🙏🙏

He's never gonna do that, I believe on our amazing mentor.

Read RFC.

Acedia DeKay that is awesome Acedia!! Congrats! Can you update the CC for Danish in the video? I think I enabled community contributions .. here is the channel kzbin.info_video?ref=share&v=AlE5X1NlHgg

​@@hnasr Well I don't really know if their is a marked for it. If you're taking a Web-Developer education in Denmark, then all of your books and lectures are in English anyways. But if it will make you happy, then I'll be glad to give back in some way. And who knows, maybe it's good for SEO, The Algorithm, Karma or something else.

good

@@rfyiamcool4878 thank you , video has so many unwanted content. which could have been skipped.

@@anuragsom09 That's his style, noone is perfect. He is cool and out of the box.

All the best on your project 🙏

Good thinking, thanks for your message! Ever since I made this video i made other videos clarifying each piece and I still learning new stuff everyday .. your questions are valid.. so this is a long comment discussing it in details in TLS 1.2 here is what happens Client send client hello saying I want to establish secure communication, lets us exchange the key and cipher, here is what I support as key exchange algorithm , here is what I support as a symmetric key algorithm (this is called a cipher suite) . The client hello is unencrypted since we don't have the symmetric key Server says cool! I see you support these ciphers lets pick DH as key exchange and AES as symmetric key, here is my part of DH key (the colored keys) here is also my certificate. Server hello is also unencrypted since we still don't have the symmetric key. Clients says sure! server I see you sent me this certificate lets verify that its really you by checking the certificate authority and parent certs (I talked about this here kzbin.info/www/bejne/qGLRe4dsaKd5h5I) Ok I now trust you, here is my portion of the DH I now have the key (server DH params + mine) I now have the key now I will send a change cipher spec message . This one is now partially encrypted (DH params are not encrypted but the rest of the message is .. Server receives it, now it has the DH client params, it has now the full key they start communicating TLS 1.3 Client says yo, I want to communicate I support TLS 1.3 so I'm going to make a guess that we are going to communicate with DH so we save a trip, here is my DH client params .. here is what i support cipher wise.. all the jazz.. so we just saved a trip.. client hello is unencrypted Server recevied client hello, agrees that they use DH and chooses a cipher (AES), picks a server DH param, now server has full symmetric key, .. server responds with the certificate (ENCRYPTED) plus the DH server params (unencrypted).. Client receives the message, no body could have sniffed or changed the certificate in the way since its encrypted, client takes server DH compeltes the key, decrypt certificate, reads it and verifies it.. and tells server to start encrypting faster right TLS 1.3 + DOH + ESNI This is what China just banned (I talked about this recently), Client want to connect to the server so it does a DNS query but uses DOH (DNS over HTTPS) and gets the IP address of the server + the public key of the server ..Client sends client hello (Fully encrypted ).. and does everything we did with TLS 1.3 server receives the message, obviously uses the private key to decrypt the message now it just picks up everything, and sends back the message server hello partionally encrypted (certificate) communication is resumed as we discussed in TLS 1.3... ESNI is the encrypted SNI portion which I talked about in another video hope this shed some light on your questions

@@hnasr Thank you for the detailed explanation! It did clear the confusion in my head. I've also watched the certificates video you've linked and I'll be watching the DOH and ESNI ones. Cheers!

Efun thanks for your comment and it is a great question. The short answer is perfect forward secrecy The problem is using RSA with TLS 1.2 (thanks for correcting me that you can use DH in 1.2) Remember that the RSA private key of the server is fixed and is used for all communications across all clients. So if an attacker recorded the conversations and then obtained the private key they can decrypt past conversations. RSA private key is more likely to get leaked because it is always hot in memory. Thats how heartbleed got it. With DH the private key is ephemeral and will only be used for just one conversation so it is much harder to leak if not impossible (destroyed after each communication) but if the attacker somehow got it they will be able to decrypt one conversation only. Here is the video i made clarifying all this Why anything before TLS 1.3 is BAD - Perfect Forward Secrecy Explained kzbin.info/www/bejne/sIS0payNlN6qkMU

TLS 1.3 is more secure because RSA implementations doesn't guarantee perfect forward secrecy or provide with very low encryption grade, thus TLS 1.3 has changed to only support Diffie Helman. - Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. Source : en.wikipedia.org/wiki/Forward_secrecy#Attacks

Yes, this is what I was looking for in the video. "Where is the server's TLS Certificate being sent to the client!". Thanks, your comment covered that part.

