Him and Brailsford are the most compelling speakers, who also have many very interesting things to talk about. However, as an avid comp sci geek, you'd be hard pressed to find a video on this channel that I wouldn't want to watch.
"We'll talk about this in another video." "Oh, and we'll talk about THAT in another video." "...and that!" Really looking forward to all these videos with one of the greatest guys on Computerphile (and there's some strong competition going on, make no mistake on that!).
I have been fascinated with the complexity of encryption algorithms since I was a teenager decades ago. I was fortunate enough to get my hands on the original IBM publication that documented their DES. ( As proof, the only two inks used, were black and purple ) That documentation was incomplete. I managed to fill in the gaps and implement the DES in 6502 assembly language. It took 45 seconds to encrypt/decrypt 2048 bytes on a 1Mhz machine. I verified my implementation using the test data and expected results listed in the documentation. One of the main problems with DES, was that no one trusted it. The design goals/requirements were not made public. People felt it had questionable/nefarious origins. Along comes AES. Definitely faster than DES.
1:33 Two keys, not three for triple DES. That’s what it says in Tanenbaum’s _Computer Networks_ text, 4th ed, page 740. You encrypt with key K₁, decrypt(!) with K₂, then encrypt again with K₁.
Triple DES could be keyed either with two keys (encrypt with K1, decrypt with K2,encrypt with K1 again) or three keys (encrypt with K1, decrypt with K2, encrypt with K3).
The true code is the QUANTUM KEY CODE, it is your personal security key that only you will recognize when you get it. A quantum key is truly unbreakable any attempt to hack the key results in the destruction of the key. When you have the key you are working with very advanced computers so it is best to abide with the guidelines as best possible. Quantum key codes are sent via the smallest possible particle along a fibre optic line at a specific predetermined time. If the line is broken, the key gets destroyed because it is the most fragile thing. If the key is not received then the user knows that there was an attempt to hack the key. You can never know me, I hope you also get your key. You will know what it is.
@@4.0.4 If anyone doesn't know what "military grade coffee" taste like, just pour some muddy water and turpentine together and add lots of sugar. Delicious!
Love these videos Dr. Pound. Currently I'm learning about AES in my graduate Cryptography class and your video make is easy to understand the concept. Keep up the good work and hope to see you often! Thanks!
(For those that don't know, triple-ecryption goes like this: Cypher == encrypt(key1,(decrypt(key2,(encrypt(key3,(plaintext)))), plaintext = decrypt(key2,(encrypt(key2,(decrypt(key1,(Cypher)))). It uses the same hardware, takes 3 times longer, and is not quite 3 orders of magnitude more secure) I actually did that with AES in Python for a Corsera class, just for the lulz. Not taking the fact all three keys need to be in RAM, and other various implementation problems (you don't attack the encryption, you attack it's implementation), trying to bruteforce that would be laughably hard.
Speed and security considerations - ChaCha20-Poly1305 is faster in software than AES-GCM. AES-GCM will be faster than ChaCha20-Poly1305 with AES-NI. AES-CTR with HMAC will be faster in software than AES-GCM. Poly1305 is also easier than GCM for library designers to implement safely.
In physics, a chain is only as strong as its weakest link. However, in cryptography, the inverse is true. The message is as secure as the strongest method used. Yes, I am talking about "daisy chaining" crypto systems. 1. ROT 13 2. AES. You can't get to the super simple ROT 13 unless you first break AES..
Chacha20's design wasn't just to make it faster in software using conventional hardware. It also designed to avoid side channels in software implementations. Due to fast implementations of AES needing lookup tables the key can be inferred due to timing differences. (Also the sound the CPU makes which is freaky) Chacha20 is also seekable, if you have encrypted a 20GB block and you want to read the end of it. In AES-GCM you'd decypt the whole block. In ChaCha you can decrypt any part of the sequence. (Also XChaCha20 is now used in TLS 1.3)
AES-GCM actually works similar to ChaCha-20. You give it an counter value to use and it spits out a keystream to use. AES-GCM is therefore seekable as well, as you can decrypt only the end of the block.
A Belgian is at the root of the world wide web; two Belgians have invented the present secure data algorithm. Wow, we are such a plucky little country!
