Missed opportunity for a brilliant sponsorship. "For the next step, you're going to have to pause this video and go learn linear algebra. You can probably knock it out in a couple months by signing up for this video's sponsor..."
You explained this really well, like an Indian on a channel with 12 subscribers. Everyone who studied at a university will recognize that this is, in fact, a compliment.
The highest of compliments, really. Also bonus points if the guy looks like he filmed it with the built-in webcam of a decade-old laptop propped _just_ low enough that his head keeps bobbing out of frame.
I don’t think it’s correct to call AES the most advanced symmetric encryption algorithm. AES was revolutionary for its time, but much faster algorithms exist today (e.g: Salsa20/ChaCha20), which are also far easier to implement securely. AES is very fast today, but only because it’s actually implemented in hardware at this point (e.g: the AES-NI extensions for x86), rather than in software. If implemented in software, it wouldn’t really be competitive anymore in terms of speed. Also, AES’s design lends itself to really insecure implementations (e.g: S-Box lookups based on secret data) which lead to side channel leaks.
Well it's just an introduction, and explained in 5 minutes, so that people who don't work in that kind of field can understand what he's talking about. What you said is maybe more precise, however I neither understood what you were saying or why you would be correct, nor will I be able to remember it. So I'll keep in mind that AES is a pretty advanced encryption algorithm and that it might exist even better according to some sources
yeah there are lots of alternatives... but for now it is still fine as we just keep increasing key size. I guess advanced as in the most advancements/development maybe
@@UNHAPPYMEXICANS well it seems 15 people somewhat find a value to it. Informing people is a good thing, however if you're not clear about the information you provide, the purpose is lost.
Wow never thought I would see this here. Vincent Rijmen, one of the 2 guys who designed this system (Daemen and Rijmen → Rijndael) is a professor who gave me algebra at university.
Funnily enough, I was at a lecture several months ago given by Joan Daemen in Prague at my university about permutation based cryptography. He's also one of the guys who developed SHA-3. Insanely talented people
I feel bad for someone who actually paused this video and actually spent months learning about linear algebra and took some university classes and unpaused the video when they masted it only to find out that their knowledge is thrown out of the window
Fun fact, the guy teaching linear algebra for the science of engineering at my local college *is* Vincent Rijmen, one of the guys who invented this encryption!
dw matrix multiplication is simple and can be learned in a single video, cutting down your time from never to still never but you save a few thousand in tuition
I’m a cryptographer. We don’t actually know whether AES is practically unbreakable or not - in fact nobody knows whether anything can be practically unbreakable at all, if you want to use a key more than once! The best we have is “a lot of smart people have tried very hard to break it, and they haven’t managed to”.
It is mathematically unbreakable, that is proven by multiple math professors. So far, no one has been unable to proof them wrong (no flaws are found so far and the cypher exists for over 25 years). Even if you get your hands on a quantum computer, so still need some sort of attack vector. Using the same key over and over again is not a fault of the algorithm but by the user. About 15 years or so, there was a company that offered a million dollar payout if someone was able to decrypt their AES encrypted data. Never read that someone actually was able to claim it...
@@2Fast4Mellow Unfortunately I'm pretty sure that is false; it has not been mathematically proven secure. (You will have difficulty tracking down a source for your claim that it's been proven "by multiple math professors"; you either misremembered or misunderstood something.) It probably is mathematically secure, based on the circumstantial evidence we have, but AFAIK that's still unproven. (Also, of course, even though AES is probably mathematically secure, side-channel attacks exist, and have successfully broken various AES implementations.)
Does AES define a key exchange method? As I understand it, most (but not all) key exchanges rely on the difficulty of prime factorization, which is susceptible to attacks using Shor's algorithm (assuming we eventually develop the hardware necessary).
@@2Fast4Mellow this is completely incorrect in multiple ways. In particular there is only one cipher that can possibly be unbreakable: the one-time pad, which does not allow key reuse. *Practical* unbreakability is another matter, and allowing this weaker condition does make it possible to reuse keys. It has never been proven that AES (or anything at all) satisfies this, as it would imply P ≠ NP which is a famous open problem. Key reuse is *not* a bad thing or “the fault of the user”. It would be incredibly useless if your cipher required a new key for every message. When used correctly, AES is believed to be secure even when many millions of messages are sent with the same key.
@@SupaKoopaTroopa64 RSA key exchange (using integer factorisation) has been considered legacy for many years now as it does not have forward secrecy. The most common modern protocol is ECDH, which uses the discrete logarithm problem. This is also susceptible to Shor’s algorithm, but there are newer key exchange methods believed to be secure even against a quantum computer.
The only encryption that can't be cracked given infinite time is a one time pad. AES is "good enough" and serves a purpose of a private-key encryption system that can allow for a short, repeatable key for many encryptions.
That's what I was thinking, I was pretty sure that (only) OTP used _correctly_ would be truly un-"bruteforceable", at least that's what I learned when I covered cryptography. Of course, "correctly" being the key word...
@@ReliableDragon Depends on exactly how the quantum encryption is implemented. Quantum key exchange lets two sides establish an encryption key that can't be intercepted. If they then use said key in a one time pad, then you are correct that their encrypted messages will be unbreakable. However if anything changes in that process (if the key can be intercepted or partially deduced, if they don't use one time pad, etc), then it's still potentially breakable even if they send messages using a quantum channel.
That 256 bit password in clear text is totally something I would use and have used silliness in my passwords before. I used to use some form of "I hate this " as my work password. But funny enough, I had to let a coworker log in for me once after an injury. The laughing was fun.