Awesome! If you ever want to see the math behind it, I just made a short digestible video here kzbin.info/www/bejne/bGXKloOVgaaNa7c

Sunil Jacob sunil thanks for taking the time to write this message! Im humbled. I try my best to serve the community with what I know. And we all keep learning everyday .. stay safe

@@hnasr Thanks for your kind words. #staysafe

link please?

Thanks! haha nicely done I see what you did there

@@hnasr Seriously man, I implemented TLS1.2 in IBM-TRIRIGA but I didn't know the basics in the way you delivered here. Hats Off!

I really appreciate you taking the time to write this comment when you didnt have to. Thank you so much! Stay awesome. Made my morning ..

@@hnasr Your absolutely welcome brother, really helped the better understanding i was looking for on the current encryption systems as im currently building a way towards better internet security and was just not sure on afew little things but you cleared them up for me in a way that couldnt have been any easier to understand and i really admire how well you communicate compared to most from your region and its refreshing because alot of you guys know alot about what doesnt get discussed much in depth by most european origins which makes it painful to learn sometimes but your a cool breath of fresh air for passing knowledge across the globe and you deserve to know it, you can definitely go far in the youtube alleys giving out the right advice to the right people and monatizing on it im sure of it and im glad i made your morning brother, i noticed some salty comments after i posted and hoped this would balance the negativity so im glad to hear it did and i hope you have an awesome day ahead and i look forward to gettin more out of your channel and take care buddy😁👍

Mazdad Anklesaria thanks Mazdad! Glad enjoyed this video, will do! cheers

I have Chinese Quantum computers. Enjoy your Diffie-Hellman.

Thanks 🙏 i made a dedicated video on TLS 1.3 covering more details if you are interested 😊

@@hnasr would you mind getting me link?

Alexandre Young thank you so much really appreciate it I need more comments and feedback like this to strive to get better. Totally Agree , i am working hard to get to the point quicker and make the topic fun.. Cheers!

@@hnasr Wow you replied quickly! Super cool that you want to improve. I just took notes from your video and it took me 2 hours to understand everything! You still succeeded in explaining everything in under 25 minutes, keep it up!

It only happens once for every session and those generated keys are used only for that session. Example when you establish a connection to google.com that connection is encrypted with set of keys and the moment your browser establishes another connection you need a new TLS session. And yes certificates are exchanged at that stage. I made a video here kzbin.info/www/bejne/qGLRe4dsaKd5h5I

@@hnasr thank you very much!

Thank you! This is awesome, knowledge is key 🔐

Doesn't this make it vulnerable to MITM attacks?

Good question ! Actually The server doesnt have the blue key and doesnt need it. It just needs the blue and pink together so it can combine it with its key (red) so it gets the golden key

@@hnasr There is only 2 keys... Why are you talking about 3 keys??? This is wrong and decieving.

I was particularly referring to the perfect forward secrecy. using RSA private to perform handshake will expose all communications. (Old and new) once the private key is leaked. Because the same key is used With DH, the key is ephemeral and changed with each session so sure if the attacker managed to get the key they will only be able to get that session buts its very very hard. Obviously Im not saying RSA is bad, Im seeing the static use of key to do the handhake is not a good idea. RSA is used in digital signature and secure when 2048 and larger.

@@hnasr Yes understood, after commenting this question, I went on reading other comments. I saw other people had same doubts and you have answered the same thing previously. Thanks, for answering again. I would suggest to pin the answer to this doubt, as many people point out the same thing.

Sergio Díaz thanks. Correct, It was a slip in my stupid english , appreciate it

@@hnasr your English excellent! And no worries, I really think your content is great!

