This man is always dressed the same way his consistency is fascinating.

The man, the myth, the legend Dr Mike Pound

"We'll talk about this in another video." "Oh, and we'll talk about THAT in another video." "...and that!" Really looking forward to all these videos with one of the greatest guys on Computerphile (and there's some strong competition going on, make no mistake on that!).

now I'm really looking foreward to that *_other video_* where we're gonna talk about all those other topics we couldn't in this one

Other KZbin Video: "hmm almost 10 minutes, I'll watch that later..." *sees Dr. Mike Pond*: "damn, this is not even 10 minutes..."

This guy carries this channel, probably single-handedly responsible for half a million subs

I have been fascinated with the complexity of encryption algorithms since I was a teenager decades ago. I was fortunate enough to get my hands on the original IBM publication that documented their DES. ( As proof, the only two inks used, were black and purple ) That documentation was incomplete. I managed to fill in the gaps and implement the DES in 6502 assembly language. It took 45 seconds to encrypt/decrypt 2048 bytes on a 1Mhz machine. I verified my implementation using the test data and expected results listed in the documentation. One of the main problems with DES, was that no one trusted it. The design goals/requirements were not made public. People felt it had questionable/nefarious origins. Along comes AES. Definitely faster than DES.

This person is solely responsible for reigniting my interest in academic research. Hope he makes more videos.

1:33 Two keys, not three for triple DES. That’s what it says in Tanenbaum’s _Computer Networks_ text, 4th ed, page 740. You encrypt with key K₁, decrypt(!) with K₂, then encrypt again with K₁.

I am always happy to see a video with Dr. Pound in my subscription feed :) keep up the great work!

If only professors were all just like this man.. our lives would be so much easier...

Always here to watch one of the only channels on YT that are worth it.

I see Dr. Pound, I watch the video.

It would be nice if Blowfish/Twofish was covered. There has been some controversy about its not being selected given its performance on 256bit keys.

7:11 Q: Is that job done then? A:

"One Encryption Standard to Rule Them All!" - Famous last words

Dr. Mike Pound's explanations are the clearest and easiest to understand for the layperson that I have ever heard. Please do more videos with him.

this guy is the best computerphile explainer-dude ..don’t matter what he’s talkin’ bout.. it’s just good talk.

Smh, I use double ROT13 encryption on all my files.

We all love Dr. Mike Pound

My professor of Linear Algebra was Vincent Rijmen, the guy behind Rijndael, we never knew what he crrated, just that is was worldchanging

interesting video, thank you for sharing these for free!

AES 2: Electric Boogaloo

8:15 "Jar Jar 20" An algorithm written in Gunganese. Unbreakable except when spilling water on the device.

you mean that famous "military grade encryption" :)))))))))))

This man is genius!!! I like the way he explains cryptography and complex things.

I could listen to him talk all day!

So, what about the next step - triple rijandael?

I'm a simple man, I see Dr Mike, I click.

I'd love to see you cover ChaCha20. It's especially great for PRNG. Also, Galois Counter Mode (GCM) is really cool and worth covering (IMO).

The fact that Mike Pound doesn't have a youtube channel is a crime. Great video though

I need another video like the timezones and colalization ones… I love how they give me anxiety by just watching them.

Few things cheer me up like a new Mike Pound video

A Belgian is at the root of the world wide web; two Belgians have invented the present secure data algorithm. Wow, we are such a plucky little country!

At 1:30 he is saying that triple des uses 3 keys. Triple des uses a encryption(key1) decryption(key2) encryption(key1) pattern so it uses 2 keys. It also has the weakness in the case that the 2 keys are equal because it then decrypts the encryption with the same key so that part cancels out. making triple des equal to des in that case.

Joan Daemen is my professor at Radboud University, so awesome to be taught by one of the best :D

Can someone explain to me what Mike refers to at 07:46? Thanks.

You bring the story a bit like ‘Drunk History’. Love your style!

Chacha20's design wasn't just to make it faster in software using conventional hardware. It also designed to avoid side channels in software implementations. Due to fast implementations of AES needing lookup tables the key can be inferred due to timing differences. (Also the sound the CPU makes which is freaky) Chacha20 is also seekable, if you have encrypted a 20GB block and you want to read the end of it. In AES-GCM you'd decypt the whole block. In ChaCha you can decrypt any part of the sequence. (Also XChaCha20 is now used in TLS 1.3)

Speed and security considerations - ChaCha20-Poly1305 is faster in software than AES-GCM. AES-GCM will be faster than ChaCha20-Poly1305 with AES-NI. AES-CTR with HMAC will be faster in software than AES-GCM. Poly1305 is also easier than GCM for library designers to implement safely.

In physics, a chain is only as strong as its weakest link. However, in cryptography, the inverse is true. The message is as secure as the strongest method used. Yes, I am talking about "daisy chaining" crypto systems. 1. ROT 13 2. AES. You can't get to the super simple ROT 13 unless you first break AES..

0:20 That depends on the cipher suite negotiated during the TLS handshake.

Love these videos Dr. Pound. Currently I'm learning about AES in my graduate Cryptography class and your video make is easy to understand the concept. Keep up the good work and hope to see you often! Thanks!

Im a simple man, I see mike pound, I click the video

always enjoy these videos thanks

Coincidentally TrueCrypt uses the three of AES, Serpent and Twofish chained together to encript its data

How would quantum computing effect the security of AES?

I vaguely remember this back in 1990's. Once the US eliminated the restriction on encryption key length and the internet become more popular there was dire need of a new encryption standard. As stated this was driven in the US by NIST so there was some concern the selection process was weighted in favor of the NSA - to allow them to more easily break the cipher. Given AES is an open standard that does not appear to be the case. It certainly has become pervasive.