My go to password is a random system-generated password that I just memorized over the years. It has no logical form, and is just random characters, but I couldn't forget it if I tried. Works perfectly.
I made my new password fuck(place) now, because they wouldn't be able to get it anyway (if they did, well this would be a decent way to find out they have horrible password storage practices)
@@j.p.obregon1415 Anyone who wants to do this should be careful. If one place has bad security and gets compromised your password is permanently linked to your login details. Any other place where you use the same sign in would be potentially compromised. I recommend anyone reading my comment with 20 minutes to spare to look up the current options for password managers (local and cloud based), and 2 factor authentication.
Your company might've stored your password in plaintext on their backend, and if they did, they could've known your little secret. But of course they would never be able to tell you or fire you, because that would mean admitting to reading their employees' passwords, lol
You're kind of right. There's an encryption system called a One-Time Pad. You just need a truly random sequence that is as long as your message and a secure way of storing/transmitting it. You then XOR your message with the random sequence and it's unbreakable. (Don't ever reuse the random sequence though; it's only good once, hence "One-Time") The reason we go to so much trouble with other encryption algorithms is to be able to use short keys.
@@gangstreG123 that's like claiming nothing in the universe is random therefore God must exist and have a plan... Humans may be bad at doing things randomly but it isn't impossible.
Description of the algorithm is pretty accurate.... However, calling it the most advanced encryption is actually wrong. Rijndael competed against two other ciphers for the AES designation. Twofish and Serpent were the others, and known at the time to be more complex and probably more secure. However, one of the reasons Rijndael won was because it was likely easier to make performant on any hardware, and the security margin - while less than the others - was still sufficient that we could trust it.
He might not have explained what he meant, but the usage is correct, "Brute Force" meaning "Trying every single possibility until you find the right one, possibly with some optimizations", and brute-forcing your way through the algorithm would indeed take an impossible amount of time. Or, if you want more precision, it's *expected* to take an impossible amount of time. There's a very small but nonzero chance your first guess would be the correct one, or that you'd find the right one relatively quickly, but that's such a small chance that it's negligible.
Not a bad explaination for this short of a time. I would just add that this is a symmetric encryption and there is also asymmetric encryption. And that Websites (and many other software) use a combination of both. One of the big problems with an encrypted connection is the key exchange, because both parties need the key, but that key should not be sent, because then everyone can read it. But this is a video for its own. :D
@@ur_a_neerd Ever tried a key exchange using Diffie-Hellmanns algorithm? If you watch it mathematically it will blow your mind... much smarter and simpler than RSA (which is not bad either)
@@klein648 Yea, I've heard of the Diffie-Hellmanns algorithm, but I don't think it is quantum resistant so for now it doesn't really matter if you use rsa or diffie-hallmanns because they both get the job done and both have the same problems.
AES encryption is usually very breakable because devs usually implement things awfully and/or use static values for some of the parameters required to encrypt.
Not what are you doing, but that's a nice flex. Truly, sometimes it is nice to descend down from luxury to go back to being simple. Not being sarcastic and mocking you.
Mannnn i love the script u prepared.. There are oly so many videos out there that I have trouble following at normal speeds.. This one absolutely makes it.. Amazed to say the least
So glad there wasn't a VPN ad at the end boasting "Military Grade Encryption", since Military Grade Encryption is just a fancy name for AES, which almost every website provides by default because HTTPS
The only "completely" unbreakable encryption system is one-time pad, everything else can be broken, given enough time and data, hence the video title is factually incorrect. AES is a cypher that is about impossible to break with the current computer power at a reasonable time, and for an encryption _system_, proper IV/key size/generation/rotation and non-leaky side channels are also important. And also that we won't find any flaws in the Feistel nets in the future and specificly the one that is used for AES.
By 2:27 we're talking about the basis of encryption: XOR however after this point I think its way less important to understand the technical process and more the characteristics that make the algorithm secure. An XOR function reversible and only as predictable as it's key. A random key is impossible to crack. But the problem becomes how do you know this key and who should know about it. By only having the key known by one party the key is ALSO authentication as well as encipherment. The text is scrambled but we also know by who and that no one else is involved. It's these characteristics all together than make up a protocol thats actually secure.
AES is not "Completely Unbreakable", it can be IND-CCA2 secure in GCM mode. An actual (information) theoreticly unbreakable cipher is the one-time-pad.
@@ddermend you are the one who doesn't seem to know what a OTP is... Lol While it can be broken eventually by brute force (so can literally anything) and the only way we have actually broken them in reality is to find the code book telling us how to decode it that the person on the other end intended to receive the message can use. Now remain upset little child, and go back to your school and learn...
ChaCha (usually 20 rounds) is also popular now, because it is much less power/processing intensive, stronger, and harder to mess up implementing (there are many, many, many ways to screw up implementing AES).
This computer stuff is so complex to me and so alien. I can’t even comprehend how ones and zeroes make up everything. How the fuck do you know which sequence is what? Glad there are people out there who understand this.
Im sorry, computer scientist here, you are describing what AES encryption would do, however AES encryption is not secure enough to store sensitive data, as one key can decrypt and encrypt data, how the NSA and any encryption really on the internet is done is using RSA, more specifically the SSL protocol, This has two keys, a public key that can be used to encrypt messages and a private key that lets you decode messages, the public key can be shared securely for people to encrypt messages intended for you to read only, then using your private key you may decrypt that data, this method is the industry standard
I took a cryptography class in college, and this was a good refresher of Rijndael. That said, it's probably not where I would start if I had to explain encryption methods to someone...
