End to End Encryption (E2EE) - Computerphile
ฝัง
- เผยแพร่เมื่อ 29 มี.ค. 2017
- End to end encryption, government ministers are again talking about stopping it. What is it and why might that be a bad idea? Dr Mike Pound explains.
Hololens: • Microsoft Hololens - C...
Blockchain: • The Blockchain & Bitco...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
Criminals think about a crime before committing a crime, that is unacceptable. Therefore, we should ban thought.
Most risk is criminals talking face to face. 2 people should only be allowed to talk when a government official is present. I mean.. ."private" conversations... more like "criminal conspiracies".. no thanks. unacceptable.
+Zac T I have no idea what that is.
+liquidminds You mean "government officials". The problem here is that, if the government has tools to monitor peoples communications, so can anyone clever enough to know how. It puts everyone at risk, not of government monitoring, but by monitoring by hackers or corporations who want your personal info for financial or political gain. If the government has a means of monitoring you, so does potentially anyone else.
I had quite a load of sarcasm in there. Of course it's bad.
Especially since most corporations probably wouldn't find it very amusing, if they had to communicate trade-secrets over insecure lines... Making an exception for corporations and suddenly everyone is a corporation.
All in all, it's another conservative "we are afraid, so let's make it illegal" type of situation. Great opportunity to make fun of them.
Sorry, simply idiotic argument.
It's actually very simple. All that needs to be done is to ban crime. Problem solved.
"does this make you bob?"
"it does"
made me smile
Just something so mild and...I dunno, British about it that is so charming :D
"I'll 'ave that!"
Made me laugh out loud!
+Arvindh Mani I didnt get it?What does it mean?
In the field of computer security, when an example is being demonstrated, the users are usually named Alice and Bob.
“Arguing that you don’t care about the right to privacy because
you have nothing to hide is no different than saying you don’t care
about free speech because you have nothing to say.” - Edward Snowden
I agree with you
@@frederickwirigley9685 I agree that you agree with him.
@@baronvonbeandip I agree with you agreeing with him
I thought of that exact quote right when he said it.
@@nickwilson3499 I agree with your agreement of that you agree that he was agreeing with him
Why not just make it illegal to commit crime? Problem solved.
Here here!
so legally speaking, being illegal makes things easy to enforce law?
why not just abolish all laws, therefore nothing is technically a crime
Yes, like in Sweden. In Sweden it is ILLEGAL to be a criminal!
How can someone think that straight?!
This should be shown on BBC to educate the politicians about the problems they have "solutions" for, without understanding the issue itself!
BBC? Eh , da je to u njihovom interesu zarad rejtinga ...
Or maybe people could just stop electing geriatrics
@@tommykarrick9130 easier said than done my friend
@@vasodegama2244 。
its not like they need education, its just that British politicians are vile cunts who are inherently interested in insane ideas
thats like allowing the post office to read all the mail i send. thats not a good thing
Lithium , There's a difference between being *allowed* to, and being *able* to.
The post office /govt could already read your mail if they just opened it. Imports/customs do that already.
As I understand it, no the post office can't open our mail without a warrant to do so. The only time I've seen that attempt to be waived was in extreme cases like the Anthrax scare awhile back. I remember some interesting articles about people being upset their mail was opened and filing complaints and lawsuits over it when some locations opened letters instead of using less invasive techniques to check for tampering.
Yes, its strange how it was not legal for governments to listen in on analog telephone calls or read our mail without a warrant and governments accepted that but they are arguing today that its essential for our security they are permitted to do the equivalent of steaming open our letters. The irony is they know exactly who the terrorists are already and can get individual warrants as needed. Coming back to the country after fighting for ISIS is subtle hint as to who to watch out for.
