This video is pure gold. I work in the IT industry and it's hard to find a better explanation than this about TLS.
@joseguillermo17902 жыл бұрын
I agree. Insane domain of the topic.
@slashingbison2503 Жыл бұрын
Yeah its excellent, its a guy who knows what he is talking about in a simple way to an IT tech who always gets overwhelmed by encryption
@gram.4 жыл бұрын
I like the way this guy talks and explains things, duno what it is. He obviously really knows his stuff to be able to explain it so well and simplify it enough for me to understand!😊 Thanks
@mo994 жыл бұрын
Didn't study Computer Science but I really wish I had someone like Sir Dr Mike Pound at my university. Those folk at Nottingham are lucky
@Hasi293473 жыл бұрын
He seems like he enjoy what he is doing and that is reflected on his presentations.
@markstevens76993 жыл бұрын
Some days I spend 8 hours listening to the playlist of only him. He makes everything he says make sense, even if you don't get it the first timr
@toast_on_toast12702 жыл бұрын
To me it seems like he's explaining from a design perspective, that is "how the protocol addresses the problem", and has the knowledge to back it up. I think it's the correct level of abstraction to explain the problem clearly with only the important details.
@larsrosenkilde78722 жыл бұрын
He's got passion for computer science...
@samiwebdev2 ай бұрын
I searched lots of resources to understand the full picture behind TLS. This is the best explanation ever
@midnight_commander3 жыл бұрын
11:28 this is an underrated piece of editing right here.
@jackc37274 жыл бұрын
Nothing better than a Friday Pounding.
@coldblaze1004 жыл бұрын
I-
@WmSrite-pi8ck4 жыл бұрын
That sounds so homosexual. (Not that there's anything wrong with that.)
@zaaap04 жыл бұрын
giggity
@jackc37274 жыл бұрын
@@WmSrite-pi8ck What do you mean? Getting Pounded isn't sexual.
@WmSrite-pi8ck4 жыл бұрын
@@jackc3727 Maybe not where you're from.
@yasyasmarangoz35774 жыл бұрын
I like how he screams at the start.
@swine134 жыл бұрын
I THOUGHT EVERYONE STARTed conversations that way?
@yasyasmarangoz35774 жыл бұрын
@@swine13 lol 😂
@danieljaszczyszczykoeczews26164 жыл бұрын
yeah such a sudden portion of british accent :D
@yasyasmarangoz35774 жыл бұрын
@@danieljaszczyszczykoeczews2616 Yup ^^
@SkytraxX14 жыл бұрын
Class clown are we? 🤡
@ramuthra14 жыл бұрын
Cryptography is such a cool subject. Absolutely love it when Mike is on!
@belledelphine43134 жыл бұрын
I am in rabbit hole, he said in every video "that's what we talk about last time" so I am looking for last video and again and again and again... HELP :D
@MrMarkgyuro4 жыл бұрын
if you search for numberphile cryptography you ll find the whole playlist in this topic
@WilliamAndrea4 жыл бұрын
I believe these are all of them, chronologically. LMK if I missed any. Apr 18, 2014 | Heartbleed, Running the Code Jul 22, 2014 | Public Key Cryptography Oct 23, 2015 | Man in the Middle Attacks & Superfish Mar 22, 2016 | Secure Web Browsing Mar 30, 2017 | End to End Encryption (E2EE) Apr 11, 2017 | SHA: Secure Hashing Algorithm Dec 15, 2017 | Secret Key Exchange (Diffie-Hellman) Dec 29, 2017 | Key Exchange Problems Jan 16, 2018 | Elliptic Curves Aug 14, 2019 | Almost All Web Encryption Works Like This (SP Networks) Nov 20, 2019 | One Encryption Standard to Rule Them All! Nov 22, 2019 | AES Explained (Advanced Encryption Standard) Oct 23, 2020 | Transport Layer Security (TLS)
@WujuStyler4 жыл бұрын
@@WilliamAndrea best comment ever, thanks
@fanllawf4 жыл бұрын
@@WilliamAndrea Thank you so much. If a blank sheet of paper wants to learn this, would watching the series in release chronological order be appropriate?
@WilliamAndrea4 жыл бұрын
@@fanllawf I guess so, yeah. You could probably skip the first one.
@MathewCrane4 жыл бұрын
I would be interested in a separate video about TLS 1.3 versus 1.2, especially related to Encrypted SNI (ESNI) and how if affects transparent proxies and other security tools
@maverickmaverick52 жыл бұрын
@Dr Mike - same request.