@Chris B Rijmen and Daelen are professors at the University of Leuven and they made rijndael @Karl Moens if rijndael did'nt exist serpent would just have been chosen
At 1:30 he is saying that triple des uses 3 keys. Triple des uses a encryption(key1) decryption(key2) encryption(key1) pattern so it uses 2 keys. It also has the weakness in the case that the 2 keys are equal because it then decrypts the encryption with the same key so that part cancels out. making triple des equal to des in that case.
In addition to security and performance, NIST has to deal with political pressure from NSA (make it strong enough, so that the community adopts the standard, but not strong enough, so that NSA cannot break it, for national security reasons). Former led to the selection of Rijndael and the latter led to the elimination of 256-bit state (only 128 bits allowed even when key-length is 256 bits). This was not public knowledge until the latter over-shadowed former, with standardization of Dual_EC_DRBG. AES is great for pretty much everyone but for the super-paranoid, use Rijndael with 256-bit block size or preferably switch to using CHACHA20 (256 bit key with 512 bit state). The new TLS 1.3 standard requires CHACHA20 as a mandatory algorithm to support strong encryption. The crypto industry has learnt a lot since 2001 (when AES was standardized).
I vaguely remember this back in 1990's. Once the US eliminated the restriction on encryption key length and the internet become more popular there was dire need of a new encryption standard. As stated this was driven in the US by NIST so there was some concern the selection process was weighted in favor of the NSA - to allow them to more easily break the cipher. Given AES is an open standard that does not appear to be the case. It certainly has become pervasive.
I think it's been proven that quantum computers won't ever be able to break a N bit key with less 2^(N/2) operations. Doubling the key length would do the trick as a first step, but keep in mind that we are very far from entangling enough qbits and even further from achieving sufficiently low error rates.
It reduces the complexity by "half", that is as if the key was half the length. When using a 256 bits key, then as he said in the video even a 128bit key is hard enough.
@@raphaelqueiroz7925 Thank you for the reply. I had heard quantum computers could tackle some jobs that were for all intents and purposes unsolvable in under a billion years on today's digital computers. I was wondering if this was one of them.
@@laurendoe168 You're welcome, I also forgot to mention that what I said is only valid for symmetric ciphers like AES. There are some asymmetric ciphers that will become unusable if they are based on integer factorization, but even then we are far from having strong enough quantum computers, plus there are alternative asymmetric ciphers that aren't based on integer factoring ! So yeah, quantum computers are very cool, they will break RSA one day, but that's pretty much it, at least concerning cryptanalysis.
Suggestion: could you do a video on elliptic curve cryptography, i.e. public/private key cryptography based on elliptic curves? (such as ECDSA which is used in Bitcoin) Older public key cryptography such as RSA (based on large prime numbers) is explained in depth in many videos, and is relatively simple. But I haven’t seen anyone ever properly explaining ECC.
"It will take millions of years to break" That is only if you assume that you buy the hardware today. And thus this is a very wrong assumption. 2^128 is a large number: 3 * 10^38. Assume you can test 1 G keys per second today, and hardware gets 2x faster every 10 years. That is a fairly modest assumption today. In the first 10 years you will have tested 10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^17 keys. In the next 10 years you will have tested 2^1 *10^9 keys/s * 3*10^7 s/year * 10 year = 6*10^17 keys. In the next 10 years you will have tested 2^2 *10^9 keys/s * 3*10^7 s/year * 10 year = 12*10^17 keys. ... In year 300-309 you will test 2^30 *10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^26 keys. ... In year 700-709 you will test 2^70 *10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^38 keys. So even with very modest assumptions we are not talking millions of years, but instead 700 years. And if we assume hardware and better algorithms improve by 2x every year (which historically is closer to reality) then we are talking 70 years.
It might become a problem if we achieve biological immortality. Though I doubt if computing power can increase indefinitely. I think it is limited by the speed of light and information density per thermodynamics.
@@CraftBasti You are missing the point. If you think your protection is millions of years, you may be tempted to scale down to 100's of years. But that would be devastating if the true protection is 70 years instead of millions.
AES specifically called for block ciphers. ChaCha20 is a stream cipher. So yes, it's newer, but it's not the same class of algorithm and has different design goals.
Hahaha this guy gets himself into like 1000 more videos with every video he's in. "We'll talk about that more in another video" "We'll go into greater detail on that in another video "
My dad is a journalist and he interwiewed Rijmen en Daelen and they said that they made the name do that english speaking people would'nt be able to pronounce it and ...
To be fair: DES can be computed blazingly fast in *hardware* which is what was important at the time (1970s) when it was developed. Unfortunately all the bit-operations made it dog-slow in software.