Lithium richie ray
There is a place in Bristol where the Royal Mail can open your mail (for example if you forgot a stamp and they needed to find a return address), but no regular post office or Royal Mail depot is allowed to do this. (They wil only open your mail if they have to, they don't just do it willy nilly)
"I don't have anything to hide". Oh except maybe all my health records, my credit card number and financial history, some of my browsing history depending on the person reading it, some of my contacts from some of my other contacts, some of the stuff I've said from my current and future employer, some of the stuff I've said from some of my family and friends depending, yeh I guess there's actually quite a lot come to think of it. You don't have to be a bad person to want privacy. And I realize that's the point of what was said.
EXACTLY THIS.
I always knew something was wrong with this argument. But your comment made me able to explain it to other people.
Yeah your right
And passwords too
Alice and Bob - Well done. Proper encryption.
kek
One of the more obvious, non-technical issues here is that how are you going to prevent criminals from simply continuing to use secure E2E encryption, even if you enforce policies that require backdoors or whatever? You can't, really. If criminals want E2E encryption, they can get it. The knowledge is already out there, there are many different applications and libraries for it and it is entirely unrealistic to think you can prevent access to it.
Exactly!! If not one app there's always another
plus they can program their own if they know how.
exactly ... you cant outlaw maths.
Politicians are retards
@@bluesillybeard it's the only safe way!
"I have nothing to hide" is a terrible argument. Would you be happy for me to walk into your home and take photos of it then? I mean, you have nothing to hide, so you won't mind me just walking in whenever I feel like, right?
Josef goebbels came up with the whole "nothing to hide nothing to fear" thing ya know...
+Wesley Parris
well thats great
What's the correct argument then? Or something that you would likely accept his right to protect his privacy?
when someone tells you that they have nothing to hide, ask them if they would give up their freedom of speech because they had nothing to say.
Yeah your right
"I don't care if the government sees what I'm doing I'm not hiding anything after all."
That's a very dangerous thing to say
The government isn't a secure entity, making a backdoor for them would make it insecure period.
There is another problem with this proposal: Alice and Bob can just use their public keys on a different level, by directly encrypting their messages for example and not the channels at which point this whole idea is broken again, so in the end even if you introduce it it only hits those who are not actually trying very hard to hide something.
What do you mean by channel encryption?
Yeah agreed. Unless encryption is outlawed or they magically can add a backdoor (to be honest the complete DHE and asymetric encryption thing is kind of magic), the criminals can just encrypt it for themselves.
If you outlaw encryption then the only people with access to encryption are outlaws.
chsxtian yeah I agree but my point was more general what is possible not what is reasonable. Because as I see it there is no solution.
You can add your own encryption on top of any communication method. For all we know, lSlS may communicate by bouncing radio signal of the moon. wikipedia.org/wiki/Earth-Moon-Earth_communication
In summary: Social Engineering always wins.
XnecromungerX bBran Brushwood would agree
lol 🤣🤣🤣
@@sebastianjulonchamana2987 wut?
The Mike Pound videos are the best on this channel. He's the only one that seems like he's actually worked in industry or has any real-world experience (at least in recent decades).
I actually like to watch the videos that contain a historical perspective. We have a lot to learn from the past IMHO, we just have to look into it. Past sometimes rhymes with the today and the future, like with mainframes and the cloud. Decades apart (so kind of stone age Vs space age difference), yet they share so many features, strengths, weaknesses and things to be careful about.
He's pretty much the only reason I'm subscribed to Computerphile. His videos are just too interesting to pass up.
Lol yeah I've only watched Mike Pound videos. And one on public private key encryption from some other guy.
Tom Scott and Mike Pound for president! Who cares if they're not American!
+Zac G Why not make them _all the presidents_ of the world?
The right to privacy is essential in any democracy, even if it helps those who would seek to harm us.
YES.
"I have nothing to hide"
Awesome, make a video sharing all your account passwords please
"I have nothing to hide" = people who need to hide the fact that they have things to hide.
Did you know who the first person to say "if you have nothing to hide you have nothing to fear" was?
Josef goebbels. Copy and paste this name into google.
@@annabellethepitty An outstanding point.