Here are some more information, please correct me if I'm wrong: I'd describe diffusion as follows: A change in a single cell of the table should cause all other cells to change. Imagine someone would give you a black box with the key inside. You can choose the input and look at the output. First you put in "ABCDEFGHIJKLMNOP" and second you put in "BBCDEFGHIJKLMNOP". It's a change in the first letter. Without the last step you would get (that's just an example) "OJEBEFGHIUGEGFZL" for the first and "AJEBEFGHIUGEGFZL" for the second word. You see, that the change just in one Byte. The Mix Columns (matrix multiplication) "smears" cells column-wise. Imagine this: You use the 4x4 grid and put a little bit of butter on the top left cell. Then you shift the rows (nothing happens as you don't shift the first row and the other rows are empty). Then you use a squeegie from top to bottom. Now there's butter in every cell of the first column. Afterwards you perform the shift rows operation: Now you have butter on 4 cells but each cell is in a different column. When we perform mix rows now, you have butter all over the 4x4 matrix. To put it like this: Shift Rows allows the vertical smearing of Mix Columns to propagate to every cell. To quote our professor: "If you use a modern encryption algorithm: It's just as good as your resistance to waterboarding."
I mean technically AES isn't unbreakable due to the possibility of implementation attacks in certain scenarios. For example if we had an embedded device that did AES encryption and we could capture the ciphertext and traces on Vcc we could perform a Differential Power Analysis or Correlational Power Analysis attack to determine the secret key.
AFAIK, it is neither proven nor disproven whether AES is breakable. Also, I think dozens of people are currently working on either proving it is unbreakable or (in my opinion somewhat more likely *) breaking it. But it is kind of proven that it is hard to break just by how old it is and how many things use it. Also, there is a difference in the initial and final round and the other ones. * because AES predecessor DES was also believed hard to break. I often heard in the community, that with the increase in cryptographic knowledge and computing time it will be broken at some point. Even if it is in 1000 years.
As with all security measures, it's more a matter of "make it so hard that the time and resource investment is not worth it" rather than "make it truly impossible to get through" Even if AES is breakable, it takes so long and so much effort to guess ONE key... That even if you could get it done in a timely manner, by the time you did that, it'd be as easy as the victim choosing a new key
For more details, XOR is addition in AES and subtraction in AES just happened to be the same as addition. For the linear algebra (matrix multiplication) parts, hopefully you successfully learn it from your community college math class, and be able to throw it out of the window. The addition is XOR there, and the multiplication is polynomials multiple another polynomials (the hexadecimal number is the representation of factors of a polynomial). In fact it will be way more interesting to explain how to decrypt AES (it is almost the same as encryption) and saying "how you can crack any VPN encryption".
0:00 Oh a video about OTP (one time pad) that would be interesting. 0:10 Nope. Not unbreakable. Bad video title (not click bait, just inaccurate) but will still watch. I hope you do another video on OTP. 1:38 in this case text/plain UTF-8. UTF-8 everywhere no exceptions. 3:00 there's not really degrees of random but I guess there's cryptographically secure random. 4:50 Number of possible guesses are 2^128 (3e38), 2^192 (6e57), and 2^256 (1e77). The giant number you showed is the last one (1x10^77). An important point here is that because of the complexity of the encryption each guess takes a good chunk of time which makes the entire time to brute force so impracticable that it's secure (but only OTP is perfect encryption). At one hundred trillion guesses per second (something a large hacking group could do if AES wasn't so slow) vs the smallest key (2^128) would take 107,903 x 1 trillion years which only about a third as old as the universe (2e45). So your early estimate of "only billions of years" is far too low. 4:52 but you're 8 seconds early!
That 16 small box merged into one square with a handle of an Arc, either a pro- God Angel Arc or Ambitious Angel Arc. The heart sign in Valentines day have 2 Arcs.
and thats why the easiest way to break into things is to call the old guy in charge of everything as if you need the password for something that will make him money
its worth noting that rijndael might not be completely unbreakable (proving it is hard is an incredibly hard open problem in mathematics), but for all practical purposes it is
i have a linear algebra test in 2 days that im not studying for right now so that was kind of meta but i did understand what you were saying so maybe i'll do fine on it
Actually a rather decent explanation to be fair. Not flawless, but decent. The main strength of AES is that it doesn't put any arbitrary limitations onto our key choice. But this is true for practically all symmetric key encryption systems. There is also public key encryption that is rather useful for exchanging symmetric keys and public key encryption can also be used to signing data. But public key encryption more or less always boils down to "one way functions" that are hard to reverse. As a simple example, 43^6 is easy to compute, but the sixth root of 6321363049 is far harder to compute. But if someone finds an efficient method to do the "one way function" the other way, then the whole thing falls apart fairly quickly. But public key encryption use way harder one way functions that are fairly intensive to do in the correct way to start with, so one don't want to encrypt a whole message with it. And this is why public key encryption is mostly used for key exchange and for signing hash sums.
I can sleep well knowing that the ten messages a day I get from my mom through facebook messenger are encrypted with a government level algorithm that uses two kinds of diffusion (and a really good box). My information is sooo safe in that beautiful corporation's hands.
Don't worry, there is at least one three letter agency storing all the traffic they can until they achieve quantum supremacy and can break asymmetric crypto used for key exchanges, thereby getting the key used to encrypt all the other traffic.
Let me add a shameless plug here. I have an AES-128 encryption app for Android in the Play Store. I use it occasionally to share secrets with my close buddies that I don't want people who touch my phone to see. I could upgrade the app to use AES-256 without much trouble but I lost the original repo.
the only one that can *provably* not be cracked, however a lot of algorithms currently in use such as Rijndael/AES, RSA, ECC-Curve25519, ChaCha20, etc. are technically unproven but also as of yet unbroken.
