What are Digital Signatures? - Computerphile
Vložit
- čas přidán 10. 12. 2020
- How do you verify that someone is who they say they are? Dr Mike Pound on digital signatures.
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
Amazing how Tobey Maguire is saving Mary Jane at night and teaching people about computers in the day
So thats why Dr. Mike Pound looked familiar xD
Nah Mike looks like HUGH GRANT / Frodo and I'm a big Toby McGuire fan but never thought of Toby looking like Mike. It's the Frodo Baggins look
brilliant but lazy 🤣
@@klyanadkmorr Elijah
@@AcornElectron I couldn't remember his name on the tip of my tongue but didn't feel like searching☺
Not gonna lie, I came for the information but I stayed for the pen colour change.
I just paused the video to look for "this" comment. #wellDoneSir
very exciting
Mike is a legend, he explains everything so well and makes it easy for anyone to understand.
agreed
@@t3buron513 indeed.
Hmm, not sure I agree with you on that. As a student studying an IT degree having recently covered a module on cryptography, I was able to understand most of what he was saying, but if i came here with no background knowledge I would have been completely lost. I'm not criticising him or anything, that's just my opinion on the matter.
Truly the sign of somebody who has absolutely mastered their craft.
He is cool as a cucumber!
When I see Mike in the thumbnail, instant click.
When I see Mike, I pound that like button.
Absolutly love how these guys discuss immensly complex topics, yet when it comes to verifier neither is all that sure how it's spelled! I feel so seen!!!
:) Yes!
This actually makes a lot more sense than the previous videos on digital signatures on this channels as it actually goes into the details. It was really unclear in my mind before but this is a great explanation of what actually happens.
Thank you Dr. Michael Pound. Your explanations are so clear and mind-blowing. One of my favorite channels on CZcams!
Dr Pound is one of my favorite to listen to 🤩
But I feel like it would be nice if this episode included some more information and / or details about digital signatures (maybe some extra bits?😉)
"I'm gonna change my pen colour - it's all very exciting" xD
Your knowledge as well as English accent is historical.
Dr Mike Pound grounds and pounds every problem till it is solved.
Thanks for all the videos! I've been watching them and learning from them for years
9:41 Remember, none of these public keys is confidential. The problem is, you have to trust they are authentic, that they really came from the people they say they’re from.
But if they are not the public key from your intended sender then they won't be able to decrypt the encrypted message from your intended sender. So, if the public key itself gets tampered you will know something's not right. Or did I miss something?
@@akashchoudhary8162 You could get fooled into accepting messages from a fake sender instead. So you need to obtain the public key from a trusted source.
@@lawrencedoliveiro9104 Interesting, thanks for the clarification
If I'm not wrong for that we use digital certificates
Any chance of a video regarding the TPM (trusted platform module ) and how it works, just finished writing an essay and it came up and I found it rather interesting, keep up the great content !
So informative yet informal and digestable. Many thanks
Please do videos about all the topics mentioned in the video. Can't wait to see them.
Damn. I've caught up with watching Computerfile. Now I'm going to have to wait for more episodes to come out.
One of the best channel on youtube.
I love it, like every other of your videos. I'm just wondering one thing: He can explain everything so well, why wouldn't he do something like a full structured course with lectures and covering a topic (e.G. encryption, Web security, how the iternet works, ... ) as a whole with all the most important components. I would instantly sign up for that!
He is working full-time at a university so I guess this is just a side hustle for him
This video was actually tremendously helpful. I had a rough understanding of PKI with RSA, but I always thought DSA was a totally different process.
I didn't know it was (effectively) just encrypting the hash of the message with an asymmetric key
Love Mike! He needs his own channel! 🤩
memorised elgamal, memorised RSA, learned all these protocols and how signatures work... had my exam...
computerphile video gets published. I swear if it was the other way around, I wouldve included this in my schoolwork for sure.
wow this is the first comphile video I'm watching as soon as it has been published
Here I am, Mike Pound. Signed, sealed, delivered - I'm yours!
Thanks, Computerphile for working with amazing contributors like Dr. Pound, making this material more accessible to a wannabe geek.
Perfect timing lads! Got a Compsec final tomorrow.
Dr. Mike Pound finally! Love your vids and Mike :)
EXCELLENT use of the Lav mic!
Mike is the best. I really want to hear him talk about what he likes about C#.
Great video. Maybe it could be interesting to talk about JWT tokens as well
Thanks for the lecture, Peter Parker!
Lol
he reminds me more of Ralph Macchio in Cobra Kai
Is the public key infrastructure video available? I just tried searching for it and couldn't find it!