Mike Pound's videos are always a pleasure to watch
Even if messaging services did collaborate with governments to add a backdoor, nefarious users could just switch to an alternative system that didn't have one. So there's not really anything we can do to stop this.
exactly. Everybody can just add another layer of encryption with a second public key and decrypting the first layer is literally useless.
Yeah, it's not that hard to do a Vignere with pen and paper or something, and then encrypt it. If I were planning a terrorist attack, I wouldn't just use Whatsapp, I would meet with my coconspirators and share some one-time pads. Vignere with one-time pads has been proven to be unbreakable.
Most criminals are inexperienced and IT illeterate though
assalane I don't know about that. Anyway, they don't need to know all the details of how an app works to be able to switch to an app that has end to end encryption. I bet there are plenty of tor users who don't know how that works
true
I love videos starring Mike, he explains everything so clearly. More Mike videos, please!!
I love that these vids are all coming out as I do the course at uni on them
I'm shocked that Dr Pound didn't mention Signal, the open-source app that invented the encrypted protocol that was later adopted by WhatsApp and Facebook Messenger. Signal solves the problem of data at rest on your device by allowing you to encrypt your message database with a passphrase that is independent of your phone's passcode lock.
I see a Dr. Mike Pound video, I upvote!
I followed a course on Security in Uni one time, and this protocol was praised by the professor quite highly. I love that some blokes just thought of what is essentially quite a simple number transformation and it proves to be incredibly useful everywhere.
Excellent video and excellent explanations by Mike Pound. Thanks for that (except for the "i've got nothing to hide" fallacy).
Best explanation of Diffie-Hellman key eschange Ive seen is in Art of the Problem, an amazing youtube channel
the best explanation of end-to-end encryption on the internet. thanks, computerphile!
Alice seems like an unpleasant person. "What do you want now...?" is not a nice response to what is basically just a "hello". :c
+whamtheman It just seems Bob is always contacting Alice.... :) >Sean
I sense a deeper story brewing. Hopefully love will find a way! :)
Alice: "What do you want now?"
Bob: "You :)"
lol
Bob: "Well, if not you, perhaps a key? Please...?"
The other problem of a server holding unencrypted info is about what the company would do with it, even though i don't have anyting to hide, I wouldn't feel comfortable if i get condoms adds if they find that i got a STD for some reason... And the thing is that they just made it legal..... WHY would I ever consider giving them all of my info?! they don't need to know what my family situation is, they don't need to know WHY i could wear prothesis... It's about privacy, not about having something to hide... Do you want to see a picture that you send a day where you really shouldn't have? Well, I know that some of the above are already true... but I don't want it to go further
Whilst you may have nothing bad to hide, anything you do have can be twisted and used against you by any authority or legal institution. We live in a world where innocence is not a defence anymore.
EgoShredder "Give my six sentences written by the hand of the most honest man in the world, and in them I will find something for which I can hang him"
Paraphrasing slightly, by Cardinal Richelieu I believe (but I may be wrong).
Is the secrecy of correspondence worth anything anymore?
I think the reason why repealing that law makes sense is because the government has no right regulating the Internet like that. The Internet is a privilege, not a right, and we can choose to opt out of it or find our own encryption systems to avoid it. The government is bad at everything it does.
I totally agree with @LastRellik. The reasoning of the government (ANY govt, not just UK) one day might be extended to any kind of electronic messaging, like traditional Emails. Nobody can prohibit me to develop my own personal encryption system, and to use it to encrypt the text part or the attachment of an Email. Or the text of a Whatsapp message. Is the government requesting any part of a message to be written in clear text or attached as breakable standard format like Winzip or Winrar? Unrealistic just like banning the postal service.
I had really expected the line: "So before we declare that insane, let's first look at what that means, and then declare it insane."
He should really clean his monitor...
lol
THANK YOU!
And stop poking it
Now I'm imagining him siting on his chair and going "poke, poke, poke" on his monitor. ^^
Wow. I thought it was a screensaver first. Damn...
Great video! Looking forward for a new one on Hellman's key exchange method!
Brilliant explanation, visual illustrations helped a lot!