@yes-ni1od2 жыл бұрын
ESNI is being replaced with ECH, both still very young protocols
@rickelmonoggin4 жыл бұрын
It's very convenient that you created these videos just when I decided to start learning TLS. Very clear and easy to understand. Only bad thing is that the adverts come at rather annoying times.
@yawarjamal9094 жыл бұрын
Dr. Pound + CS + Accent = Complete Package Thanks Computerphile as always
@TheRealLughnatic4 жыл бұрын
That was the most concise explanation of TLS 1.3 I have ever heard.
@credence77777772 жыл бұрын
it was for TLS 1.2
@TheRealLughnatic2 жыл бұрын
@@credence7777777 He discusses TLS 1.3 towards the end of the video.
@romel3044 жыл бұрын
Thank you for explaining with context and really breaking it down. It’s the context and bit of history on how something came to being is what makes things interesting. Thousand kudos.
@hafidmrhailaf808411 ай бұрын
The best explanation, that someone could find on the Internet. Thank you Michael
@almightyhydra4 жыл бұрын
New record for advert: 2:15. Two of them, of course, after two at the start. 2030: videos are now entirely adverts, no content. 2040: content is back, but only videos containing nothing but adverts are accepted
@Twisted_Code4 жыл бұрын
not even just product placement. It has to be full on "paid programming" level of advertisement. But wait, there's more! Comment today and we'll throw in this free sub to a channel you'll never watch again!
@lawrencedoliveiro91044 жыл бұрын
youtube-dl is still available.
@vicentelouvet71604 жыл бұрын
KZbin-dl
@LayMyBurdenDown4 жыл бұрын
you just reinvented the "info-mercial" :)
@ream884 жыл бұрын
KZbin Premium
@giosuecarducci53184 жыл бұрын
This guy explaining is awesome and inspired me to do my thesis on ROCA attack. you rock
@azizlol19073 жыл бұрын
what a energetic man, wish had a teacher like him. I could learn from him till I die
@kristoffseisler21634 жыл бұрын
I forgive the camera man for hollering in to the mic so that it distorted like that cause he got Mike Pound on
@MelroyvandenBerg4 жыл бұрын
He really should wear a microphone
@ashwanipundir5352 жыл бұрын
Wow ! I wish he was my teacher in college! I am glad that I found this channel. Thank you 🙏🏻
@Jesseeeeee4 жыл бұрын
I wanna hear Dr Mike say "My name is Pound, Mike Pound"
@sreeramrm7997 Жыл бұрын
This video is pure fantastic.Hey after the handshake the client and server uses symmetric key encryption.
@pjsixhundred4 жыл бұрын
Perfect candidate for a TV Tech Show which goes into more depth on how things work.
@warlockpaladin22612 жыл бұрын
I miss TechTV. 😭
@Daddy_Julie3 жыл бұрын
I love how he can talk about something boring with such enthusiasm. He makes it interesting.
@nkershaw2 жыл бұрын
I'm a fan. well explained. not rigid. and you guys come across as human. which is hard to do when teaching anything, especially computers.
@rashidxd4 жыл бұрын
Everyone: We can't do handshakes TCP: SYN
@Twisted_Code4 жыл бұрын
ACK (dammit you beat me to it by 1 hour)
@BenjaminCronce4 жыл бұрын
The internet is full of syn.
@Acorn_Anomaly4 жыл бұрын
@@Twisted_Code You missed the SYN/ACK. :P
@Twisted_Code4 жыл бұрын
@@Acorn_Anomaly dammit well what do I know. I have no practical experience with handshakes (yet). I only know how to reply at all because college courses LOL TBH, said inexperience is part of the reason I clicked this video... That and of course I was going to make the handshake joke if nobody had already
@kebman4 жыл бұрын
ACK ACK ACK, said the Martian.
@F1ghteR414 жыл бұрын
I think this video can serve as a sort of hub or strarting point for many Dr. Pound's videos, both existing and upcoming. Basically it lists in one string a lot of topics he covered, which is quite convenient.
@Ribby004 жыл бұрын
Mike Pound for president. Mike Pound 2020.
@psidianculpa59293 жыл бұрын
This is the KZbin I we need to be watching.
@damonhage74514 жыл бұрын
Man I could have really used this when working on a project a year ago.