Current consent between security researches is that Twofish is the best among the initial submissions and should have won. In any case Rijndael won and that algorithm still isn't bad.
I don't know of any particular weakness to AES, but I still like blowfish / twofish. As for speed and hardware implementation, blowfish was designed for efficient implementation with an integer instruction set on then common 32bit processors. And shouldn't be too bad for speed even on an 8bit processor.
AES wasn't really designed for modern "online attacks" or modern computers, S-boxes are slow compared to modern methods of cryptography, once you remove all the timing attacks caused by it's non-constant time algo it's very slow, Google has pushed for ChaCha20 as an alternative standard, and it's already in Chrome, and OpenSSL, it's constant time so inherently invulnerable to timing attacks, It's probably more secure than AES (20 rounds instead of 14), ChaCha20 is so fast that it can keep up with hardware accelerated AES (AES-NI) in purely software implementations, and ChaCha12 is being used for disk encryption now on "potato" android devices (google Adamantium) that don't have AES hardware acceleration.
There always seems to be a metric of, one super computer working on this problem. What about if it's spread across thousands of cpus, each attacking a different segment of that 2^128?
"DES was made by IBM, with the help of NSA" Oh do you mean when NSA tried to shorten DES key length to 48 bits while IBM tried to stand still on 64 bits, with the spice to the story that some guy brawling over like a child in between?
I don't recall that, though I would like to know more. I DO recall the NSA secretly _strengthening_ DES, not weakening it, by suggesting a new set of S-boxes to use. They never said why at the time(which obviously made people think they weakened it), but research into it years later realized that the NSA's changes made the algorithm more resistant to a special type of attack that wasn't even publicly known at the time DES was first standardized, meaning the NSA knew the technique all along, and buffed up DES against it.
I'd like to see a video on the CAESAR crypto competition one day. And the SHA-3 process as well. AFAIR (from classes taught by the man himself, though it's a handful of years ago), Lars Knudsen (from the Serpent team) agrees with the choice of Rijndael as AES. Not so much with Keccak as SHA-3.
This man is always dressed the same way his consistency is fascinating.
He is computer generated
He's the upgrade version of Max Headroom
He's run on the same program as Tom Scott
You have no power here!!!!
Unless a better clothing algorithm is found, there's no need to use anything else.
The man, the myth, the legend Dr Mike Pound
*Dr Mike Pwnd
In his honour, instead of #hashtags in future, let us have £poundtags.
I’m Sam pound, I’m number one, apologizing for what I’ve gone, if you’re wondering what that was I snuck into a bathroom and *beeeeeeeeeep*
@@lawrencedoliveiro9104 £We_should_do_that
now I'm really looking foreward to that *_other video_* where we're gonna talk about all those other topics we couldn't in this one
Im always looking forward to the topics that they wont go into in the current video..
Happens to me all the time
yes! enough chitchat! to the maths!! ;-)
I had to screenshot that comment. That's beautiful.
This guy carries this channel, probably single-handedly responsible for half a million subs
He is very motivating -- I always feel like doing what he talks about as my next project :)
Sebastian Elytron Brailsford.
Hah. You can't be forgetting Professor Brailsford. I'm sure he's also responsible for a lot of subs.
Him and Brailsford are the most compelling speakers, who also have many very interesting things to talk about. However, as an avid comp sci geek, you'd be hard pressed to find a video on this channel that I wouldn't want to watch.
@@arik_dev I've found a few that didn't interest me, but they are few and far between.
"We'll talk about this in another video."
"Oh, and we'll talk about THAT in another video."
"...and that!"
Really looking forward to all these videos with one of the greatest guys on Computerphile (and there's some strong competition going on, make no mistake on that!).
Other RUclips Video: "hmm almost 10 minutes, I'll watch that later..."
*sees Dr. Mike Pond*: "damn, this is not even 10 minutes..."
^ Dr. Michael Pound
I have been fascinated with the complexity of encryption algorithms since I was a teenager decades ago.
I was fortunate enough to get my hands on the original IBM publication that documented their DES. ( As proof, the only two inks used, were black and purple ) That documentation was incomplete. I managed to fill in the gaps and implement the DES in 6502 assembly language. It took 45 seconds to encrypt/decrypt 2048 bytes on a 1Mhz machine. I verified my implementation using the test data and expected results listed in the documentation. One of the main problems with DES, was that no one trusted it. The design goals/requirements were not made public. People felt it had questionable/nefarious origins.