I personally do not understand how the home secretary, of all people, doesn't ask computer science experts about the positives and negatives of such a system before saying to the public that it's unacceptable...
Because typical politicians are arrogant bastards, and would dismiss any expert who told them why a plan that brings them more power is a bad idea.
+Sancarn As a rule politicians ignore all expert advice and any evidence presented to them, unless it validates what they already believe in.
Take a look at the enormous amount of cases in history where a politician was warned something he decided was an horrible mistake and decided he knew best... usually with gruesome results.
Then you don't understand that the Governments plan is not to protect you, it's to enslave you.
This is actually what Assange was alluding to in his last interview regarding the CIA hacks. That end to end encryption really didn't matter because they had backdoor access to people's phones, laptops etc... This channel really is a gem!
Exactly. Why do most people not know this? It's public information.
Dr. Mike Pound, you are amazing. Someday I am going to send you an application to join your research in computer vision :D.
He explains these things so well
Couldn’t the server complete a man in the middle attack when Bob and Alice were executing the Diffie-Helman key exchange?
The major problem I have is that we do have forms of encryption that would allow a great deal of investigative ability without making it susceptible to a central point of failure. I've seen encryption which allows you to perform searches for specific things like the presence of a file, a phrase in plain text, audio clips and anything else you could fit into the comparing mechanism (which was generously large). I think it was 6 or 7 years ago when I seen it demonstarted on a Defcon presentation video. The idea behind that was a transparent encryption scheme that allows authorities and security personal to probe for known threats without weakening the encryption in the process. If I remember right it even had layers designs to protect against code injection attacks so that you couldn't write a program with clever queries to break out. Was an all around impressive encryption scheme and it wasn't even one of it's kind, the presented mentioned other variants that provide similar features at different trade offs.
When we have stuff like that laying right in open source space, free for anyone to use. There's no reason why a backdoor should ever be presented as part of regulation. Maybe a regulation that anything crossing public infrastructure must use that type of encryption but not ask to weaken encryption to a master key.
I would love to see a more in-depth video on exactly how this key exchange happens securely with E2EE.
Please do a video on the key exchange, I'm super curious to see how that works
hell yeah its MIKE POUND again!
I like this guy the most on the channel. I am watching every video presented by him lol
I've never smashed that thumbnail as hard as I did when I saw a new computerphile video with Dr Pound with sheer worry in his eyes.
Mike Pound will always be my favorite. Fascinating topics, amazing at explaining things, and easy on the eyes too ;)
I would love to study under Dr. Mike Pound, he is the man.
Love Mike Pound. Wish there be could more videos of him
It's 2022 and I'm back for my refresher lesson
1:35 The fact it's Bob to start texting instead of Alice distrubs me ahahah
“I don’t have anything to hide” 🤦♂️ everyone has things they would tell some people and not others and it doesn’t make you a criminal
keep up the good work guys
long time fan
Can we get a video about how TOTP actually works? I've heard some things about it and it sounded like it was intended to replace 2FA-logins, so it seemed quite interesting to me.
wait so how do two users work out a shared secret key without the server in the middle being able to get that key?
Shaun Dreclin private and public keys. I think they have a video on this. But in short if somebody uses their private key and my public key (in that order) to encrypt something then the only person that can decrypt it is me using my private key. And I know from who it is since I'll have to use the other persons public key to decrypt the mess left by decrypting it with my private key. So the keys never have to be sent.
End-to-end enryption is also passing through the server but server cant read content of messages, diagram shown is more like data flow than path.
Look up Diffie-Hellman Key Exchange en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
They really coudl have gotten into that, because thats the actual interesting thing here.
+Nixitur
Alice and Bob do generate random numbers in the Diffie-Hellman key exchange, and these are the private keys, exactly as I said. Nothing is being encrypted because it is a key exchange. The shared secret is then used as a key (password) by both parties.
Hey, thanks for the explanation!
2 questions tho:
- Why am I able to see my WhatsApp/Telegram messages on my computer, while they were sent/received by/from my phone? Where did my computer took the encryption key from, if not from the server?