So, I have the bell highlighted, but didn't get the last five or so video notifications, I seriously thought Sam just took a long vacation cause of the many hotel related toks he uploaded
"For the next step you're going to have to pause this video and learn linear algebra" - ugh, cue flashbacks... so happy that lecture and exam is years behind me. This is a fairly decent explanation, honestly, though a lot is cut out obviously. But as surface level explanations go it's pretty good.
The Rijndael s-box is actually not required. You can use any s-box, and the AES encryption will still work. Some boxes are better than others, but even a mediocre one should be more than adequate. The upside of using the Rijndael s-box is that it satisfies certain "optimality" properties with respect to lack of correlation. The downside is that the standard was designed by a third party that you might not trust (maybe Rijndael was working for the NSA or something). It shouldn't be possible to hide any kind of backdoor in that box, but just in case, you can always ditch it and use your own.
1:56 if its 2 ones carry a one and drop a 0 and if its three ones (if u carry a one and the next set of digits is 1,1) drop a one and carry a one to the next set of digits 1001, 9 1101, 5 = 1110, 14 Ex 2 1101, 13 1100, 12 = 11001, 25
I kept seeing this in a custom game server software, the package name really throws me off but not enough to make me search it up. So this helps a lot, thanks!
What's the hardest part of encryption? It is the decryption process to obtain the original message. Just give a message "Your encryption key is atleast 4 characters long and you will notice the depression in the theif's face"
As someone with a math degree, the reason multiplying by that matrix is okay is because it is invertible (kind of like how the xor operation was invertible)
This is a great video to explain to non-tech guys about AES (if you have technical know-how the excellent channel Computerphile did a more technical explanation of it)
You use bricks. They are unbreakable encryption system. I would go on explaining it, but... This video is about bricks. Bricks are...
They used blocks, and what are blocks if not a kind of brick?
I'm missing bricks for so much
why everyone makes found video thing
Think you mean enbricktion system
Briiiiiiiiiicks!!!!!!!!!!!!!!!!!!!!!!!!!!
Missed opportunity for a brilliant sponsorship. "For the next step, you're going to have to pause this video and go learn linear algebra. You can probably knock it out in a couple months by signing up for this video's sponsor..."
yea, or segue from encryption to vpns lmao.
...raid shadow legends
You explained this really well, like an Indian on a channel with 12 subscribers.
Everyone who studied at a university will recognize that this is, in fact, a compliment.
As an Indian this is true, but the video has like 10 million views.
The highest of compliments, really.
Also bonus points if the guy looks like he filmed it with the built-in webcam of a decade-old laptop propped _just_ low enough that his head keeps bobbing out of frame.
I don’t think it’s correct to call AES the most advanced symmetric encryption algorithm. AES was revolutionary for its time, but much faster algorithms exist today (e.g: Salsa20/ChaCha20), which are also far easier to implement securely. AES is very fast today, but only because it’s actually implemented in hardware at this point (e.g: the AES-NI extensions for x86), rather than in software. If implemented in software, it wouldn’t really be competitive anymore in terms of speed. Also, AES’s design lends itself to really insecure implementations (e.g: S-Box lookups based on secret data) which lead to side channel leaks.
Well it's just an introduction, and explained in 5 minutes, so that people who don't work in that kind of field can understand what he's talking about.
What you said is maybe more precise, however I neither understood what you were saying or why you would be correct, nor will I be able to remember it.
So I'll keep in mind that AES is a pretty advanced encryption algorithm and that it might exist even better according to some sources
Nerd
yeah there are lots of alternatives... but for now it is still fine as we just keep increasing key size. I guess advanced as in the most advancements/development maybe
@@HaydenNK3 he's just trying to inform people. I don't see what value your comment adds.
@@UNHAPPYMEXICANS well it seems 15 people somewhat find a value to it. Informing people is a good thing, however if you're not clear about the information you provide, the purpose is lost.
Wow never thought I would see this here. Vincent Rijmen, one of the 2 guys who designed this system (Daemen and Rijmen → Rijndael) is a professor who gave me algebra at university.
Are they still at KU Leuven? Its been ages so things might have changed since I was there
@@StratosTitan Joan Daemen currently teaches at Radboud University in Nijmegen, NL. I'm following one of his courses there.
@@StratosTitan Vincent Rijmen still gives algebra at KU Leuven
Funnily enough, I was at a lecture several months ago given by Joan Daemen in Prague at my university about permutation based cryptography. He's also one of the guys who developed SHA-3. Insanely talented people
@@joohanv1 Cool! Was it the course "Intro to Crypto"? Joan Daemen taught me AES and SHA-3 there last year.
As someone with an academic background in cryptography, I have to say that this video is a good introduction to AES :)
v
As someone that works as a cryptography engineer, I agree.
@RedDot bot lolol
As someone who watched cryptography videos on TH-cam, I'm still not sure why I watch these.
I feel bad for someone who actually paused this video and actually spent months learning about linear algebra and took some university classes and unpaused the video when they masted it only to find out that their knowledge is thrown out of the window
We are victims here. We must unite and start a group. Hereby I declare Algebra Anonymous founded.
Fun fact, the guy teaching linear algebra for the science of engineering at my local college *is* Vincent Rijmen, one of the guys who invented this encryption!
it only came out 45 minutes ago, are you from the future?
@@Snakke40 lol I had algebra from him.
dw matrix multiplication is simple and can be learned in a single video, cutting down your time from never to still never but you save a few thousand in tuition
I’m a cryptographer. We don’t actually know whether AES is practically unbreakable or not - in fact nobody knows whether anything can be practically unbreakable at all, if you want to use a key more than once!
