
You must memorize every permutation of the salting algorithm and their corresponding SHA hash as well.
@@rexraptorsaur SHA dont apply salts
@@rot26-o3h I meant adding salt before running it through SHA
I have a doubt where is that public key saved in that same file which is signed or bob go to CA to get the public key ? Please clear my doubt
Thanks
In an enterprise environment, Bob would typically get Alice's public key from the organization's key management system. The key management system securely stores and distributes public keys, often using internally-issued certificates. Bob trusts this system to provide authentic keys. However, for sensitive operations, additional out-of-band verification is still prudent.
The signed file itself doesn't contain the public key, only the signature created with the private key. The public key is stored separately in the key management system. Hope this helps!