- If it's impossible to get the content of the messages with an end to end encryption, why would one country ban Telegram and not WhatsApp? If both of them have an end to end encryption implemented, are they not equally impossible to hack? And should therefore both be banned/not banned
Can we just appreciate what a great job Computerphile is doing? It is just great they are posting so many videos on CS topics. And these are not the usual lecture videos, but short and to the point videos that are fun to watch and we can learn a lot from them! This is really a blessing to CS students.
Thanks, Computerphile!
Thank you, sir
Excellent video! Really broke it down for the layman
These popular cryptography videos rock!! :) thank you very much for them
NICELY EXPLAINED MATE
this guy is insanely brilliant
Your videos are awesome!!
Love the insights. How do password wallets, like LastPass (tm) work?
Basically symmetric encryption. Your passwords and the account they belong to are put in a table, and the table gets encrypted with a key derived from your master PW. It now looks like random bits, until you enter your master PW into the manager, it derives the key again using the same algorithm as before, and decrypts it again.
Idk how exactly it's storing the decrypted database in memory, or finding out where to type in the PW; and there are also additional security measures involved like salting.
Btw, I recommend KeePass/KeePassX/KeePassDroid - they're open source and therefore more trustworthy. ;)
finally another pound of computer science.... gosh, i am horrible with puns :(
4 years later... still trying to make this work...
I wish Dr. Pound had his own channel for us to subscribe to as well.
The truth will set you free. Mighty fine job.
So if you had a group chat in say Facebook messenger, is there one key for the group chat or does it send an individual message to each member and have a key with each individual member?
Another option is to mandate the length of the encryption key so that governments can break it with difficulty if they really want to but it would be impossible to do general surveillance. This is a difficult thing to get right though with the constant increases in computer power available to both governments and private entities.
4:48: See that little dark speck on the desk, just above his right hand? Did that have anyone else trying to clean their screen, too?
"does that make you bob?"
*with a toddler-esque grin* "itdoes :D"
In the example where the messages get decrypted and reencyrpted on the server, couldn't you just encrypt the plain-text messages with yet another key and store that on the server? Then you could hide the decryption key for that somewhere in the mountains of Switzerland or wherever. Then you only take it out when needed and destroy it afterwards.
Not proposing that it would be a good idea, but would it work?
How do we ensure S does forwards Bob's public key to Alice, for example? They are still communicating over the server, what's stopping the server from lying about the public keys and using a generated pair to hold the plaintext messages?
The thing is I don't think anyone would necesserily object to measures that make counter-terrorism an easier thing. What I personally object to is the notion that every message any person ever sends can be subject to scrutany by literally anyone else for any reason...
That seems like a more dangerous situation for anyone to be in.
Time and time again, legislation brought in "for national security" is used to spy on people en masse, often resulting in prosecutions for relatively minor crimes.
I particularly enjoy the cryptography episodes.
I'm unclear about the necessity of this algorithm. What is the exact problem it's solving, that is not being solved by a plain public key exchange?
What's to prevent a server along the way pretending to be Bob to Alice, and Alice to Bob? Or to put it a different way, how do you make sure a public key belongs to the person you're attempting to communicate with?
"It's a problem that if a criminal finds out this flaw..."
There's no organization more criminal than the government.
If one of the phones is compromised, all keys of other phones that this phone communicates with can be found as well right? (Since both parties use the same key)
Yes though one of the reasons why DH is used rather than Public Key Crypto other than it's speed is that the keys can be refreshed often and cheaply. Also DH has to be done again at minimum for every pairing as such if say Alice has a session with Bob and another with Charlie and somehow Malory compromises Bobs phone then yes he can compromise his current session with Alice but not Alice's session with Charlie that has a different key. Also it usually is at most only the current session at risk as DH is usually redone every session sometimes a session is as short as a single message too as the whole DH exchange process on over the internet can be completed in around a second or so it's just as easy to redo it every message or every few minutes in the worst case most commonly.
