I want to meet this man. I feel like I could hear him talking from hours and not get bored.

....I honestly get the feeling that Dr. Pound is wildly more intelligent that we realize or he portrays and he always seems like he has to hold back just a bit so he doesn't inadvertently say too much. Like, there is a line that shouldn't be crossed with regard to explaining things and he is constantly dancing with that line and at times has to stop for a moment and think "Ok, right, where am I?....oh, right, ok we can go further" lol Anyone else get that?? Hes awesome man.

Dr. Pound! This guy could read me his shopping list and I would still watch it

This bloke is a well-rounded pundit of computer science--vision, cryptography, algorithms, all the good stuff.

Absolutely love these computerphile videos. To the team: please do not stop making more videos!

Please sent Mike £100

HE'S BACK! ALL ABOARD THE TRAIN TO POUND TOWN...

The encryption related Computerphile videos are some of my favorite.

This guy is my favorite!

make a 2 hour video with this guy, i could listen to him all day

Great video. I love Mike Pound - he is my favorite person on computerphile

Switching off is probably not what anyone has ever done that clicked on a Computerphile video, especially with Mike.😁

Well, do not forget AES CBC is weird, it’s a block cipher, though because of the XOR chaining you can also do this there

Love this series, but could you please cover Elliptic curve Cryptography? I feel like this channel explains everything the best, so it would be much appreciated.

Mike is implicitly asking us to send him £100

Something I didn't understand. Around 5:00, after introducing the first "naive" solution to the problem of tampering the stream cipher - i.e. computing a hash - Dr. Mike rejects this immediately because the middle-man can easily tamper the message and then compute a hash. what I don't understand is how can he compute the hash of the unencrypted message? All he has is the encrypted message, and if the hash is of the un-encrypted, how can he compute this?

This video seemed to end without much of a conclusion...

The seccond method can actually be just as secure if it is guaranteed that none of the valid messages can be a simple concatenation of 2 or more other valid messages. The easiest way to guarantee it is just to always put a total message length block somewhere inside the protected message. This method is a little bit faster than the HMAC.

its said if you can explain something in simple words, you dont understand the concept. But you sir are just a marvel. Thanks alot.

I have an exam in computer security coming up soon. These videos are golden

Something implicit in the video: the key in a SC is the same length than the message. Fantastic expl. The guy is a genius

I didn't even know HMACs existed until I came across them at work - it's good to know a bit more about them.

Dr. Mike is the best! And this totally reminds me of the Office, especially with the personal interviewing and the random zooms and close-ups 😂 I also love the washing machine animation!!

Someday you should do a video on AEAD, which is more modern than plain old Stream cipher.

I like the way how he comes to the topic, it's brilliant Mike!!!!

Is it wrong to feel kinda in love with him? I might have completed my studies if he were my teacher.

5:13 But why don't we encrypt the checksum too? In other words be append hash of the message right *before* we do the encryption

I feel like these videos always just scratch the surface and don't go in depth too often. I really would like to see some in depth content for the loyal subscribers!

This is the most amazingly clear and concise explanation, thanks

You're helping me so much studying for my Security+ exam!!!!

This guy is awesome. Make sure he keeps on making us videos!

just had an hmac nightmare, this came a bit too late

Should have watched this video before my midterm...finally I feel like I know something. Thanks!

Actual HMAC stuff starts at 4:00 Until then, he's pointing out flaws with substitution in a stream cipher.

How are you able to explain topics so easily.Seriously, it seems like child's play when I understand things like this

I have a big ask. It may take several videos but I should love to see a simple but complete differential cryptanalysis. And a set on linear cryptanalysis. We hear about it all the time but it means very little to most of us. There are many books on it but these are hard to follow, a video would be much easier and better. Thanks! If you do it I shall sent a much bigger 'thank you', capital letters and all!

I freaking love this dude. Why aint this guy my teacher.

I like the videos that Dr. Pound does on cryptography and cryptoanalytics, but it would be nice if he could get into more of how the math works behind the concepts. Not just describe the variables.

I think in the video, we were shown this as a non-working solution: encrypt(message)|hash(encrypt(message)) Why couldn't you do this: encrypt(message|hash(message))

You say hases aren't for disks, but I'm pretty sure full disk encryption needs to have something like that... I remember hmacs being mentioned in the WiiU external drive encryption scheme...

what exactly stops us from doing h(m|k) as opposed to h(k|m)? we don't need to worry about resuming the internal state of the hash function because that would only allow us to append to the key, not the message

Why not just do SHA2( msg | key ) and not SHA2( key | msg ) like this the malicious appends can only get SHA2( msg | key | malicious ) but the check will be made SHA2( msg | malicious | key) ?

these guys are legends

*Sees doc pound* *EXTERMINES THAT LIKE BUTTON*

Thanks. Studying for CISSP. I just subscribed!

Great video! Can you also do one talking about HMAC-before-encrypt vs encrypt-before-HMAC? encrypt(message)|hmac(key,encrypt(message)) vs encrypt(message|hmac(key,message))

The teaching is awesome and he explains greatly, but i can't help but to notice how every video seems like an episode from The Office

I was just writing in the middle of writing an RFC6238 TOTP in C++ (because I can't find any that compile in Code::Blocks to run in cmd.exe. Obviously over on Linux its all just works.)

There is a guy named Please who pleases Mike. Anyways, what is special about CMAC and Poly1305?

This guy couldn't look any more mischievous if he wore a black henchman's mask befitting a 70s' Batman episode.

thanks a lot this helped me in studying hmac for my exams

Is this part of a series? He mentions the SHA video as if I'm supposed to have seen it before, but I can't find an official playlist with computer security related videos från computerphile.

06:33 would adding length of message (excluding added length) in message prevent append attack?