The best we have is “a lot of smart people have tried very hard to break it, and they haven’t managed to”.
It is mathematically unbreakable, that is proven by multiple math professors. So far, no one has been unable to proof them wrong (no flaws are found so far and the cypher exists for over 25 years).
Even if you get your hands on a quantum computer, so still need some sort of attack vector. Using the same key over and over again is not a fault of the algorithm but by the user.
About 15 years or so, there was a company that offered a million dollar payout if someone was able to decrypt their AES encrypted data. Never read that someone actually was able to claim it...
@@2Fast4Mellow Unfortunately I'm pretty sure that is false; it has not been mathematically proven secure. (You will have difficulty tracking down a source for your claim that it's been proven "by multiple math professors"; you either misremembered or misunderstood something.) It probably is mathematically secure, based on the circumstantial evidence we have, but AFAIK that's still unproven.
(Also, of course, even though AES is probably mathematically secure, side-channel attacks exist, and have successfully broken various AES implementations.)
Does AES define a key exchange method? As I understand it, most (but not all) key exchanges rely on the difficulty of prime factorization, which is susceptible to attacks using Shor's algorithm (assuming we eventually develop the hardware necessary).
@@2Fast4Mellow this is completely incorrect in multiple ways. In particular there is only one cipher that can possibly be unbreakable: the one-time pad, which does not allow key reuse. *Practical* unbreakability is another matter, and allowing this weaker condition does make it possible to reuse keys. It has never been proven that AES (or anything at all) satisfies this, as it would imply P ≠ NP which is a famous open problem.
Key reuse is *not* a bad thing or “the fault of the user”. It would be incredibly useless if your cipher required a new key for every message. When used correctly, AES is believed to be secure even when many millions of messages are sent with the same key.
@@SupaKoopaTroopa64 RSA key exchange (using integer factorisation) has been considered legacy for many years now as it does not have forward secrecy. The most common modern protocol is ECDH, which uses the discrete logarithm problem. This is also susceptible to Shor’s algorithm, but there are newer key exchange methods believed to be secure even against a quantum computer.
The only encryption that can't be cracked given infinite time is a one time pad. AES is "good enough" and serves a purpose of a private-key encryption system that can allow for a short, repeatable key for many encryptions.
That's what I was thinking, I was pretty sure that (only) OTP used _correctly_ would be truly un-"bruteforceable", at least that's what I learned when I covered cryptography. Of course, "correctly" being the key word...
Correct me if I'm wrong, but isn't quantum encryption also unbreakable, since if you attempt to intercept the message you alter it in the process?
@@ReliableDragon Depends on exactly how the quantum encryption is implemented. Quantum key exchange lets two sides establish an encryption key that can't be intercepted. If they then use said key in a one time pad, then you are correct that their encrypted messages will be unbreakable.
However if anything changes in that process (if the key can be intercepted or partially deduced, if they don't use one time pad, etc), then it's still potentially breakable even if they send messages using a quantum channel.
@@fetchstixRHD OTP is the easiest method to use incorrectly as well.
That 256 bit password in clear text is totally something I would use and have used silliness in my passwords before.
I used to use some form of "I hate this " as my work password. But funny enough, I had to let a coworker log in for me once after an injury. The laughing was fun.
My go to password is a random system-generated password that I just memorized over the years. It has no logical form, and is just random characters, but I couldn't forget it if I tried. Works perfectly.
I made my new password fuck(place) now, because they wouldn't be able to get it anyway (if they did, well this would be a decent way to find out they have horrible password storage practices)
@@j.p.obregon1415 Anyone who wants to do this should be careful. If one place has bad security and gets compromised your password is permanently linked to your login details. Any other place where you use the same sign in would be potentially compromised.
I recommend anyone reading my comment with 20 minutes to spare to look up the current options for password managers (local and cloud based), and 2 factor authentication.
@@j.p.obregon1415 good luck changing it when it doesn't meet service requirements:)
Your company might've stored your password in plaintext on their backend, and if they did, they could've known your little secret. But of course they would never be able to tell you or fire you, because that would mean admitting to reading their employees' passwords, lol
How To Design A Completely Unbreakable Encryption System : Just scramble everything randomly. You didn't say you needed to be able to unencrypt it.
Me when the examination question tells me to explain in my own words:
You're kind of right.
There's an encryption system called a One-Time Pad. You just need a truly random sequence that is as long as your message and a secure way of storing/transmitting it. You then XOR your message with the random sequence and it's unbreakable. (Don't ever reuse the random sequence though; it's only good once, hence "One-Time")
The reason we go to so much trouble with other encryption algorithms is to be able to use short keys.
The thing about computers is that they're never truly random (and neither are you)
@@gangstreG123 that's like claiming nothing in the universe is random therefore God must exist and have a plan...
Humans may be bad at doing things randomly but it isn't impossible.
That's actually breakable
Description of the algorithm is pretty accurate.... However, calling it the most advanced encryption is actually wrong. Rijndael competed against two other ciphers for the AES designation. Twofish and Serpent were the others, and known at the time to be more complex and probably more secure. However, one of the reasons Rijndael won was because it was likely easier to make performant on any hardware, and the security margin - while less than the others - was still sufficient that we could trust it.
Answer: Watch this video. You're now fully qualified to "Design A Completely Unbreakable Encryption System"!
I just added 10 years of experience in AES encryption to my résumé
This will help to accomplish tasks and get $BIB Token Airdrop! $20,000 worth of BIB Tokens will be airdropped to participating users
I like when "Brute Force" hacking in media are just used as magic hacking words.