Both RSA and DH can be used with several exponents during the key agreement (multipliers in case of ECDH), all of which are known by the endpoints and which exponents as "sub-keys" are uploaded separately to different servers of prosecutors, judges and police, of which all need to agree and cooperate to eavesdrop on a single communication channel.
The problem is rather if this level of separation of powers is sufficient seeing what happens to democracies all over the world right now?
I'd like to know more about how KAB is known to both devices without it going through the server - which seems to be the only way the 2 devices can communicate?
Simplified Explanation:
Alice knows an integer a.
Bob knows an integer b.
Everyone knows an integer g.
Alice sends g^a to bob => now bob knows b and g^a.
Bob sends g^b to alice => now alice knows a and g^b.
Alice can calculate (g^b)^a = g^(a*b).
Bob can calculate (g^a)^b = g^(a*b).
Now both know the integer g^(a*b)(=Kab), but an attacker who had listened to their conversation only knows g^a and g^b. And because of some math theorems and stuff he cannot calculate g^(a*b) from g^a and g^b.
An elegant solution, thanks for explaining 👍
"Before we declare that as Insane' lmao😂🤣😂 had me rolling
It's funny, there are so many hackers like hackerlouis05 on Instagram who just use pre-existing tools to launch attacks but hackerlouis05 is the best
"I don't have anything to hide" oh, this naiveté...
7:35 i like the user experience of decrypted messages.
Great video, but I still don't understand how the to end user can share a common encryption key without the server knowing what it is and if it changes for every message, how do they communicate this encryption key between the 2 end users
Its called a Diffie Hellman Key exchange. where both users have a private key that only they know and a public key that anyone can know, even the server. The public keys are interchanged and combined using a modular arithmetic equation. Thanks to this equation, user 1 and user 2 will have the same shared key. This key can only be decrypted with either private keys, which is generated offline or locally. No other number or key can decrypt the message except for the 2 private keys thanks to the mathematical equation and the nature of modular arithmetic. The only way you could possibly figure out what the private keys are, are by manually going through every possible number and you need both keys. the numbers are very large and the fact that you need both makes it completely impossible. where talking very huge numbers. Computerphile has a video about it too and he explains it very nicely
It's interesting how he seems to feel comfortable with the government having access to all his information.
Ahaan Great Work Man !!! (y)
Alice and Bob should be awarded for their contribution to information security.
What is NFC?
Is public key cryptography and ciphers how they encrypt the channel?
How is the server involved if only alice and bob use the shared key?
Awesome video learn alot from.
I envision the original Skype for mobile phones using the radios and or WiFi within to create a network independent of the carriers passing packets along until.they can reach the ipv6 address or imie device intended . Servletts on every device in the iOt space allowing secured member available transport for all joiners. Last thought, so, shall we move decryption to the display it self?
Intersting that while ministers have argued to end e2e encryption they adopted a e2e encrpted messaging app for tory party communications during the election and onwards
I believe that what many governments will do is to force developers to include a feature in the apps to request the decrypted chat history ofna conversation from one of the participants. The server will request the client for that, then the client will just decrypt it on its side and send it to the server
I like how people trust the government... 😶
ahhh let them watch, ive gone out of my way to try to research legal yet uncommon research subjects to true and provoke a response
I have question. Who generates the public keys? Did i understood correct that Alice phone generate both public and private keys (as same for Bob). I know the private key generates by Alice device(phone) but what about the Public key (where its generating)?
How would E2EE work in groups with more than 2 people? Are different keys send to every member of the group?
What if you used the Ka and Kb approach, but with end to end crypto of a public private key pair; like, the server only gets encrypted information that only the government has private keys for.
Are there any other methods to transport/ encrypt data than point to point encryption and end to end encryption?
How is E2EE different from public key cryptography, like pgp. They both establish "tunnel" between two users.
"We want you to deliberately sabotage user security for us."
"No thanks."
"Why won't you help us sabotage security? Don't you have enough hashtags?"