@waynesrealworld58013 жыл бұрын
Thank-you for these post they are helpful, informative, and just plain entertaining
@MidKnight_Reign4 жыл бұрын
Client and Server: [does handshake things] Client and Server: "We done? Here's a transcript of what we just said, encrypted. We'll talk again under this encryption kthxbye. [they both check what they sent against what they received. They don't match] Client and Server: "..." (uhh I'm just gonna NOPE RIGHT TF OUT OF THIS ONE!) Attacker: "Aw shucks."
@YourMJK4 жыл бұрын
But it's still susceptible to MitM attacks that simply communicate with both in TLS, if you can't verify that the public key you get actually belongs to the party you thing you're speaking to. Which you can't for sure, unless you trust a CA or meet in person and compare keys.
@bloodd113 жыл бұрын
Thank you to share this knowledge. Dr Pound explain so clear this matters. Thank you for this channels and this videos. Greetings from Argentina.
@MAli-wu4rx4 жыл бұрын
Excellent instructor, excellent KZbin channel ! As a medical doctor I find this stuff amusing.
@Shadowwand Жыл бұрын
MQTT is a service that provides detailed connection session storage. Since the same device connecting to the server can use the same connection states, so it can immediate resume receiving topics with retained information.
@IboKnowsBest4 жыл бұрын
WTF I was just studying that thingy and boom! Couldn't timed better ^^
@qzbnyv4 жыл бұрын
+1 to that. I was looking for videos on it about a month back and wasn’t happy with any of them really. Happy to have Dr. Mike Pounder showing us how it’s done
@lakshminarasimmanv4 жыл бұрын
Google also tracks and read minds.
@BlueyMcPhluey4 жыл бұрын
@@qzbnyv I could have really used this at the end of August when I was writing a paper on this 😂
@qzbnyv4 жыл бұрын
@@lakshminarasimmanv Well, I know KZbin creators often make their videos based around general internet search terms frequency as a way of being timely and catching wind from trends. I haven’t looked into what the KZbin creator dashboard looks like these days, but I wonder if Google has an API that could easily display “People who watch Computerphile regularly have been searching for” stats.
@hundehausen4 жыл бұрын
Is see Dr Mike Pound, I hit like.
@klightspeed4 жыл бұрын
As an aside, 2:22 the example cipher suite just happens to be one of the ones that Windows 7 and Windows 8 do not support - it only supports those parameters if an ECDSA certificate is used - so 6:20 the server will respond with a failure message when using e.g. the Windows TLS libraries to communicate with such a server.
@anonymousvevo8697 Жыл бұрын
the only voice i like to hear, amazing explanations =)
@NeunEinser4 жыл бұрын
Finding a website that supports 1.3 was easy. I am on it right now.
@TotalImmort7l4 жыл бұрын
KZbin use QUIC, not TLS.
@NeunEinser4 жыл бұрын
@@TotalImmort7l It says TLS 1.3 on the padlock tho
@TotalImmort7l4 жыл бұрын
@@NeunEinser which device are you using? On a phone, it shows QUIC.
@NeunEinser4 жыл бұрын
@@TotalImmort7l Desktop, Win 10, Firefox
@SamiCSc4 жыл бұрын
WOW! I love this channel and he explains everything well. Keep up the good work 🙏
@danielgrace78874 жыл бұрын
It sounds like you could use a different suite of ciphers in the future, and this system would be all that's ever needed for these communications.
@YannStoneman2 жыл бұрын
It would be awesome if you created a playlist of all these TLS-handshake related videos mentioned and linked to it in the description of this video.
@SuperAvenger963 жыл бұрын
Hey Guys! It would be great to see you guys doing the promised difference between TLS1.2 and 1.3. I really like your videos! They are great to understand the basics of computer science and I like to watch videos related to the toppics i have in my master course. Greetings from Germany!
@msscash7294 жыл бұрын
I love your channel, the content is just incredible. English subtitles are missing ... this needs to be easily accessible.
@wedusk4 жыл бұрын
Love the videos with Dr. Pound. Hope you guys make one on IPSec.
@LincolnChamberlin4 жыл бұрын
This dude is one of my faves
@rikschaaf4 жыл бұрын
Can you do a video on the single round-trip next?
@kramer3d4 жыл бұрын
so awesome that Jared from Silicon Valley is on the channel
@SaiKrishnanSathiarthi4 жыл бұрын
🤣🤣🤣
@Ruhigengeist4 жыл бұрын
I'd love to see a video on ACME considering it's largely replaced most of how servers set up trust now. I understand pretty solidly how it all works (I help maintain the Caddy project) but I'm sure it would help for more of the public to understand how this all works. i.e. how the ACME challenges replace the legacy method of paying for certificates, etc.