Along comes AES. Definitely faster than DES.
This person is solely responsible for reigniting my interest in academic research. Hope he makes more videos.
I am always happy to see a video with Dr. Pound in my subscription feed :) keep up the great work!
Dr. Mike Pound's explanations are the clearest and easiest to understand for the layperson that I have ever heard. Please do more videos with him.
It would be nice if Blowfish/Twofish was covered. There has been some controversy about its not being selected given its performance on 256bit keys.
1:33 Two keys, not three for triple DES. That’s what it says in Tanenbaum’s _Computer Networks_ text, 4th ed, page 740. You encrypt with key K₁, decrypt(!) with K₂, then encrypt again with K₁.
Lawrence D’Oliveiro yep, this keeps it backwards compatible with normal DES if you choose the same key for k1 and k2
@L. Kärkkäinen 3DES was broken by MIT students using parallel computing in a few weeks. If I remember correctly.
@L. Kärkkäinen AES is far superior to 3DES, aka TDES. But two fish is more secure than AES. AES IS faster and more... efficient, though.
Triple DES could be keyed either with two keys (encrypt with K1, decrypt with K2,encrypt with K1 again) or three keys (encrypt with K1, decrypt with K2, encrypt with K3).
Smh, I use double ROT13 encryption on all my files.
hol up-
haha :D
Same here. Although it may not be the most secure (quantum computers could probably break it), it’s extremely efficient 👍
@Stromboli I’m a master hacker. I can crack double-ROT13 encryption in my head.
I'd like this but its sitting at 69 likes... Nice
Always here to watch one of the only channels on YT that are worth it.
If only professors were all just like this man.. our lives would be so much easier...
I see Dr. Pound, I watch the video.
Would you say you Pounded the play button?
@@PhoenixTubez not saying I didn't too. 🤣
Dr. #
NPC.
this guy is the best computerphile explainer-dude ..don’t matter what he’s talkin’ bout.. it’s just good talk.
We all love Dr. Mike Pound
I could listen to him talk all day!
interesting video, thank you for sharing these for free!
This man is genius!!! I like the way he explains cryptography and complex things.
"One Encryption Standard to Rule Them All!" - Famous last words
He did mention ChaCha20 tho.
I'd love to see you cover ChaCha20. It's especially great for PRNG. Also, Galois Counter Mode (GCM) is really cool and worth covering (IMO).
7:11
Q: Is that job done then?
A:
The true code is the QUANTUM KEY CODE, it is your personal security key that only you will recognize when you get it. A quantum key is truly unbreakable any attempt to hack the key results in the destruction of the key. When you have the key you are working with very advanced computers so it is best to abide with the guidelines as best possible. Quantum key codes are sent via the smallest possible particle along a fibre optic line at a specific predetermined time. If the line is broken, the key gets destroyed because it is the most fragile thing. If the key is not received then the user knows that there was an attempt to hack the key. You can never know me, I hope you also get your key. You will know what it is.
@@timothycurnock9162 Are you possibly _VERY_ high right now? Like high enough to need to seek medical help?
@@timothycurnock9162 How does the key know the difference between a “hack” and a “legitimate decrypt”?
@@lawrencedoliveiro9104 the key is given only to 1 specific target. That target will know it is the quantum key, it will be as plain as day.
@@timothycurnock9162 How does the key know who it has been given to?
Few things cheer me up like a new Mike Pound video
AES 2: Electric Boogaloo
My professor of Linear Algebra was Vincent Rijmen, the guy behind Rijndael, we never knew what he crrated, just that is was worldchanging
You bring the story a bit like ‘Drunk History’. Love your style!
you mean that famous "military grade encryption" :)))))))))))
You can trust NerdVPN, where we drink military-grade coffee.
More like millivpn
@@4.0.4 If anyone doesn't know what "military grade coffee" taste like, just pour some muddy water and turpentine together and add lots of sugar. Delicious!
I need another video like the timezones and colalization ones… I love how they give me anxiety by just watching them.
Joan Daemen is my professor at Radboud University, so awesome to be taught by one of the best :D
Love these videos Dr. Pound. Currently I'm learning about AES in my graduate Cryptography class and your video make is easy to understand the concept. Keep up the good work and hope to see you often! Thanks!
So, what about the next step - triple rijandael?
