AES Encryption: What's the difference between the IV and Key? Why do we need an IV?

Поделиться
HTML-код
  • Опубликовано: 18 ноя 2024

Комментарии • 56

  • @benarroyo
    @benarroyo 2 года назад +3

    Thanks! This helped a lot. I had an idea of what IV was, but I needed an example to solidify my learning.

  • @digitaldistancerecords736
    @digitaldistancerecords736 6 месяцев назад +1

    Thanks man, I was going over WPA for my CCNA and I had no idea what the hell an Initialization vector was, and they did not care to explain it.

  • @rajib7278
    @rajib7278 8 месяцев назад

    Thanks. Your explanation really helped. Great job 👍🏽

  • @iftak01
    @iftak01 2 года назад +1

    Great video Bud explained it well

  • @jozefsoucik3115
    @jozefsoucik3115 Год назад

    critical mind explanation...thanx a lot

  • @VladP117
    @VladP117 2 года назад +3

    Thank you! The only question I have - how receiving part will know IV? Do we send IV with message itself every time? Is IV visible for "everyone" or encrypted as well. :)? What is best practice? Thanks a lot.

    • @matthewventures
      @matthewventures  2 года назад +6

      Yes you have to send it with the message itself. And it is not encrypted. You can put it at the Fron of the message. You can just put it at the front. Even if they know what bytes are the iv they won't be able to determine the secret key

  • @azoz1433alamodi
    @azoz1433alamodi Год назад

    that was amazing ! thank you for the great service

  • @frankdell
    @frankdell 4 месяца назад

    Amazing video, thanks a lot

  • @amolsutar9247
    @amolsutar9247 Год назад

    Thank you. This helped a lot.

  • @schen2024
    @schen2024 2 года назад

    thats a pretty interesting menu bar

  • @pontv9005
    @pontv9005 Год назад +1

    supposed that i capture the encrypted message 500 with IV of 3 then resend it back to the server then I would still win the game. I just have to capture the encrypted message every time I win, it does not matter if the message is different every time I win, i just resend that encrypted message and still win. Is the IV sent along with the encrypted message? Is the IV one time use only?

    • @matthewventures
      @matthewventures  Год назад

      yes iv is one time use only. a new one is created for each message and sent with the message.

  • @breachbase
    @breachbase Год назад

    This was super useful, thanks

  • @boazmatzliah1528
    @boazmatzliah1528 Год назад

    Great explain

  • @sammunta1543
    @sammunta1543 2 года назад

    thanks a lot but what are similarities between DES and AES plz

  • @mamun001
    @mamun001 Год назад

    Thanks!

  • @cimbot
    @cimbot 2 года назад +1

    Thanks for the video!
    In this example, it means that the IV will also always be sent between client-server right? Besides the encrypted message

    • @cimbot
      @cimbot 2 года назад +2

      But the hacker won't know that the transmitted IV is important to decrypt the data, because they doesn't know that it's an IV
      Am I correct?

    • @matthewventures
      @matthewventures  2 года назад +2

      @@cimbot yes that's correct, and how you send the iv is secret. So it could be appended to the back, or it could be put at the front, or he could do something crazy like every other character is the iv

    • @cimbot
      @cimbot 2 года назад

      @@matthewventures I see, thank you very much Matthew!

  • @chaitanyakunda8583
    @chaitanyakunda8583 5 месяцев назад

    then how does the server decrypting know this IV to be able to decrypt?

    • @matthewventures
      @matthewventures  5 месяцев назад

      You don't encrypt the IV. You just deliver it. You're like, "here is the encrypted message: 4747477438 and here is the IV: 54".

  • @Victor_Gerfalov
    @Victor_Gerfalov 10 месяцев назад

    Awesome

  • @okmm2807
    @okmm2807 Год назад

    You should all be asking why now:
    Why not only rely on a random seed?
    IV+Key is just one password.
    You can remove key and only use a random IV and will end up with the same result.
    Key would just be there if you don't want to generate larger random numbers at the expense of security.

    • @demonetiz3d
      @demonetiz3d 10 месяцев назад

      How would you decrypt data then?

    • @okmm2807
      @okmm2807 10 месяцев назад

      It you need a certain amount of information e.g. 512 bits and you want to use 256 bits as a static key e.g. 32 letters you can use one half of the 512 bits as the static key which means the second half must be random. You see? Having two parts makes no sense, its stupid. Just forget about the static key and use 512 random bits which you can use to feed two algorithms.
      Having a static key which you reuse is just one more point of failure if you use not enough random bits of cause. Also handling the information of the static part is another unnessary problem.

  • @imaxu8914
    @imaxu8914 Год назад

    Amazing!! Thanks!!

  • @youtubecopyrights
    @youtubecopyrights 2 года назад

    How does the receiving end of the encrypted data know what IV was used to decrypt?

