MicroNugget: What are SSL Session Keys?
Рет қаралды 32,630
Күн бұрын
@intodeep28 7 жыл бұрын
In under 5 minutes, you managed to do what the internet failed to do for me over several hours... well done!!
@ullasrajdev2342 6 жыл бұрын
4 minute he explained my days of doubts and insane exhibits and explanations... Ideal tutor by all means
@ThiliRocks 3 жыл бұрын
Love Keith. Always simple and concise explanations. He is best!
@cbtnuggets 3 жыл бұрын
We're glad you enjoyed this video, Thilina! Thank you for learning with us.
@dambhir 3 жыл бұрын
SSL is broken - down to its simplest form... Best explanation ever hands - down
@Facebookmovies12345 8 жыл бұрын
The is the best overview of ssl I've ever seen.
@cbtnuggets 12 жыл бұрын
if you click on the little 'cc' button in the player controls bar you can turn on closed captioning for English subtitles.
@ullasrajdev2342 6 жыл бұрын
He is the one.. the marvelous explanation in nutshell. The best about SSL I have ever seen
@JamesLee-Im-All-In 5 жыл бұрын
Crispest explanation of what a session key is!
@nasirmukhtar3796 5 жыл бұрын
Thanks Keith/CBT Nuggets, quick & charismatic as always! 👍
@goddessofwar94 4 жыл бұрын
What a wonderful, concise explanation! Thank you!
@anumsheraz4625 7 жыл бұрын
best video ever. Thank you for explaining a complex topic in an easy way !
@justheredoingnothing1170 5 жыл бұрын
Thank you so much! I finally understand the concept now. The explanation was very clear.
@lalanomama7035 11 жыл бұрын
it's seem very veeety easy when you explain it .... thank you
@81funktion 8 жыл бұрын
Hi Keith. Is there a CBT series that covers SSL in depth?
@anilkommalapati6248 7 жыл бұрын
very useful ssl session. thank u very much.
@simpleguy2k 9 жыл бұрын
so niece keith... it sets me free!
@greg3626 Жыл бұрын
Hi Thanks for the explanattion. Just a question. Once the client/server decide on the session key, are the subsequent messages then only encrypted with the session key or with both the session key and the public/private keys ?
@anumsheraz4625 7 жыл бұрын
@2:30 to encrypt data in other direction (from client to server), can't we validate the client in the same way as we validated the server ? e.g. by generating client public key as well ?
@crissstim 9 жыл бұрын
Nice explanation. Thanks.
@aafre 6 жыл бұрын
Best tutorial out there.
@TheKietTran 10 жыл бұрын
Great explanation. Thanks.
@niketrami5827 4 жыл бұрын
Hey Keith, thanks for this great video. I have a question if you can helpme with. When server sends a certificate signed digitally so how client will check that certificate is genuine. In other words when digitally signature are decrypted with the key from intermediate or root certificate, where do we compare that decrypted signature value to consider the certificate as authentic.
@SandeepPatil-fp7ud 2 жыл бұрын
So basically client would refer to root certs that it has pre-installed to validate the certificates or the chain of certs for that matter however when it comes signature it’s it hets bit tricky, What client does is take that Cert info in clear text and hash it all and then referred the root ca from its repository and decrypt the hashed info using that private key and if that matches it proves that the received Cert is validated by CA
@rahuld.4734 6 жыл бұрын
3:32 How can acme.com decrypt the session key sent by the client using the private key ? The session key was encrypted using public key by the client. That means only public key should be able to decrypt it at the server. Am I missing anything ?
@karpedjem6958 6 жыл бұрын
Whatever is encrypted with Acme’s public key by a third party can only be decrypted with Acme’s private key. This private key never leaves acme, must be kept strictly secret and is therefore never distributed. When acme receives the session key generated by the client and encrypted with acme public key, acme decrypts it and changes from asymetric algorithm to symetric algorithm to start communicating in both directions with the client.
@ajay2552 4 жыл бұрын
@@karpedjem6958 hey! I have a doubt if you could help!! What's stopping a middle man attacker to act as the client? Like it could receive pubic key of acne.com, and generate its own session key, encrypt the session key with acne.com's public key and send it to the website.. now the website will encrypt data using session key which was generated by middle man and so the middle man can see all the data..
@taftazani6400 10 жыл бұрын
hmm, why not use a key exchange like DH?
@EvilSapphireR 5 жыл бұрын
Depends on the cipher suite.
@darylallen2485 6 жыл бұрын
Pretty good Keith. I'm disappointed that you did not explicitly mention that the web server client generates the session key. I suppose its implied, but I think its worth stating that the client does generate the session key.
@EvilSapphireR 5 жыл бұрын
Not always. In DH or ECDHE key exchange methods both parties generate their own set of parameters and do individual calculations on both of them to come up with the same session key.
@zrh1618 8 жыл бұрын
perfect! thanks!!!
@newkool100 9 жыл бұрын
good one
@spd8335 11 жыл бұрын
SSL GOOD Explationation
@asaurcefulofsecrets 9 жыл бұрын
doesn't cover forward secrecy
@AzikoX 12 жыл бұрын
could you add text subtitles..
@ishanmodi3626 6 жыл бұрын
Its just an OverView.. JUST A very basic overVIEW..
Practical Networking
Рет қаралды 298 М.
Hussein Nasser
Рет қаралды 189 М.