I mean he’s used it in a correct manner.
He might not have explained what he meant, but the usage is correct, "Brute Force" meaning "Trying every single possibility until you find the right one, possibly with some optimizations", and brute-forcing your way through the algorithm would indeed take an impossible amount of time. Or, if you want more precision, it's *expected* to take an impossible amount of time. There's a very small but nonzero chance your first guess would be the correct one, or that you'd find the right one relatively quickly, but that's such a small chance that it's negligible.
Not a bad explaination for this short of a time.
I would just add that this is a symmetric encryption and there is also asymmetric encryption.
And that Websites (and many other software) use a combination of both. One of the big problems with an encrypted connection is the key exchange, because both parties need the key, but that key should not be sent, because then everyone can read it. But this is a video for its own. :D
key exchange isnt that hard using rsa
@@ur_a_neerd as the OP said, asymmetric ciphers exist. RSA is not quantum resistant and should be discouraged in the near future
@@ur_a_neerd Ever tried a key exchange using Diffie-Hellmanns algorithm? If you watch it mathematically it will blow your mind... much smarter and simpler than RSA (which is not bad either)
@@klein648 Yea, I've heard of the Diffie-Hellmanns algorithm, but I don't think it is quantum resistant so for now it doesn't really matter if you use rsa or diffie-hallmanns because they both get the job done and both have the same problems.
"Sounds like a challenge."
Pulls out TI-81 calculator.
It can be done with a TI-Nspire
Funnily enough had a class about this exact same topic 2 days ago. This is very well explained
AES encryption is usually very breakable because devs usually implement things awfully and/or use static values for some of the parameters required to encrypt.
It doesn't matter how good the encryption is if your agents keep leaving passwords on post it notes
Just finished watching this on Nebula but for once I actually wanted to see the sponsor lol
Not what are you doing, but that's a nice flex. Truly, sometimes it is nice to descend down from luxury to go back to being simple. Not being sarcastic and mocking you.
This is literally hardcore sudoku
Mannnn i love the script u prepared.. There are oly so many videos out there that I have trouble following at normal speeds.. This one absolutely makes it.. Amazed to say the least
Idk how I was suggested here as I was listening to the song “Gandi- Criminal “ 🔥🔥
So glad there wasn't a VPN ad at the end boasting "Military Grade Encryption", since Military Grade Encryption is just a fancy name for AES, which almost every website provides by default because HTTPS
The only "completely" unbreakable encryption system is one-time pad, everything else can be broken, given enough time and data, hence the video title is factually incorrect. AES is a cypher that is about impossible to break with the current computer power at a reasonable time, and for an encryption _system_, proper IV/key size/generation/rotation and non-leaky side channels are also important. And also that we won't find any flaws in the Feistel nets in the future and specificly the one that is used for AES.
AES doesn't use Fiestel networks.
There a ton of variations on OTP that are also unbreakable, such as using XOR or addition modulo and integer.
@@happypandaface710 Those are not variations lmao.
By 2:27 we're talking about the basis of encryption: XOR however after this point I think its way less important to understand the technical process and more the characteristics that make the algorithm secure. An XOR function reversible and only as predictable as it's key. A random key is impossible to crack. But the problem becomes how do you know this key and who should know about it. By only having the key known by one party the key is ALSO authentication as well as encipherment. The text is scrambled but we also know by who and that no one else is involved. It's these characteristics all together than make up a protocol thats actually secure.
This feels like a video the TA would play at the beginning of class because the professor is running late.
I didn’t understand this at all whatsoever but I love hearing my half favorite youtuber talk
AES is not "Completely Unbreakable", it can be IND-CCA2 secure in GCM mode. An actual (information) theoreticly unbreakable cipher is the one-time-pad.
no.
yes.
@@ddermend yes. OTP is the only true security, the flaw in it being the person, the human element, something we can't remove.
it only shows , that you both dont have a slightest idea on this matter.
@@ddermend you are the one who doesn't seem to know what a OTP is... Lol
While it can be broken eventually by brute force (so can literally anything) and the only way we have actually broken them in reality is to find the code book telling us how to decode it that the person on the other end intended to receive the message can use.
Now remain upset little child, and go back to your school and learn...
As someone who used to work in the IT security industry this is a good introduction.
3:35 "you can probably knock [linear algebra] out in a couple of months by taking night classes"
*proceeds to show physics based lecture*
Next video: how to crack this encryption
lol
All HAI had to do to get engagement on this encryption video is say that AES is completely unbreakable, et voila! Fair play to you sir.
ChaCha (usually 20 rounds) is also popular now, because it is much less power/processing intensive, stronger, and harder to mess up implementing (there are many, many, many ways to screw up implementing AES).
This computer stuff is so complex to me and so alien. I can’t even comprehend how ones and zeroes make up everything. How the fuck do you know which sequence is what? Glad there are people out there who understand this.
Lmao the FBI bricks easter egg on the thumbnail
Im sorry, computer scientist here, you are describing what AES encryption would do, however AES encryption is not secure enough to store sensitive data, as one key can decrypt and encrypt data, how the NSA and any encryption really on the internet is done is using RSA, more specifically the SSL protocol, This has two keys, a public key that can be used to encrypt messages and a private key that lets you decode messages, the public key can be shared securely for people to encrypt messages intended for you to read only, then using your private key you may decrypt that data, this method is the industry standard
I took a cryptography class in college, and this was a good refresher of Rijndael. That said, it's probably not where I would start if I had to explain encryption methods to someone...
