glad you enjoyed it!

yeah right? i watched the computerphile explanation, and I didnt got it. I thought i wasnt paying enough attention, but now that I finally get it I can say that those guys made many mistakes in their video and didnt explained the topic correctly.

glad you enjoyed it!

glad it was helpful!!

How do they share the secret key?

@@gustavogutierrez368 There is no secret key. The keys 'p' and 'g' are ok to be exposed. It is the secret values 'a' and 'b', which never are exchanged in between the client and the server, that gives the secrecy.

glad you enjoyed it!

glad you enjoyed it!

Glad you enjoyed it!

glad you enjoyed the video!

Glad you found it helpful!

We're glad you enjoy these and we appreciate the comment!

glad you enjoyed it!

glad you enjoyed it!

glad you enjoyed it!

Appreciate the comment and glad you enjoyed the video!

Glad you enjoyed it!

Great question Patrik! The bulk encryption is the encryption used by the client and server to send/receive messages during the session. In the TLS handshake, the purpose of the key exchange is to get a shared, symmetric encryption key for the client and server to use for the duration of the session. When we say "bulk encryption", we are referring to the symmetric encryption used by the client and server (typically AES). Here's a video on the TLS handshake that might help a little more: kzbin.info/www/bejne/maa1YWivlJd6rsU

@@devcentral Fantastic! Thanks.

glad you enjoyed the video!

Glad you enjoyed it!

Appreciate the comment and sub!! 🙂

Glad you enjoyed it!

I want to know this too

maybe the shirt is flipped too just to make the video cooler? they probably flipped the shirt in real

mirrors :)

I agree, he does these videos enough, he probably got a mirrored shirt to match. He's also writing with his left hand, which statistically means it is probably indeed flipped.

glad you enjoyed it!

Glad you enjoyed it!

glad you enjoyed it!

Mike Pound: *Am I a joke to you?*

glad you enjoyed it!

Glad you enjoyed it!

glad you enjoyed it!

glad you enjoyed it...and good luck on the CS degree!

glad you enjoyed it!

glad you enjoyed it!

Great question/observation! You are correct that the calculation for "a" and "b" would be fairly trivial if these numbers used in the video were actually used in real life. But, the power of this key exchange relies on using very large numbers for P, G, a, b, etc. When very large numbers are used, it becomes computationally very difficult to crack the encryption. Of course, along the way, computers have become more capable/powerful, so the key sizes of these encryption algorithms have also grown larger so as to stay ahead of the computer power. It's a back and forth game that will go on for a long time!

@@devcentral right! Thanks for clarification

What if quantum computers can solve these DLP problems?

Glad you liked it and thanks for the comment!!

glad you enjoyed it!

glad you enjoyed it!

Thanks much and Welcome!!

Great question! IKE Phase 1 does several things to include: authenticate and protect the identities of the IPSec peers; negotiate a matching IKE SA policy between peers to protect the IKE exchange; perform an authenticated Diffie-Hellman exchange with the end result of having matching shared secret keys; set up a secure tunnel to negotiate IKE phase 2 parameters. So, the Diffie-Hellman key exchange is certainly used as part of IKE Phase 1, but it's not the only thing happening during IKE Phase 1. Here's more on IKE and IPSEC: www.ciscopress.com/articles/article.asp?p=25474&seqNum=7 Hope this helps!

glad you enjoyed it!

there are multiple correct solutions for "a" for example (5^23 mod 23) = (5^4 mod 23) = 4

glad you enjoyed it!

thanks! glad you are enjoying the videos!

Glad you enjoyed it. You are correct that the attacker will know G and P. But, in order to create the shared key, the attacker would need to know the private value generated by one of the users (Alice / Bob). Here's a good picture representation of what's going on and who can see all the different parts: i.stack.imgur.com/IPUgS.png If an attacker were to somehow maneuver to a "Man in the Middle" position (let's assume he's impersonating Alice), then he could derive his own private value and then generate a shared key with Bob. Let's say Alice is the client and Bob is the server in this example. Servers can request Client Authentication where the client has to send a valid certificate (signed by the Certificate Authority) and then the server knows the client is legitimate. If the attacker was in the middle, he wouldn't be able to send a valid certificate from Alice, so the server would then know the client is invalid. And, if the attacker is impersonating the server, the same thing happens...the server sends a certificate to prove its authenticity. The certificate would be signed by the Certificate Authority so if Alice received the certificate and it was modified in any way, she would get an error message saying the certificate is not valid (or has been modified). This entire discussion highlights the fact that many different things are in play when it comes to security of communication between client and server. The key exchange portion (Diffie-Hellman) is an important part, but it is only part of the overall picture. Hope this helps!

Thanks! we appreciate the comment!

glad you enjoyed it!

This is a great point, Christos! And, this is why it's so important to use large numbers when implementing Diffie-Hellman in real life :) The example I used in the video shows how it all works, but in real life you (or your computer) would use much larger numbers. And, that is the strength behind the key exchange algorithm...that it would take a very long time to brute force (or otherwise crack) these numbers. Thanks!