@CubeApril4 жыл бұрын
Say hi to Matt for me. :)
@Maxmekker424 жыл бұрын
these videos are gold a couple weeks before exams
@M1stersupersonic84 жыл бұрын
Huh. The new TLS session after inactivity would definitely explain why tabs reload after I've been tabbed away from them for a while. Learn something new everyday!
@silkwesir14444 жыл бұрын
that should not explain it. there's something else going on which triggers the reload. otherwise you would just look at the page as you loaded it last.
@calistan54314 жыл бұрын
Incredibly helpful for my Sec+ studies thank you!
@vjself3 жыл бұрын
Your videos are absolutely fantastic.
@maksymmryhlod30933 жыл бұрын
Very simple and clear explanation.
@marioh99264 жыл бұрын
Very much thanks for your excellent explanation, Mike. I appreciate a lot your work.
@creature_of_fur4 жыл бұрын
I dunno why but this video reminded me of something I read an article about long time ago - encrypted calculations. Essentially these allow you to perform various operations on ciphertext(like addition and multiplication) as if it was plaintext, but without actually knowing the values. The formal name for these is homomorphic encryption systems. It would be cool if you did a video on them
@miked25604 жыл бұрын
Awesome video! What is the best way to see the full exchange--Wireshark?
@randName4 жыл бұрын
2:27 would be the perfect place to add an info card to the Kindle Text Problem video
@TheTheThewillow3 жыл бұрын
Frodo explaining TLS, who would of knew. Thank you very informative
@Twisted_Code4 жыл бұрын
anyone else notice that the clip from at 8:40 says "obi one" rather than Obi Wan? surely someone had at least noticed it and commented on the previous video, even if no one (besides me) noticed today.
@Mike_Who25 күн бұрын
Great video, still waiting on that TLS 1.3 video though
@jlxip4 жыл бұрын
Great video! I do have a question that has been bothering me for a while, though. Why are both RSA and ECDH used? The server sends the certificate, couldn't the client just encrypt a randomly generated AES key with the server's RSA public key, send it, and skip Diffie-Hellman?
@leogama34224 жыл бұрын
RSA encryption is too slow for on-the-fly encryption (and in massive amounts for the server) like web traffic...
@jlxip4 жыл бұрын
@@leogama3422 True, however: - Both the client and the server only have to use it once per connection. - They are already using it anyway since the server signs stuff, and as far as I know, encrypting and signing are equivalent operations in RSA. The server currently signs doing PKCS#1, powering to 'd'. The client checks the signature powering to 'e'. This is equivalent to encryption, but in reverse order, isn't it?
@jlxip4 жыл бұрын
To anyone that might read this, I just got it. The handshake I proposed is called "RSA key-exchange". Its problem is that it does not offer forward secrecy, so all previous traffic, if recorded, could be decrypted if the server's RSA key is compromised. ECDHE prevents this: previous communications will never be decrypted, even though future ones could.
@akshay-kumar-007 Жыл бұрын
Hey @Computerphile great video and I always come back here to refresh my memory about how TLS works. Can you also do an extension video of this with mTLS? Thanks
@deepbluedrone4 жыл бұрын
Awesome 👏 Thanks for these videos
@Elias_Az4 жыл бұрын
The thumbnail is just a classic x)
@petersonjr80152 жыл бұрын
Thanks for your explanation of TLS. My question: Why do the client and server not just use the opposite public keys to encrypt and their private keys to decrypt all the communication. Why the need for more keys e.g session keys etc ?
@lisasun85962 жыл бұрын
They are using Elliptic-curve Diffie-Hellman when they use their public/private key pairs. ECDH is fairly fast, but session keys use even faster cryptography like AES. If the cryptography is faster, loading the website would also be faster.
@gandelgerlant5652 жыл бұрын
Another problem with using it is that if someone takes over the private key, they can decipher all previous communication, but with Diffie Helmand a new key is generated each session
@liuqingwang44082 жыл бұрын
Perfect Forward Secrecy is the keyword here
@maxinator80ify Жыл бұрын
Asymmetric cryptography is great, but slow and demanding. One operation or RSA is much more complicated than one AES operation for example. Symmetric crypto is MUCH more efficient and also has some bonus features, like automatically included integrity checking. Therefore it makes sense to use public key crypto for exchanging a key, which is then used in symmetric crypto shenaningans. This way, we make use of the best of both worlds and get great security as well as great performance.