R K an excellent question, When I researched this video I came across the CCS attack (Change Cipher Spec on 14:32) My understanding that it was a bug in the openSSL library that is used to do the TLS handshake. Basically the attack is when you are able to do the a MITM attack right after the server hello and before the ChangeCipherSpec (CCS) message and instead send an early CCS message to the client, the client will begin encryption before the keys are generated (so the encryption will start with NULL keys) and when you do the attacker can easily predict the keys in this case and use null keys and decrypt communication .. this can only happen on TLS 1.2 as you mentioned and specific version of OpenSSL . Not sure if the bug was ever fixed. But regardless TLS 1.2 has a lot of problems that I discuss in the video... Tls 1.3 doesn’t seem to have this because its i think its just one round trip instead of two plus it forces the use of ephemeral DH. Hope that helps! So yeah we need to switch to TLS 1.2 whenever possible, check your certificates all the time.. I found a source details here the CCS bug : www.tenable.com/plugins/nessus/74326 Hope that helps! Excellent question Cheers

@@hnasr thanks for your reply.

Dear one suggestion for you. Your not telling about film story. You had good knowledge and explanation, but way of telling is not good to have. I saw video multiple times for understanding.

R K thank you for your feedback. I did this video as a higher level software engineering video so My apology if its not as detailed as a network engineer would have liked it to be. appreciate your comment again! I will try to do better

It does not get from server it generates itself for each session.

You are correct it is possible and when it is the option then TLS 1.2 can actually be perfectly forward (just slow with extra round trip) this is something I learned after making this video..

That being said it has to be configured on the server to use DH explicitly with TLS 1.2 otherwise a weak key exchange might be used . With TLS 1.3 it has to be DH so it is still more secure

Glad it was helpful!

Thanks Ricardo, do you have any resources on how to do that? I am using a blue yeti mic and just IMovie for editing

Sure thing I explained it here kzbin.info/www/bejne/qmHdnYJrYrOKfLc

Great question!!! So you are absolutely right, the act of just encrypting the channel between the client and server does not require a third party. However how do you know the server you are communicating with is REALLY the server that you are suppose to be communicate with? I could intercept your communication (MITM) and establish an encrypted session pretending to be the destination server That is the server (and sometimes even the client) presents a certificate signed by a trusted third party (verisign/digitcert/ and recently free lets encrypt) that proves the identity of the server or the client. That is why it is always recommended when you visit a site (google.com) you click on the padlock and see who issued the cert and whom is it issued for) Browsers are pretty good at detecting bad certs but its always a good idea especially when your browsing on a public wifi Hope that helps

@@hnasrOh, thanks a lot, that really helped! I got it right now.

@@hnasr To clarify, it is possible for a server to use TLS 1.3 for encryption while also using a third party certificate for identity verification, correct? It seems to me that the OP's question may have come from the different definitions of "certificate". One definition is "public key", in the context of encryption. Another definition is "identity validation", in the context of third party certificates. Is all this correct?

ECDHE is elliptic curve diffe hellman same concept but slightly different algo it uses smaller key size so its more secure and more efficient

@@hnasr ty sir found a documentation which explains wat RSA actually does in ECDHE_RSA thank you again for the great explanation tools.ietf.org/html/rfc4492#section-2 security.stackexchange.com/questions/90090/what-is-the-role-of-rsa-in-ecdhe-rsa

Alan Raftel If nginx supports 1.3 Which I think it does I think you should enable it since it will boost your performance by slashing the roundtrips in half as I explained. with 1.2 + DH you will still be doing 2 roundtrips instead of one for 1.3. here is how you enable 1.3 in nginx found this article www.google.com/amp/s/www.howtoforge.com/how-to-enable-tls-13-in-nginx/amp/

Thanks 😊 enjoy the content and tell me what should i make next

Thanks Mohd!

Server verification is definitely used in TLS 1.3 also. The server sends its certificate with its deffie-hellman parameters. The certificate is used for authentication not for pre-master key encryption as happens with TLS 1.2 (as the client parameters will be already sent in the first call).