(For those that don't know, triple-ecryption goes like this: Cypher == encrypt(key1,(decrypt(key2,(encrypt(key3,(plaintext)))), plaintext = decrypt(key2,(encrypt(key2,(decrypt(key1,(Cypher)))). It uses the same hardware, takes 3 times longer, and is not quite 3 orders of magnitude more secure)
I actually did that with AES in Python for a Corsera class, just for the lulz. Not taking the fact all three keys need to be in RAM, and other various implementation problems (you don't attack the encryption, you attack it's implementation), trying to bruteforce that would be laughably hard.
I wonder if triple-ROT13 is 3 times as secure as ROT13. 😏
@@JNCressey Better go for quadruple, just to be sure.
Speed and security considerations - ChaCha20-Poly1305 is faster in software than AES-GCM. AES-GCM will be faster than ChaCha20-Poly1305 with AES-NI. AES-CTR with HMAC will be faster in software than AES-GCM. Poly1305 is also easier than GCM for library designers to implement safely.
This guy has passion, I wish he was one of my teachers
Imagine having the co-designer of Rijndael as your teacher
(That man is an absolute legend)
@@DantevanGemert Rijmen = best linear algebra teacher.
The fact that Mike Pound doesn't have a youtube channel is a crime.
Great video though
8:15 "Jar Jar 20" An algorithm written in Gunganese. Unbreakable except when spilling water on the device.
Tim Larkin chacha20
@@Keneo1 No, JarJar20 is a new algo. It's from a galaxy far, far away.
I'm a simple man, I see Dr Mike, I click.
In physics, a chain is only as strong as its weakest link.
However, in cryptography, the inverse is true. The message is as secure as the strongest method used. Yes, I am talking about "daisy chaining" crypto systems.
1. ROT 13
2. AES.
You can't get to the super simple ROT 13 unless you first break AES..
Chacha20's design wasn't just to make it faster in software using conventional hardware. It also designed to avoid side channels in software implementations.
Due to fast implementations of AES needing lookup tables the key can be inferred due to timing differences. (Also the sound the CPU makes which is freaky)
Chacha20 is also seekable, if you have encrypted a 20GB block and you want to read the end of it. In AES-GCM you'd decypt the whole block. In ChaCha you can decrypt any part of the sequence.
(Also XChaCha20 is now used in TLS 1.3)
AES-GCM actually works similar to ChaCha-20. You give it an counter value to use and it spits out a keystream to use. AES-GCM is therefore seekable as well, as you can decrypt only the end of the block.
A Belgian is at the root of the world wide web; two Belgians have invented the present secure data algorithm. Wow, we are such a plucky little country!
Who are you referring to?
@Chris B Rijmen and Daelen are professors at the University of Leuven and they made rijndael @Karl Moens if rijndael did'nt exist serpent would just have been chosen
punty punty also, encryption isn’t the route of the internet. Much of what we do online isn’t encrypted.
At 1:30 he is saying that triple des uses 3 keys. Triple des uses a encryption(key1) decryption(key2) encryption(key1) pattern so it uses 2 keys. It also has the weakness in the case that the 2 keys are equal because it then decrypts the encryption with the same key so that part cancels out. making triple des equal to des in that case.
always enjoy these videos thanks
In addition to security and performance, NIST has to deal with political pressure from NSA (make it strong enough, so that the community adopts the standard, but not strong enough, so that NSA cannot break it, for national security reasons). Former led to the selection of Rijndael and the latter led to the elimination of 256-bit state (only 128 bits allowed even when key-length is 256 bits). This was not public knowledge until the latter over-shadowed former, with standardization of Dual_EC_DRBG. AES is great for pretty much everyone but for the super-paranoid, use Rijndael with 256-bit block size or preferably switch to using CHACHA20 (256 bit key with 512 bit state). The new TLS 1.3 standard requires CHACHA20 as a mandatory algorithm to support strong encryption. The crypto industry has learnt a lot since 2001 (when AES was standardized).
I vaguely remember this back in 1990's. Once the US eliminated the restriction on encryption key length and the internet become more popular there was dire need of a new encryption standard. As stated this was driven in the US by NIST so there was some concern the selection process was weighted in favor of the NSA - to allow them to more easily break the cipher. Given AES is an open standard that does not appear to be the case. It certainly has become pervasive.
looking forward for the AES video
This guy deserves a statue one and only Dr. Mike Pound!!!
I'm waiting for a Dr. Pound video about quantum computers and the future of encryption.