Please do a video on CHACHA20, since it's one out of the three "standard" TLSv1.3 ciphers.

Dr. Pound looks like an older normal-weight version of Jared Dunn from Silicon Valley

now waiting for "how rijendael works"

Can we look at post quantum encryption standards please

This guy has passion, I wish he was one of my teachers

My precious

looking forward for the AES video

Great stuff!

@5:37 the link is competitions.cr.yp.to/aes.html

In addition to security and performance, NIST has to deal with political pressure from NSA (make it strong enough, so that the community adopts the standard, but not strong enough, so that NSA cannot break it, for national security reasons). Former led to the selection of Rijndael and the latter led to the elimination of 256-bit state (only 128 bits allowed even when key-length is 256 bits). This was not public knowledge until the latter over-shadowed former, with standardization of Dual_EC_DRBG. AES is great for pretty much everyone but for the super-paranoid, use Rijndael with 256-bit block size or preferably switch to using CHACHA20 (256 bit key with 512 bit state). The new TLS 1.3 standard requires CHACHA20 as a mandatory algorithm to support strong encryption. The crypto industry has learnt a lot since 2001 (when AES was standardized).

My dad is a journalist and he interwiewed Rijmen en Daelen and they said that they made the name do that english speaking people would'nt be able to pronounce it and ...

New stuff is ChaCha20/Poly1305 and Ed25519 - not susceptible to side channel attacks and shorter assymetric keys.

I'm waiting for a Dr. Pound video about quantum computers and the future of encryption.

I hope a video is done on the current Post-Quantum Cryptography Standards competition.

Beautiful. Two members of the cryptographic community get together and create an algorithm that bests the efforts of tech giants like IBM.

This and Miles (the AI guy) are my favorites.

I hope one day we will see a video about DES

So for 'something would have to go really wrong for us to reinvent the wheel', what about the sycamore chip?

1:54 NIST. 6:04 AES

What does it mean for encryption to be able to work on a hardware level? I'm confused how that works

"DES was made by IBM, with the help of NSA" Oh do you mean when NSA tried to shorten DES key length to 48 bits while IBM tried to stand still on 64 bits, with the spice to the story that some guy brawling over like a child in between?

Is the ring in the thumbnail a reference to digital fortress?

This guy deserves a statue one and only Dr. Mike Pound!!!

RCS is becoming more and more common, thoughts on talking about it at some point?

Thank you

I thought he was talking about Ryan Dahl, the nodejs inventor

I like this channel, I will subscribe immediately.

AES is my favourite encryption. Make video about DES encryption too.

Video on quantum resistant public key cryptography methods like lattice based methods?

Hahaha this guy gets himself into like 1000 more videos with every video he's in. "We'll talk about that more in another video" "We'll go into greater detail on that in another video "

You changed the title! I noticed it

When he says "sp networks", all I hear is "yes peanut works". I might just be hungry.

At 0:03 , thought he was talking about NodeJs creator, Ryan Dahl.. 😜

Well done pronouncing ”Nokia”!

Suggestion: could you do a video on elliptic curve cryptography, i.e. public/private key cryptography based on elliptic curves? (such as ECDSA which is used in Bitcoin) Older public key cryptography such as RSA (based on large prime numbers) is explained in depth in many videos, and is relatively simple. But I haven’t seen anyone ever properly explaining ECC.

I can't believe how similar his facial expressions are to Brad from Bon Appetit!

I always think we're probably never gonna see the videos they say they'll talk in some other video.

Why wasn't NIST mentioned along with post-quantum?

I can't find the video of "how aes works"?

i thought that he was going to talk about "ryan dahl", the creator of node.js

Correct famous algorithms suitable but they aren't limits by input parameters but change it often that create in security by process too. 😃

Why are autogenerated subtitles always so slow to come to your vids?

first visit to computerphile.. can you in theory break these with a quantum computer? Perhaps you have some content on this?

"It will take millions of years to break" That is only if you assume that you buy the hardware today. And thus this is a very wrong assumption. 2^128 is a large number: 3 * 10^38. Assume you can test 1 G keys per second today, and hardware gets 2x faster every 10 years. That is a fairly modest assumption today. In the first 10 years you will have tested 10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^17 keys. In the next 10 years you will have tested 2^1 *10^9 keys/s * 3*10^7 s/year * 10 year = 6*10^17 keys. In the next 10 years you will have tested 2^2 *10^9 keys/s * 3*10^7 s/year * 10 year = 12*10^17 keys. ... In year 300-309 you will test 2^30 *10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^26 keys. ... In year 700-709 you will test 2^70 *10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^38 keys. So even with very modest assumptions we are not talking millions of years, but instead 700 years. And if we assume hardware and better algorithms improve by 2x every year (which historically is closer to reality) then we are talking 70 years.

Des got broken, but did you try Troy?

RINJDAEL IS BOTH OF THEIR NAMES!!!

..., one encryption to find them. one encryption to bring them all, and in the darkness bind them.

"One of the nice things about academia is that if you perform good work people will notice that work" yeeahhh about that...

I took my Sec+ today, I got it!

One encryption standard to fail us all. When a vulnerability is found.

To be fair: DES can be computed blazingly fast in *hardware* which is what was important at the time (1970s) when it was developed. Unfortunately all the bit-operations made it dog-slow in software.

There always seems to be a metric of, one super computer working on this problem. What about if it's spread across thousands of cpus, each attacking a different segment of that 2^128?