@AterNyctos4 жыл бұрын
5:26 Basically my reaction everytime haha Great video!
@mcnamaraky4 жыл бұрын
Thank you sirs. We all appreciate ya.
@AI7KTD4 жыл бұрын
13:55 two roundtrips (assuming you're 200ms away from a server) would be 800ms
@WujuStyler4 жыл бұрын
I came to the comments looking for this hahah
@bourbonwarrior16183 жыл бұрын
Mike may have not described it clearly but network latency is measured by Round Trip Time. So his 400ms is correct.
@Bobbel8882 ай бұрын
8:30 Is this correct? Thought RSA can be "proxied".
@Flankymanga4 жыл бұрын
Excellent explanation Dr.Pound. :) i mean i thought i know TLS 1.3 but it seems i was wrong. I did not know about the Finish message.
@timgeldof77203 жыл бұрын
Thank you very much for your clear explanation! Interesting stuff!
@philivey43004 жыл бұрын
I love there videos, please keep them coming
@evang82594 жыл бұрын
This helps me understand something in my job as tech support. Thanks!
@honpaul22033 жыл бұрын
Great, again and again! 👌
@charleslondon99004 жыл бұрын
I love your videos, your doodles could be better, but it is great to have a British expert on KZbin. I have one picky comment on this video , and that is that you have not mentioned "Transport Layer Security". I just wonder if sometimes just explaining the acronym might help some people. I am in IT security and I know we use abbreviations and in-terms like words, it's only natural, but I think saying the whole word might help us sometimes. Thank you for your great work on this channel, your a fantastic team.
@hajk70324 жыл бұрын
Attention: Due to Coronavirus (COVID 19) all TCP Applications are being converted to UDP to avoid Handshakes! 😂
@Andyp124 жыл бұрын
I actually laughed....
@simonchapman4 жыл бұрын
love the editing. Get him up for a BAFTA
@terryl.flannery56494 жыл бұрын
Bafta
@alsorew4 жыл бұрын
Wash your TLS Hands after TLS Handshake with TLS Soap.
@sergioramirez5143Ай бұрын
Badum tss 😂
@kallikantzaros4 жыл бұрын
just when I needed it.
@martin1b4 жыл бұрын
Love the greenbar 'paper'
@petersuvara4 жыл бұрын
Far easier and clearer when shown via the iPad instead of a paper based drawing. Stick with that. (More colours too)
@adedejiemmanuel14 жыл бұрын
In what sequence will TCP handshake and TLS handshake happen? Which one happens first in a connection?
@drugndrop9244 жыл бұрын
I'be been waiting some wireshark capturing till the end
@zombi10344 жыл бұрын
1:44 Is this video old? How does he still have that Sketchpad program available? A previous windows update has removed it for me? I only have this Whiteboard app now.
@NerdyCygnus-hv3cr6 ай бұрын
Can we please have a video on TLS 1.3 🙏
@bubblesgrappling7363 жыл бұрын
Which of these steps use the mac for authentification?
@gasparem164 жыл бұрын
keep up the good work! awesome learning videos!
@ezekielgrave4 жыл бұрын
Would you do a video, or set of videos on ACME ( RFC 8555 )?
@benjamin112352 жыл бұрын
You mentioned TLS 1.3, now you have to do a video about it!
@balamuralidhanushkodi75989 ай бұрын
In Key exchange part, server sends the hash function of previous messages in digital signature which signed using private key and you say client verifies it using public key how this is shared to client?
@perburr4 ай бұрын
The server sends its certificate to the client. The client then verifies the certificate and then extracts the server's public key from the certificate.
@darraghfoley8314 жыл бұрын
Would you do a video on trying to detect tor over tlsv1.3 as the subject and issuer are now not known in the handshake. And to build on this in future iterations of tls1.3, if the server name is also not known.
@heidiemiliaholappa4 жыл бұрын
Funny and educational stuff. Thanks!
@soulclean19834 жыл бұрын
What does the last byte usually mean if it is repeated by a few instance but in no specific order?
@tepidrachet953 жыл бұрын
Still waiting for the TLS 1.3 video!!
@clebfelm41702 жыл бұрын
Great work
@shehyaazkhannayazi27264 жыл бұрын
Thank you for this amazing video !! Could you please do a video on Certificate Transparency and IKP in the future ?
@a_demain4 жыл бұрын
May require a second viewing. Who here is with me.
@aschwan414 жыл бұрын
What tablet/laptop is that? It and the pen write so well