    • @matthewventures
      @matthewventures  2 года назад +3

      You send the iv with the message. It is a known size, so how you send it is up to you. You could send it as the first x amount of characters in your message. Or the last x characters. Or maybe every other character for the first 2x characters is part of the iv.

    • @samartajshaikh2601
      @samartajshaikh2601 Год назад

      @@matthewventures ok, so we do not send IV separately, we mix it up in final encrypted message. And server-end knows how to extract IV from encrypted message also, it must also have information about the key and the algorithm to decrypt the message using both IV and key.

  • @brianseagers2620
    @brianseagers2620 2 года назад +1

    NO WAY! It's Kevin McCallister from Home Alone! From protecting homes to protecting Networks. Love to see it 😁😁

    • @RineezAhmed
      @RineezAhmed 2 года назад

      Definitely looks like the Home alone boy Macaulay Culkin 😁

  • @Ainigma
    @Ainigma 2 года назад

    but you still need to send the IV with the encrypted message (because no one else would be able to decrypt it), right?

  • @ChungLeeVN
    @ChungLeeVN 2 года назад

    Good Man, it easy understand

  • @thedarkknight1865
    @thedarkknight1865 Год назад

    nice example

  • @scaryaddress
    @scaryaddress Год назад

    what does IV stand for ?? please PS: great video

  • @emmanuelobileye5643
    @emmanuelobileye5643 Год назад

    Thanks

  • @freedomforever2026
    @freedomforever2026 Год назад +2

    блядь, а как расшифровывать-то????

  • @ЛеонидКраснов-о9е
    @ЛеонидКраснов-о9е 5 месяцев назад

    Why not use random key then?
    Basically you just used pair (IV, Key) as new Key, and it is as random as IV, so what is the point of keeping one part fixed, when you always use it in bundle with random part?

    • @matthewventures
      @matthewventures  5 месяцев назад +1

      The receiver needs to know the key in order to decrypt the message. If you used a random key then it would just be another IV. The key is randomized, it's just not randomized every message. The whole point is that the key is something special that the receiver needs and that we can hopefully give to them in a way that someone who is reading all of the messages in between us will not have access to. For example, we might bundle the key in the source code of the program rather than having to send a key over the network. So that even if they can see all of the internet packets, we are passing back and forth which will include the IV and the message itself. It will not include the key. They would have to hack the client to to get the key.

    • @ЛеонидКраснов-о9е
      @ЛеонидКраснов-о9е 5 месяцев назад

      @@matthewventures Okay, I see, thanks

  • @samartajshaikh2601
    @samartajshaikh2601 Год назад

    Thanks. It is very informative. I have a few doubts though -
    1. if we are generating IV on client-end then how will the server decrypt the message correctly ?
    2. if we be generating a new IV each time we have to send a new message. Then how will we keep track of those IVs on both client-side and server-side ?

    • @matthewventures
      @matthewventures  Год назад +2

      The iv is like a public key basically. So we simply tell the server what that key is, each message will have its own IV.
      You send the IV with the message, it's part of the same payload

  • @jemmalitaha4658
    @jemmalitaha4658 2 года назад

    But he must also send the iv so that the server can decrypt, right?

    • @matthewventures
      @matthewventures  2 года назад

      Yes you have to send the iv. From my understanding the standard practice is that you don't even encrypt the iv. So I think it is sufficient to just send it in the front of your payload. But it's basically like a public password if you want to think of it that way, as if you have a public password and a private password

    • @samartajshaikh2601
      @samartajshaikh2601 Год назад

      @@matthewventures so if IV is the 'public password' and encrypted message is the 'private password' then, is the algorithm used to achieve the encryption the hidden link which hackers need to decode ?
      and what about key. Does server know the key in this case ?

    • @fisyr
      @fisyr Год назад

      ​@@samartajshaikh2601The algorithm is known to everyone. What's secret is the key that the both parties share and don't send to each other. They only send the iv.
      Also hi, I'm currently trying to write an encrypted chat program from scratch for fun and I randomly stumbled on this video while learning about these things.

  • @vuralmecbur9958
    @vuralmecbur9958 Год назад

    If IV is public then the player can guess the key again:
    1. IV=4, Message=600
    2. IV=3, Message=500
    It is very clear that each increment in IV results in 100 increment in message.

    • @matthewventures
      @matthewventures  Год назад +1

      That's only because my algorithm is simple. You'd have to decrypt the dull aes process which they cannot do.

    • @vuralmecbur9958
      @vuralmecbur9958 Год назад

      Thanks@@matthewventures

  • @HossamTK
    @HossamTK 3 года назад

    Hello bro

  • @N0th1ng_to_s33
    @N0th1ng_to_s33 6 месяцев назад

    i thought iv was four lol

  • @d_cb
    @d_cb Год назад

    Bro do you actually use that much softwares ??? Clean that task bar it makes me stressful