Hey Zach, thanks for the great video, I started watching it with a vague idea of how RSA and elliptic curves works and after pausing and researching for 2 hours about the math behind it I finally finished your video and understood everything! You have a great overall way of explaining the logic when it starts to integrate with the code. Thank you so much!
Damn man, going through the playlist today and WOW I learned so much that too so clearly. Thank you for putting in the efforts and giving thorough explanation of everything. :)
Hi Zach , its really an amazing series. Had a small doubt at 33:07 , we are signing the message with private key but also sending the originial message(plain message without hashed and encryped) for client to verify? Hacker can any way easily extract information from object packageOfDataToSend , then why are we sending both encrypted message and plain message ?
Thanks! Glad you like it. Remember, when we are doing digital signatures, all we care about are two things: 1. That the data wasn't modified by a hacker 2. Ensuring the identity of the person is not fraudulent With digital signatures, we DO NOT care about protecting the originalData itself.
Bro, great video! I have a doubt. While verifying the signatures. We have created a hash of data and then encryted it. And at the receiver end, we have decrypted and checked it's value to the hash created at receiver end. My doubt is Why do we need to create a hash in first place? We can just encrypt the data. And recover will decrypt and verify the value to the original data. Another doubt is why do we need to convert our hash to 'hex' format in the above process?
amazing videos but i have a question how did the hashed sha.. and the one the reciver created get matched while you have said that there is no chance that you get the same hash with the sha.. function
Which timestamp in the video are you referring to? Usually, we need to encrypt the hash value of data because sometimes, the size of the data that you are "signing" is going to be very large. If you wanted to sign a 5GB file, without hashing this, your JWT would take forever to authenticate over a network.
When we encrypt our message with private key ,we have provided public key to all other users so anyone can decrypt our message so why are we using this technique?
When we encrypt with a private key, we are "signing" (aka digital signature), but when we encrypt with a public key, we are masking the actual data. They are two completely separate techniques that you have to distinguish between. Start at 19:28 for data protection (signing with public key) and 25:10 for digital signatures (signing with private key).
Yes, it would be enough proof, but without a hash, it would 1) take up way more space in a database if you’re signing a large data payload 2) be much more difficult to verify the integrity of the data on the signature Encryption of data is 2-way. You can encrypt and decrypt the data with the correct key. Hashing is 1-way, so anyone who has a hash value also needs the original data it was created from, which they will then run through the hash function to verify the data they have produces the same hash value as the one they have. Last, hash values are small, and determinant length. This enables storage efficiency in a DB.
hey man! one thing about your video making! pls don't paste all the code right away, I see the video to learn to code, not to learn ctrl+c & ctrl+v and nice video by the way
Well you could pause the video and follow along or use his blog post zachgoll.github.io/blog/2019/choosing-authentication-strategy/#Authentication-Choices
Mannn. The level of details you have put in these tutorials are amazing. It's sad most people haven't found your channel yet. I found you from freecodecamp.
Hey bro, you really have a great way to deliver info, I have been watching this series and I am really thrilled.
Great tutorial. Short and concise. I cannot thank you enough, Zach.
So transparent and clear! thanks Zach!
Hey Zach, thanks for the great video, I started watching it with a vague idea of how RSA and elliptic curves works and after pausing and researching for 2 hours about the math behind it I finally finished your video and understood everything! You have a great overall way of explaining the logic when it starts to integrate with the code. Thank you so much!
That’s awesome, glad it clicked for you. Definitely took me a while to nail this topic myself!
Thank you so much, Zach! I'm learning so much with this series!
Damn man, going through the playlist today and WOW I learned so much that too so clearly. Thank you for putting in the efforts and giving thorough explanation of everything. :)
This is the best explanation, thank you!
this is the best explanation on public key cryptography. thank you.
I always find find your videos very informative. You are a great teacher, I have learnt a lot from you. Thank you very much, I really appreciate it.
BEST VIDEO EVER THANK YOU SO MUTCH :)))
awesome video...clarified a lot of confusing topics for me
Beautiful video!
Hi Zach , its really an amazing series.
Had a small doubt at 33:07 , we are signing the message with private key but also sending the originial message(plain message without hashed and encryped) for client to verify? Hacker can any way easily extract information from object packageOfDataToSend , then why are we sending both encrypted message and plain message ?
Thanks! Glad you like it. Remember, when we are doing digital signatures, all we care about are two things:
1. That the data wasn't modified by a hacker
2. Ensuring the identity of the person is not fraudulent
With digital signatures, we DO NOT care about protecting the originalData itself.
very well explained thanks, god bless you, good continuation
Bro, great video! I have a doubt. While verifying the signatures. We have created a hash of data and then encryted it. And at the receiver end, we have decrypted and checked it's value to the hash created at receiver end. My doubt is Why do we need to create a hash in first place? We can just encrypt the data. And recover will decrypt and verify the value to the original data.
Another doubt is why do we need to convert our hash to 'hex' format in the above process?
amazing videos but i have a question how did the hashed sha.. and the one the reciver created get matched while you have said that there is no chance that you get the same hash with the sha.. function
thank you
I don't quite understand why don't we just encrypt the originalData with the private key, instead we encrypt on its hash value?
Which timestamp in the video are you referring to? Usually, we need to encrypt the hash value of data because sometimes, the size of the data that you are "signing" is going to be very large. If you wanted to sign a 5GB file, without hashing this, your JWT would take forever to authenticate over a network.
why don't you just send the hashed object instead of both the hash function and the object?
When we encrypt our message with private key ,we have provided public key to all other users so anyone can decrypt our message so why are we using this technique?
When we encrypt with a private key, we are "signing" (aka digital signature), but when we encrypt with a public key, we are masking the actual data. They are two completely separate techniques that you have to distinguish between. Start at 19:28 for data protection (signing with public key) and 25:10 for digital signatures (signing with private key).
My 🧠 hurts.
If only you can encrypt the data, why do you need to hash it? Wouldn't the fact that it can be decrypted with the public key be enough proof?
Yes, it would be enough proof, but without a hash, it would 1) take up way more space in a database if you’re signing a large data payload 2) be much more difficult to verify the integrity of the data on the signature
Encryption of data is 2-way. You can encrypt and decrypt the data with the correct key.
Hashing is 1-way, so anyone who has a hash value also needs the original data it was created from, which they will then run through the hash function to verify the data they have produces the same hash value as the one they have.
Last, hash values are small, and determinant length. This enables storage efficiency in a DB.
hey man!
one thing about your video making!
pls don't paste all the code right away,
I see the video to learn to code, not to learn ctrl+c & ctrl+v
and nice video by the way
Well you could pause the video and follow along or use his blog post zachgoll.github.io/blog/2019/choosing-authentication-strategy/#Authentication-Choices
. yeah you can it semeed that you can find the code on the link below
Mannn. The level of details you have put in these tutorials are amazing. It's sad most people haven't found your channel yet. I found you from freecodecamp.