Please do a video on CHACHA20, since it's one out of the three "standard" TLSv1.3 ciphers.
And please make it a video where you compare the algorithm to Rijndael.
This and Miles (the AI guy) are my favorites.
Im a simple man, I see mike pound, I click the video
Great stuff!
Can we look at post quantum encryption standards please
I hope a video is done on the current Post-Quantum Cryptography Standards competition.
I hope one day we will see a video about DES
0:20 That depends on the cipher suite negotiated during the TLS handshake.
How would quantum computing effect the security of AES?
I think it's been proven that quantum computers won't ever be able to break a N bit key with less 2^(N/2) operations.
Doubling the key length would do the trick as a first step, but keep in mind that we are very far from entangling enough qbits and even further from achieving sufficiently low error rates.
AES has been proven to be quantum resistant when using more bits for the key
It reduces the complexity by "half", that is as if the key was half the length. When using a 256 bits key, then as he said in the video even a 128bit key is hard enough.
@@raphaelqueiroz7925 Thank you for the reply. I had heard quantum computers could tackle some jobs that were for all intents and purposes unsolvable in under a billion years on today's digital computers. I was wondering if this was one of them.
@@laurendoe168 You're welcome, I also forgot to mention that what I said is only valid for symmetric ciphers like AES. There are some asymmetric ciphers that will become unusable if they are based on integer factorization, but even then we are far from having strong enough quantum computers, plus there are alternative asymmetric ciphers that aren't based on integer factoring !
So yeah, quantum computers are very cool, they will break RSA one day, but that's pretty much it, at least concerning cryptanalysis.
My precious
Suggestion: could you do a video on elliptic curve cryptography, i.e. public/private key cryptography based on elliptic curves? (such as ECDSA which is used in Bitcoin)
Older public key cryptography such as RSA (based on large prime numbers) is explained in depth in many videos, and is relatively simple. But I haven’t seen anyone ever properly explaining ECC.
Coincidentally TrueCrypt uses the three of AES, Serpent and Twofish chained together to encript its data
You changed the title! I noticed it
AES is my favourite encryption. Make video about DES encryption too.
I like this channel, I will subscribe immediately.
"It will take millions of years to break"
That is only if you assume that you buy the hardware today. And thus this is a very wrong assumption.
2^128 is a large number: 3 * 10^38.
Assume you can test 1 G keys per second today, and hardware gets 2x faster every 10 years. That is a fairly modest assumption today.
In the first 10 years you will have tested 10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^17 keys.
In the next 10 years you will have tested 2^1 *10^9 keys/s * 3*10^7 s/year * 10 year = 6*10^17 keys.
In the next 10 years you will have tested 2^2 *10^9 keys/s * 3*10^7 s/year * 10 year = 12*10^17 keys.
...
In year 300-309 you will test 2^30 *10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^26 keys.
...
In year 700-709 you will test 2^70 *10^9 keys/s * 3*10^7 s/year * 10 year = 3*10^38 keys.
So even with very modest assumptions we are not talking millions of years, but instead 700 years.
And if we assume hardware and better algorithms improve by 2x every year (which historically is closer to reality) then we are talking 70 years.
It might become a problem if we achieve biological immortality. Though I doubt if computing power can increase indefinitely. I think it is limited by the speed of light and information density per thermodynamics.
70 Years per file? I hope you pick the right one to crack and don't regrett your choice when you hear what it said on your deaths bed
@@CraftBasti You are missing the point.
If you think your protection is millions of years, you may be tempted to scale down to 100's of years. But that would be devastating if the true protection is 70 years instead of millions.
Nonsense, your assumptions are wrong.
@@JuicyJonesHQ Yet you provide exactly zero (0) evidence that the assumptions are wrong.
Can you understand why people will not believe you?
New stuff is ChaCha20/Poly1305 and Ed25519 - not susceptible to side channel attacks and shorter assymetric keys.
AES specifically called for block ciphers. ChaCha20 is a stream cipher. So yes, it's newer, but it's not the same class of algorithm and has different design goals.
Dr. Pound looks like an older normal-weight version of Jared Dunn from Silicon Valley
Normal weight version, love the PC.
I took my Sec+ today, I got it!
Beautiful. Two members of the cryptographic community get together and create an algorithm that bests the efforts of tech giants like IBM.
now waiting for "how rijendael works"
So for 'something would have to go really wrong for us to reinvent the wheel', what about the sycamore chip?