Finally! I get to apply the linear algebra I learned in college outside a college environment!
2:52 "I could spend an hour talking about why this box is such a good box..."
This better be on Nebula.
Here are some more information, please correct me if I'm wrong:
I'd describe diffusion as follows: A change in a single cell of the table should cause all other cells to change. Imagine someone would give you a black box with the key inside. You can choose the input and look at the output.
First you put in "ABCDEFGHIJKLMNOP" and second you put in "BBCDEFGHIJKLMNOP". It's a change in the first letter. Without the last step you would get (that's just an example) "OJEBEFGHIUGEGFZL" for the first and "AJEBEFGHIUGEGFZL" for the second word.
You see, that the change just in one Byte.
The Mix Columns (matrix multiplication) "smears" cells column-wise.
Imagine this: You use the 4x4 grid and put a little bit of butter on the top left cell. Then you shift the rows (nothing happens as you don't shift the first row and the other rows are empty). Then you use a squeegie from top to bottom. Now there's butter in every cell of the first column.
Afterwards you perform the shift rows operation: Now you have butter on 4 cells but each cell is in a different column. When we perform mix rows now, you have butter all over the 4x4 matrix.
To put it like this: Shift Rows allows the vertical smearing of Mix Columns to propagate to every cell.
To quote our professor: "If you use a modern encryption algorithm: It's just as good as your resistance to waterboarding."
BEST TH-cam INTRO OF THE YEAR AWARD. All those in agreement say aye.
Ok and what does that have to do with bricks? As far as everyone is concerned this channel is fully dedicated to bricks
I mean technically AES isn't unbreakable due to the possibility of implementation attacks in certain scenarios. For example if we had an embedded device that did AES encryption and we could capture the ciphertext and traces on Vcc we could perform a Differential Power Analysis or Correlational Power Analysis attack to determine the secret key.
Bitslicing implementations generally avoid this side channel, but unfortunately they’re much more complicated than the naïve approach.
@@EverythingExceptThat Very true, it's an unlikely scenario but I hope it at least gets the point across
You know, I never expected to see Boolean Logic and Linear Algebra in a HAI video.
AFAIK, it is neither proven nor disproven whether AES is breakable.
Also, I think dozens of people are currently working on either proving it is unbreakable or (in my opinion somewhat more likely *) breaking it.
But it is kind of proven that it is hard to break just by how old it is and how many things use it.
Also, there is a difference in the initial and final round and the other ones.
* because AES predecessor DES was also believed hard to break.
I often heard in the community, that with the increase in cryptographic knowledge and computing time it will be broken at some point. Even if it is in 1000 years.
As with all security measures, it's more a matter of "make it so hard that the time and resource investment is not worth it" rather than "make it truly impossible to get through"
Even if AES is breakable, it takes so long and so much effort to guess ONE key... That even if you could get it done in a timely manner, by the time you did that, it'd be as easy as the victim choosing a new key
@@AustinCameron AES is Quantum resistant
@@AustinCameron quantum computer are for breaking public key cryptography.
Imagine when u crack the encryption its was just a Rick roll this entire time
2:59 it's actually correct phrase in CS to say so randomly because random may vary on a the computer world
For more details, XOR is addition in AES and subtraction in AES just happened to be the same as addition.
For the linear algebra (matrix multiplication) parts, hopefully you successfully learn it from your community college math class, and be able to throw it out of the window. The addition is XOR there, and the multiplication is polynomials multiple another polynomials (the hexadecimal number is the representation of factors of a polynomial).
In fact it will be way more interesting to explain how to decrypt AES (it is almost the same as encryption) and saying "how you can crack any VPN encryption".
If ever there was a perfect spot for a Brilliant sponsorship!
As an unbreakable encryption, I can confirm this is how we do it
0:00 Oh a video about OTP (one time pad) that would be interesting.
0:10 Nope. Not unbreakable. Bad video title (not click bait, just inaccurate) but will still watch. I hope you do another video on OTP.
1:38 in this case text/plain UTF-8. UTF-8 everywhere no exceptions.
3:00 there's not really degrees of random but I guess there's cryptographically secure random.
4:50 Number of possible guesses are 2^128 (3e38), 2^192 (6e57), and 2^256 (1e77). The giant number you showed is the last one (1x10^77). An important point here is that because of the complexity of the encryption each guess takes a good chunk of time which makes the entire time to brute force so impracticable that it's secure (but only OTP is perfect encryption). At one hundred trillion guesses per second (something a large hacking group could do if AES wasn't so slow) vs the smallest key (2^128) would take 107,903 x 1 trillion years which only about a third as old as the universe (2e45). So your early estimate of "only billions of years" is far too low.
4:52 but you're 8 seconds early!
Thank you for explaining something that I never understood, and confirmed that I never will.
Alice and Bob would be proud
Eve is pissed, though.
That 16 small box merged into one square with a handle of an Arc, either a pro- God Angel Arc or Ambitious Angel Arc. The heart sign in Valentines day have 2 Arcs.
Rijndael entropy is so perfect it gets me rock hard
You were already perfectly safe from me 30 seconds into the video. XD
I took Linear Algebra in undergrad and HATED IT!!! Thanks for the nightmare fuel 🙂.
Make a video about how much tea one would need to dump into the boston harbor until it tastes good
dude im certainly thinking about that stock footage now
and thats why the easiest way to break into things is to call the old guy in charge of everything as if you need the password for something that will make him money
I emailed the inventor of this algorithm and he emailed me back :)
its worth noting that rijndael might not be completely unbreakable (proving it is hard is an incredibly hard open problem in mathematics), but for all practical purposes it is
Stealing data from people stealing your data? What a good idea!
i have a linear algebra test in 2 days that im not studying for right now so that was kind of meta but i did understand what you were saying so maybe i'll do fine on it
Actually a rather decent explanation to be fair.