Thanks Dr. Pound
he says its all very exciting but it really is exciting .
I have been really enjoying the videos regarding cryptography, security, hashing, etc. I would love to see a video (or maybe a couple if the subject warrants) how the underlying algorithms, specifications, equations, etc could be undermined by an actor (at whatever level [state, provider, ???]) to weaken or at least make it easier for "them" (and ideally/supposedly them and no-one else) to recover or recreate (or even forge or alter) the plain-text information.
Remember, the specifications of all standard crypto is out in the open. So virtually the only way of attacking a scheme like you said would be to wrongly implement it. And you'd still have to do it in a way that it's compatible with other implementations. Everything else would be noticed quickly for open source projects. For closed source, it get's harder to notice this, but not necessarily impossible.
Many crypto algorithms use some source of randomness and their security relies critically on this randomness. If you could somehow implement a random generator where only you could predict it's values, that would give you the upper hand. For some schemes you might be able to recover the plaintexts this way. For example because you could predict the choice of secret key or of some information that is used to "cover"/blind the message. It's hard to describe this stuff without going into the details.
If you propose a new algorithm, the situation is different, of course. But that is one of the reasons why cryptographers advocate so much for using standard and well-researched schemes. :)
we are still waiting for the "next video" you mention at the very end ;)
I couldn't find the video he mentioned in the end about public key infrastructure. Did I search something wrong or isn't there one?
Extra like for the guitar collection! 1:36
Computerphile Time!
If you click on the little lock in the address bar of your browser you can see the RSA signed certificate :-)
How does the public keys decryp signatures and matches with private keys? Who owns the private keys´ list master file which is embedded into BTC blockchain?
Can you upload the next video tomorrow? I have a computer security exam on these things this coming Monday and these are very useful hahah
I'm looking for the Public Key Infrastructure video he mentions at the end of this video. It's supposed to be the next video in the series but I can't find it, anyone?
Question. Emailing a document takes seconds. When the document arrives, it arrives. How could someone have changed the document in between the sending and the receiving? To have altered the document, someone would have to have intercepted it and then changed it. This is a question of time. To intercept something and then change it, wouldn't that mean that an email for example, was hi-jacked, went to another address, and then sent on to the ultimate receiver? If so, there would be a record of where the document went in the SMTP headers, no? How does any of this make sense?
Great video! You helped me a lot!
How would we know what kind of hash functions to use to verify the received the document?
Very interesting as always. Thanks.
Assuming I want to send you a btc and I know your public key, but you don't know my public key.
So I will encrypt my transfer by your public key in ecc method then i will sign it with my private key. Is that correct?
When you recive btc, how can you varfiy it if you don't know my public key.? Is my public key sent with the encrypted transfer, and if it is, how do you know if it is my public key or something else?
boom perfectly timed, in the morning i have to give a viva exam on Internet an Network Security!
If you can link the video you recommend to watch in your video that would be great...
Nice a new computerphile vid
how will the verifier know what padding needs to be added before calculating the hash?
Could you guys perhaps do a video about the Dutch company Diginotar and especially what went wrong? You know a Dutch certificate issuing company that went bankrupt in 2011 after it was hacked. Maybe by the Iranian government or maybe by the NSA.
Private or Symmetrical Encryption means we must both somehow know the key and that's how we'd decrypt whatever it is in question..
Public or Asymmetric encryption means that me as the sender needs the public key, which everyone might know, of the receiver, so I can send the document there and the reciever will decrypts with the private key
Question then: If the signing off, or digital signature needs to happen by me as the sender with my private key, and is decryptable with my public key which is public knowledge, then can't anyone decrypt the signature with my public key, or is the message as a whole still sent to the public key of the sender??
Can you make a video about the Matrix Protocol?
Why should hashing ever lead to data compression? Don't computer already use the most efficent data compression method possible for regular communication?
How can the public key decrypt something that the private key encrypted? I thought the main idea was that whatever is encrypted with the public key can only be decrypted using the private key ?
It works both ways:
Encrypt with public key -> only decrypt through private key
Encrypt with private key -> only decrypt through public key
in my opinion, I think he's the best explainer of complicated topics.
I love computerphile's videos like this, but can you guys do me a favor, please add the English subtitle since many of your audience is not native English speaker (like me). Thanks a lot.
Where is the video on public key infrastructure he mentioned?
0:38 “Not that quick” as in “a thousand times slower than secret-key encryption such as with AES”.
would it by just a thousand times slower? if openssl can do 2000 private key operations per second with 2048 bit keys, that translates to about 480KiB/s throughput. With AES-128-GCM and AES-NI acceleration you should be getting something like 4GiB/s on the same CPU, so it's like 10 thousand times slower
@@666Tomato666 I remember seeing a factor of 3000 times, so you’re not too far off.