Video on quantum resistant public key cryptography methods like lattice based methods?
Correct famous algorithms suitable but they aren't limits by input parameters but change it often that create in security by process too. 😃
Hahaha this guy gets himself into like 1000 more videos with every video he's in.
"We'll talk about that more in another video"
"We'll go into greater detail on that in another video "
RCS is becoming more and more common, thoughts on talking about it at some point?
My dad is a journalist and he interwiewed Rijmen en Daelen and they said that they made the name do that english speaking people would'nt be able to pronounce it and ...
To be fair: DES can be computed blazingly fast in *hardware* which is what was important at the time (1970s) when it was developed. Unfortunately all the bit-operations made it dog-slow in software.
RINJDAEL IS BOTH OF THEIR NAMES!!!
What does it mean for encryption to be able to work on a hardware level? I'm confused how that works
Why wasn't NIST mentioned along with post-quantum?
Twofish should have one, just as blowfish before it. But we’re talking NIST here. Can’t play a game you cannot win yourself.
Current consent between security researches is that Twofish is the best among the initial submissions and should have won.
In any case Rijndael won and that algorithm still isn't bad.
@@TmOnlineMapper as far as modern hardware goes, IIRC all five initial submissions have hardware support these days, I know Twofish does.
I don't know of any particular weakness to AES, but I still like blowfish / twofish. As for speed and hardware implementation, blowfish was designed for efficient implementation with an integer instruction set on then common 32bit processors. And shouldn't be too bad for speed even on an 8bit processor.
He should make a video on why twofish didn't get any votes; especially in the light of the excellent follow on work that led to redfish and bluefish
When he says "sp networks", all I hear is "yes peanut works". I might just be hungry.
AES/Rijindael is just Belgian waffle!
first visit to computerphile.. can you in theory break these with a quantum computer? Perhaps you have some content on this?
I thought he was talking about Ryan Dahl, the nodejs inventor
He is busy with Deno.land
Is the ring in the thumbnail a reference to digital fortress?
Thank you
Can someone explain to me what Mike refers to at 07:46? Thanks.
"One of the nice things about academia is that if you perform good work people will notice that work"
yeeahhh about that...
AES wasn't really designed for modern "online attacks" or modern computers, S-boxes are slow compared to modern methods of cryptography, once you remove all the timing attacks caused by it's non-constant time algo it's very slow, Google has pushed for ChaCha20 as an alternative standard, and it's already in Chrome, and OpenSSL, it's constant time so inherently invulnerable to timing attacks, It's probably more secure than AES (20 rounds instead of 14), ChaCha20 is so fast that it can keep up with hardware accelerated AES (AES-NI) in purely software implementations, and ChaCha12 is being used for disk encryption now on "potato" android devices (google Adamantium) that don't have AES hardware acceleration.
Well done pronouncing ”Nokia”!
There always seems to be a metric of, one super computer working on this problem. What about if it's spread across thousands of cpus, each attacking a different segment of that 2^128?
I can't believe how similar his facial expressions are to Brad from Bon Appetit!
well this is a crossover i didn't expact! mind elaborating on the similarities?
"DES was made by IBM, with the help of NSA"
Oh do you mean when NSA tried to shorten DES key length to 48 bits while IBM tried to stand still on 64 bits, with the spice to the story that some guy brawling over like a child in between?
Ooh do please elaborate on the drama.
I don't recall that, though I would like to know more. I DO recall the NSA secretly _strengthening_ DES, not weakening it, by suggesting a new set of S-boxes to use. They never said why at the time(which obviously made people think they weakened it), but research into it years later realized that the NSA's changes made the algorithm more resistant to a special type of attack that wasn't even publicly known at the time DES was first standardized, meaning the NSA knew the technique all along, and buffed up DES against it.
Vincent Rijmen is my prof at my university :D
..., one encryption to find them. one encryption to bring them all, and in the darkness bind them.
Best Video to go with my dinner
i thought that he was going to talk about "ryan dahl", the creator of node.js
Once back door to rule them all.
Will AES be effective, considering the very recent(just last month) developments on quantum computing by Google?
I'd like to see a video on the CAESAR crypto competition one day. And the SHA-3 process as well.
AFAIR (from classes taught by the man himself, though it's a handful of years ago), Lars Knudsen (from the Serpent team) agrees with the choice of Rijndael as AES. Not so much with Keccak as SHA-3.