Those numbers are not leaking any info on the secret keys, they are just a common base to build up the shared secret then. One of the two calculates the two numbers and sends them to the other end. This is what i thought, might not be correct.

Thanks! We appreciate the comment!!

Glad you enjoyed it!

Thanks and we appreciate the note!!

glad you enjoyed it!

Thanks Harsh...I'm glad you enjoyed the video!

Hi MarKac...great question! The number of bits in the shared key depends on the established cipher suite between the client and the server. Once the Diffie-Hellman key exchange is complete, then you have a shared key for symmetric encryption (typically using AES as the encryption algorithm). For many implementations of AES, a key size of 128 is used. In fact, I just checked the key size that KZbin uses at the moment, and it's AES 128. Each site is configured according to their own needs, but many sites use AES 128. Hope this helps!

Mod is the modulo function, and it's a one-way function that takes the remainder of dividing two numbers as its result. It's a one-way function because you can't work backwards from the answer and figure out the numbers that were used to get the mod result...so it's only one way. The mod value in the Diffie Hellman tells you what number you divide by in order to get the result. So, in the example, the mod number is 23. So, you would take the first number and divide it by 23 and see what the remainder number is....that remainder is the result of the mod calculation. For example, if you have 17 mod 3, the calculation would be 17 / 3 = 5, remainder 2. So the answer to "17 mod 3" is 2. I hope this helps!

Typically the key size is 2,048 bits. This means that the number is 2,048 bits long...a very large number!!

Glad you enjoyed it!

glad you enjoyed it!

Great question! Yes, the server sends the values for "g" and "p" to the client, so the values will vary from client/server to client1/server1. Thanks!

glad you enjoyed it!

glad you enjoyed it!

Hi Rocky2...great question! The Diffie-Hellman parameters are critical because if they aren't chosen properly, then either Diffie-Hellman won't work at all or it will be easy to break. The client and server typically rely on a random number generator (on their machine) to pick their secret values. The other parameter values are typically generated in advance and are agreed on by the client and server. Here's a document that shows some Diffie-Hellman "groups" that can be used: datatracker.ietf.org/doc/rfc3526/ This creates a situation where the random numbers generated by the client and server are very important, and it brings into play the importance of the random number generator...it needs to create truly random numbers because if someone could somehow guess the pattern that the random number generator is using, then they could guess the random numbers and then break the encryption. I hope this helps!

@@devcentral Good explanation. Thanks

Randomly chosen numbers at 4:10

Great question! Different software applications will handle this differently, but the outcome will be the same regardless of which application is used (Diffie Hellman keys will be generated). As an example, Microsoft uses function calls to a Cryptographic API that will generate the key values. Here's some documentation on how they do it: docs.microsoft.com/en-us/windows/win32/seccrypto/diffie-hellman-keys#generating-diffie-hellman-keys

Thanks for the question...I was able to calculate the values using the parameters you listed and I got the same result for both sides...it is 30. I calculated 7^5 mod 71 = 51 and then 7^12 mod 71 = 4. Then, calculate 4^5 mod 71 = 30 and 51^12 mod 71 = 30. Here's an online calculator that might help: www.mtholyoke.edu/courses/quenell/s2003/ma139/js/powermod.html

so he got A=4 by dividing the result of 5^4=3125 by 23 (the mod) which came up to be 135.869...If you round it up, I think you get 136. Then you multiply 136 with 23(the mod) and you get 3128, then you subtract that with 3125 to get A=3 (3128 - 3125=3). I don't understand how he got A=4 though. For B=10, it is exactly the same process. Someone verify if I did it correctly.

@@mahammedhagi98 You're calculating your powers wrong. 5 ^ 4 = 625. Then 625 / 23 = 27.1739... At this point you ALWAYS round DOWN, so 27. Now take the 23 that was used to divide 625 and multiply by 27 which equals 621. Finally, subtract 625 from 621 to get 4. As for the number for B: 1.) 5 ^ 3 = 125 2.) 125 / 23 = 5.4347... round down => 5 3.) 23 x 5 = 115 4.) 125 - 115 = 10

jefftheworld why yes, yes we did!

@@JasonRahm You should definitely sell mirror shirts. I'd definitely buy one. ;p

glad you enjoyed it!

He is right handed.

Great question! Remember that the entire goal of the TLS handshake is to get a shared, symmetric key for both the client (browser) and the server. In order to do this, a key exchange takes place. There is more than one way to accomplish this key exchange, but the two primary methods are RSA and Diffie Hellman. The RSA key exchange has been shown to have some vulnerabilities along the way, so many applications are choosing to exchange keys using the Diffie Hellman method now. It's a more secure way of doing the key exchange. I hope this helps!

glad you enjoyed it!

Hi Kumar...were you wanting to know the difference between Diffie-Hellman key exchange and SHA? I just wanted to clarify what your question is. Thanks!

Hi Enrico...thanks for the comment. What about it was not clear, and maybe I can help clarify? Thanks!

@@devcentral Try to use simpler and less words.

@@Enrico-Migliore thanks...we will keep that in mind!