Also remember you’re not comparing like with like: hardware acceleration for AES versus none for RSA.
@@lawrencedoliveiro9104 oh, true, but hardware acceleration for AES is very common, hardware acceleration for RSA is in custom hardware with price tag in the 4+ digit range (garden variety smartcards are not accelerators, they barely achieve 1op/s)
Did anybody find the next continued video after this ?
so glad i no longer have to hear the sound of marker on paper, that screech gives me chills
Yeah, I love Numberphile, but the merger on butcher paper sound can get annoying. @(>~
Hi Guys,
When you sign an e-document (a contract) on a mobile device such as a tablet (with multiple signature boxes), do those signatures have timings that are part of a digital footprint (so-to-speak), that can be revisited at anytime to see when and what time a signature box was signed?
Thanks in advance.
Hello Rob,
this largely depends on the way this box is implememted. Usually these store a small amount of data such as the digital representation of the signature and a timestamp. Quite often this is not verified (even though possible via Timeservers). These basic signatures largely have only the effect of a tick in a checkbox.
@@WolkenDesigns
Thanks for your reply. Much appreciated. 👍🏻
I wish that it doesn't switch often and quick between Mike and the sketch. Everytime I want to read the sketch it. Around 4:00 and 4:30 for example
i didn't learn something new, but liked the video.
Well this is timely given the news about solarwinds
if someone was in the middle couldnt they trick the verifier?
For example, A(signer) sends document to verify to C(verifier) through B (B is in the middle. B forwards doc to C.)
A sends encrypted doc to C through B.
If B resigns the document with their private key, then when C will just verify it was signed with C's public key correct?
A little late to the party, but I think the explanation is this:
C tries to decrypt the document signed by B with A's public key. This won't yield the correct results, as it was not signed with A's private key.
Of course this means that the public key that C has from A is not tampered with. This is the job of PKI (Public Key Infrastructure)
Thx Mike!!!
Yep, cool beans.
Usual thing is negotiating the ciphers, then using RSA to encrypt the AES or whatever other symmetrical cipher key.
Best of both worlds.
Need to sort your audio compression out (DB dynamic range, as in the audio plugin you are using , not file size haha). The attack is way too long, for spoken word set to quickest possible so the first part of a sentence doesn't keeping jumping out of people's speakers. You're welcome.
Sorry, this is actually the inbuilt compressor in Mike's camera. It sparked some conversation afterwards :) (when I ask a Q, his gain climbs and by the time he answers the compressor crashes in and the gradually eases off the gain until next question...) -Sean
@@Computerphile :)
if someone was in the middle of a digital signature between person a and b couldnt they(person m) hash the email/text and sign it with their own key and send that to person b. Then when person b sends an email back to a, person m can hash the email and send a resigned version back to a?
Well, A would try to decrypt the email/file with B's public key, and it wouldn't work because it would be signed by M instead of B
When's he going to talk about hashing? /s
He does in the video
@@nilen r/wooosh
So I receive an email with a digital signature. How do I verify the authenticity of the signature in the email.
How do you know that the public key you use to decrypt the signature really belongs to who you think you're communicating with, and not some man-in-the-middle that identified as them instead?
If the MIIN does this signature verification with each of the parties, they won't know about it
Because of the digital certificates, that will contain the public key and also the digital signature
@@estebangomez1823 we can still emit false certificates too
how to solve the issue of somebody generating digital certificates on behalf of somebody and sharing ? ... that issued certificate won't represent the actual user :)
Great video!
I don't think this is the right forum to discus this but,
"Digital Signatures should not replace Wet or Electronic Signatures, rather they should complement traditional signing methods"
My doubt is, how does the verifier know the algorithm for hashing and padding?
Every get an answer to this? +1
Dude is so articulate
Have they made a video talking more in detail about PKI?
How would I go about this if I can't trust the client? Like in a game, a hacker may modify the map, how would I verify (as the server) that the hash of a map is correct? I want to also avoid the hacker from modifying the client to just send the same hash on the login.
Request the client to encrypt a part of their game data and send it to server, then send new data to the client and expect them to encrypt the data again. Server would be knowing the correct answer, but the modified client would need to keep track of what answer it should be expecting.
That’s called “remote attestation”. It’s impossible to trust a PC that is under the control of someone you don’t trust. Unless it has something like a TPM chip in it.
And that gets controversial.
Doc should start his own channel
so what is the best software applications to protect your computer?, and could you disable a computer if you had its IP?
1) Avoid using Microsoft Windows.