Not flawless, but decent.
The main strength of AES is that it doesn't put any arbitrary limitations onto our key choice. But this is true for practically all symmetric key encryption systems.
There is also public key encryption that is rather useful for exchanging symmetric keys and public key encryption can also be used to signing data. But public key encryption more or less always boils down to "one way functions" that are hard to reverse. As a simple example, 43^6 is easy to compute, but the sixth root of 6321363049 is far harder to compute. But if someone finds an efficient method to do the "one way function" the other way, then the whole thing falls apart fairly quickly. But public key encryption use way harder one way functions that are fairly intensive to do in the correct way to start with, so one don't want to encrypt a whole message with it. And this is why public key encryption is mostly used for key exchange and for signing hash sums.
Don’t worry guys I’m taking linear algebra right now, just give me a few months and I’ll have your password
Any cryptography lecture worth their salt in the last couple decade must've made some mention of this algorithm
I really hope "salt" was a reference to hashing
NSA standard encryption: providing a weak key that the NSA has pre-cracked.
Every knowledge I don't need I get from half interesting. Including knowledge of bricks...
I can sleep well knowing that the ten messages a day I get from my mom through facebook messenger are encrypted with a government level algorithm that uses two kinds of diffusion (and a really good box). My information is sooo safe in that beautiful corporation's hands.
@@AustinCameron Oh yeah, forgot to add /s lol
Don't worry, there is at least one three letter agency storing all the traffic they can until they achieve quantum supremacy and can break asymmetric crypto used for key exchanges, thereby getting the key used to encrypt all the other traffic.
Time to use this to win an encoding competition whenever I happen to participate in one
It’s all fun and games until the method for delivering the key is compromised:3
Let me add a shameless plug here. I have an AES-128 encryption app for Android in the Play Store. I use it occasionally to share secrets with my close buddies that I don't want people who touch my phone to see. I could upgrade the app to use AES-256 without much trouble but I lost the original repo.
THE START 😂😂😂
One-time pad is the only encryption algorithm that can not be crackt.
the only one that can *provably* not be cracked, however a lot of algorithms currently in use such as Rijndael/AES, RSA, ECC-Curve25519, ChaCha20, etc. are technically unproven but also as of yet unbroken.
Unless you use it more then once.
"It's ok Bender, there's no such thing as 2..."
So, I have the bell highlighted, but didn't get the last five or so video notifications, I seriously thought Sam just took a long vacation cause of the many hotel related toks he uploaded
"For the next step you're going to have to pause this video and learn linear algebra" - ugh, cue flashbacks... so happy that lecture and exam is years behind me. This is a fairly decent explanation, honestly, though a lot is cut out obviously. But as surface level explanations go it's pretty good.
Man didn’t even go into the math of the related keys
Better throw out the algorithm. Your "Top Secret" message became "Top Sesret" at the end. AES must be broken.
Great job explaining a ridiculously complex process! I have been a CISSP for over a decade and I still don't fully understand it 😅
This is the last HAI video now that the FBI is clearly on its way to disappear him
The Rijndael s-box is actually not required. You can use any s-box, and the AES encryption will still work. Some boxes are better than others, but even a mediocre one should be more than adequate. The upside of using the Rijndael s-box is that it satisfies certain "optimality" properties with respect to lack of correlation. The downside is that the standard was designed by a third party that you might not trust (maybe Rijndael was working for the NSA or something). It shouldn't be possible to hide any kind of backdoor in that box, but just in case, you can always ditch it and use your own.
hm, i just so happened to wonder how AES works and now i know a little more than i used to, great!
1:56 if its 2 ones carry a one and drop a 0 and if its three ones (if u carry a one and the next set of digits is 1,1) drop a one and carry a one to the next set of digits
1001, 9
1101, 5 =
1110, 14
Ex 2
1101, 13
1100, 12 =
11001, 25
It's XOR not addition. They're explaining XOR as a sort of "special" addition that removes the need for carrying.
I kept seeing this in a custom game server software, the package name really throws me off but not enough to make me search it up. So this helps a lot, thanks!
Unbreakable until quantum computers have enough memory/bits to do the algorithm 😔
AES-256 is quantum resistant.
"WHY IS THE FBI HERE?"
The editor, Sam?
What's the hardest part of encryption?
It is the decryption process to obtain the original message.
Just give a message "Your encryption key is atleast 4 characters long and you will notice the depression in the theif's face"
And to think that all of that encryption get wasted when an ex president takes a ton of secret documents and make parties around them :)
I just realised how clever Cyberpunk 2077 hacking minigame is.
As someone with a math degree, the reason multiplying by that matrix is okay is because it is invertible (kind of like how the xor operation was invertible)
i use enigma machine with cipher when i want to encrypt but only when i work late night shift at the museum
This is a great video to explain to non-tech guys about AES (if you have technical know-how the excellent channel Computerphile did a more technical explanation of it)
Binary is wrong. It supposed to equal 1110, because you carry the one
it's XOR, not addition ( en.wikipedia.org/wiki/Bitwise_operation#XOR )
@@happypandaface710 Thanks I didn't know!
You forgot to mention that the viewer needs to also learn Galois theory to understand how the multiplication of the bytes in the matrix works.
Just learned linier algebra and can continue watching this video
Sub-key Zero..."Get over here!"
Jokes on you. I *already* took community college classes to learn linear algebra