The questions of the guy with the camera don't sound very clearly..

I like the void cube and ghost cube on the shelf. :D

why not just append a salt and signature of the message+salt after that BEFORE applying the cipherstream? The attacker could change the message, but they're going to have a pretty hard time guessing what the salt is to compute the hash and even if they did they wouldn't be able to XOR it to the state the recipient expects.

could you hash the message and append the hash before encrypting it and then verifying i after decryption, or are there any security implications that make that a bad idea?

Wait a sec? So a Block cipher changes multiple bits? so if I changed a single letter/bit, in the message that in turn makes the entire message of letters before and after get altered also??? I know of alot of coding systems but as far as I'm aware I think everything usually is 1 to 1, example if we used Enigma 1 letter in 1 letter out sorta like a substitution! If we Transposition it then the same amount of letters move around, If we playfair it then we still end up with same count of letters, in fact I can't think of any 1 situation where 1 plaintext letter is fully responsible for keeping the entire rest of the message mathematically in tact The only thing I can think of is... if you Take 8 Letters that are 8 Bits long in Ascii and Put the rows of numbers 1 by 1 under until you get like 8x8 thus 64 bits but instead grouping all the 1st bits and making an Ascii character out of then then all the 2nd bits until all 8 is done then substitute that maybe along with a 1 time pad, then I can see how maybe by chance changing 1 Ascii can sometimes Affect many characters, unless I'm not seeing something here? So example lets say A=001 B=010 C=100 R=111and our word was Cab then 100, 001, 010 if stacked could be 100, 001, 010 which doesn't change anything but lets try BAR, 010, 001, 111 we get now, 001, 101, 011 now this is kinda neat because we have new numbers which might be mapped to a question mark or something if this was 8 bit ascii but then math to it could change it yet again. I can't 100% see how a single change normally can affect the outcome of how a message works, but I can see in my example how sometimes hit or miss it can affect the entire message! I will have to look at block ciphers to maybe understand, but for most part from my experience the bulk of codes/encryption almost always is the Plain Text being heavily altered with some steps where if you isolated any letter usually, you get the plaintext of that specific letter! Equally speaking if deleting a letter anywhere or changing a letter anywhere also usually doesn't disturb a message most times in all of it's entirety. However what I can say is... if it is possible where 1 Letter is the only way to crack the code if unchanged and all characters have that exact same property and must be One! Then yes that would be 100% valuable and secure as you can just take that and put that through 1 to 1 ciphers knowing there was a step involved that binds all of them together as a whole as one unit.

So, the outerpad and innerpad are just arbitrary constants that are used to derive the two separate keys which are then used to hash the message authentication code?

Why we just hash before encrypt all together message and hash? we could not compute a new hash for the changed message since we would need to know the encryption key

How do the sender and receiver get same key? Do they use key exchange protocols?

Hash length extension attack video ?

Someone just flipping bits like that doesn't have the old message or the new message to compute the hashes from. Plus the hash itself is likely to be encrypted. Here, it comes down to how much power you think the attacker has. If he can read all your messages and correctly guess all your keys, you're sunk anyway because he can do whatever he wants.

What about video encryption is this stream cypher?

Doc Pound is my jam

Why not just append the key to the end of the message before taking the hash instead of prepending it to the beginning? Wouldn't that solve length-extension?

The captions on this aren''t great, any way for me to edit?

I've really enjoyed these videos that are related to information and security! I was wondering though, could you guys could make some videos in the "Essentials" series that cover the basics of those topics?

So I guess the length extension video never came out sed.

Why doesnt this work?: encrypt(message hash(message))

I've seen SHA512 being used as a hash function. Does it have the same flaws as SHA256?

From 6:10 to 6:42 I got completely lost. I didn't understand what you were talking about and also couldn't make out some words. Could somebody explain it to me or just point me to the video I missed to understand that?

so why not just use digital signatures? when would we use HMAC as oppsed to using signtures?

Gotta love the paper he uses with the sprocket holes. Who does that ?!?! LoL

DONT QUIT THE VIDEO JUST YET 😂

Well done ! really enjoyed your video.

thank you for that brilliant video!

YAY he finally solved the ghost cube

0:53 Left upper corner, that ghost cube :D

If we insert the hash (k1|m) at the start of message itself won't it also solve the problem? May be it s not efficient to prepend than append but i think it'l also solve the problem, but i would like to know your opinion

Thank you!

Did i miss something or he never mention how we gonna send the shared secret key to the other person ?

So... do you HMAC then encrypt or encrypt then HMAC? And for the love of Turing, please clean your screen. :)

You can see at 5:44 the spider bite in Tobey Maguire's hand

Helps me study for CISSP, thanks!

There's no video about the length extension attack yet if i see right :(

idk why but this reminds me of the office

Why do I get the feel that this guy was a car mechanic in a previous life?

Great vid! But, those fingerprints on Mike's monitor are really upsetting :p

Psuedo?

Does anyone know, what's inner pad and outer pad which he mentions at 8:10?

Why not instead of hashing the encrypted message, instead hash the original message? That way a middle-man wont be able to compute the hash without decrypting the entire message.

Why wouldn't you just take the approach of appending the secret key to the end of the message? You wouldn't know the internal state then.

CBC mode for block ciphers

What if instead of appending the key you prepend the key. It's secret so no one would know what the state would be after the key.

is it just me or are they spelling "pseudo" as "psuedo"?

"We can actually change the amount get sent, which unfortunately is a purely hypothetical example, I don't actually get any money" 😂

need more !!!

Whose videos are referenced in the bit about hamming distance at 8:50, Dave Brelson is the best I can make out...

I dunno about you guys, but I have trouble having a clear understanding of what this guy talks about when he explains things. It's hard to grasp. No disrespect though.