@Dusty 99 If avoiding unnecessarily complex OSes is “lazy”, I don’t wanna be hardworking!
@@lawrencedoliveiro9104 Most people don't have a choice about this, as some of the software people need is proprietary Windows stuff. And Apple like their customers' money just a bit too much.
@@WujuStyler So far the only ones insisting on using Windows are gamers.
I will say one the I first time watched your video almost 5 year back in 2016 and your look didn't changed from 2016 to 2021 now
12 people actually transmit all their information in clear text
I can't wait to see the PKI video
Hi, first thanks. What is RSA? Does it do the hash claculation?
No, RSA deals with the public/private keys, SHA256 deals with the hashes.
How do we know the certification authorities aren't controlled by the likes of the NSA, for example?
Mike always looks like he's about to burst out laughing
Thank you sir.
This man understands the importance of a naked room.
Why are your videos not translated?
If I encrypt the digital signature with my private key, then the receiver decrypts the digital signature with the public key, couldnt anyone in the middle just decrypt it? Seems unsecure? Am I missing something?
A bit late but
I believe the client also sents its public key to the server. So the server encrypts the response with the client pub key and only the client can decrypt it with its private key
Arent hashes one way functions how would you decrypt that or know what the hash should look like after its been sent. Basically if you can't decrypt a hash how does this integrity check really work? Like to me this is really confusing you send the hash to the "Verifier" but can't decrypt it how do you know it wasn't modified. I suppose if you just hash a copy but that hash copy could get modified! (This comment is probably mind boggling especially cause I'm not sure how I should ask this question"
Arent hashes one way functions how would you decrypt that
@@Ort618 I was trying to understand how assymetric encryption (Public & private key) worked.
I understand it now. Pretty simple when I realized both the client and server would participate.
But public key encrypts and not decrypts. Isn't it?
Private key decrypts and public key encrypts. But in this video how's public key decrypting data?
Is that symmetric key? Then there's only 1 key and it doesn't fall under asymmetric encryption.
You are talking about confidentality. Public keys can encrypt and decrypt, the same as private keys. Encryting with a private keys doesn't make sense to ensure confidentiality but you could use it to verify that a person is really who tell it is.
what if the document send contains some sensitive data and we want to make sure that no middle man or attacker can read this?
So why couldn't someone in the middle just send you a different document, a new hash and use a new private key that decrypts with the server's public key?
You can't really create a private key that decrypts with the original server's public key. They're generated together and can't be generated separately
I am comfortable with the _concept_ of "digital signatures" but something has always troubled me about the _term._ I just never could put a finger on it... until now.
A "signature" is something you _generate_ every time you use it. You do not carry a stack of them with you to attach to documents. You do not even need to carry the tools (a pen), someone may lend you one. The one thing you _do_ carry (the muscle memory) can be considered an _algorithm._
What we call "digital signatures" is probably better described as "digital stamps".
I don't quite understand what you're saying. Your computer does generate a new digital signature every time it sends out a new message that requires it.
@@trogdorstrngbd Do you really? I have been "digitally signing" Windows drivers for _years._ You generate the signature _once,_ then attach it to every instance. Embedded firmware tends to be even worse: you do not even generate a new signature for every release. You get _one_ for a company and every firmware release from that company is "signed" with the same one.
As I say, they are more like rubber stamps than "signatures".
@@olmostgudinaf8100 I see what you're getting at now. I was focusing on that a new signature is generated every time for a _new_ file, whereas you're focusing on the signature being the same (and therefore more like a stamp) when the _same_ file is being distributed over and over to different computers. Note that I am making a distinction between the signature (different for each file) and the Code Signing Certificate (which the company uses over and over until it expires).
People need to stop explaining signing as "encryption with private key" and verification as "decryption with the public key", at least if you want to explain signatures in general.
This kinda works for textbook RSA (where the encryption and decryption are just exponentiation), but not for most other signature schemes. Several of those don't even have a corresponding encryption scheme.
Actually, I think they all do. Wasn’t DSA designed as an alternative to RSA that was only useful for signatures, not encryption? And didn’t somebody discover that you could use it for encryption, albeit very clumsily and inefficiently?
@paulo Ebermann where can I go study how Signatures really work?
What are "most signature schemes" that don't use public/private keys?
@@Theferg1 There's an excellent textbook by Jonathan Katz on that topic simply called "Digital Signatuers". Another book by Katz "Introduction to Modern Cryptography" would be a better start if you're new to crypto, though!
Thank you, happy to see someone else comment this! Exactly my thoughts! I don't know understand why this analogy is still being used either.
I prefer the infinitely long printer paper.