lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
caa022c4d8ae3ad9b1daad19289ee988d22bb65d
hpr-knowledge-base/hpr_transcripts/hpr1640.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

153 lines
15 KiB
Plaintext
Raw Blame History

Episode: 1640
Title: HPR1640: Symmetric vs. Asymmetric Encryption
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1640/hpr1640.mp3
Transcribed: 2025-10-18 06:13:35
---
its Friday 14th of November 2014. This in HBR episode 1640 entitled Symmetric VS. A Symmetric
encryption and in part of the series, privacy and security. It is hosted by AYUKA and in
about 21 minutes long. Feedback can be sent to Wilnick at Wilnick.com or by leaving a comment
on this episode. The summary is this episode looks the two kinds of encryption keys and
why to use each one. This episode of HBR is brought to you by Ananasthos.com. Get 15% discount
on all shared hosting with the offer code HBR15. That's HBR15. Better web hosting that's
honest and fair at Ananasthos.com.
Hello, this is AYUKA, welcoming you to Hacker Public Radio and another on our ongoing
series on security and privacy. This is going to be an episode where we look at some basics
of encryption is Symmetric VS. A Symmetric. So that's going to set us up to get into some
other interesting things like SSL certificates and all of that. Now, previously we looked
at public key encryption, which is also called asymmetric encryption because it uses two
different keys for the encryption and decryption. This allows us to solve one of the biggest
problems in secure encrypted communication, which is key distribution. Because the public
key can be freely distributed, you don't need to maintain security around the process
of distributing keys. Symmetric encryption, on the other hand, relies on a shared key
that is used for both encryption and decryption. An example of this is the one time pad where
you print it up a pad of paper that contains various keys and each one was used only once.
As long as no one can get the key, it's unbreakable. But the big weakness with those is key distribution.
How do you get the one time pad into the hands of your correspondent? And you would need
to do this with separate one time pads for each person you needed to communicate with. These
are the kinds of problems that made asymmetric encryption so popular. Finally, symmetric key
crypto cannot be used to reliably create a digital signature. The reason should be clear.
If I have the same secret key you used to sign a message, I can alter the message, use
the shared secret key myself, and claim that you sent it. There is a downside, though,
to asymmetric encryption. It requires a good deal more in computational resources to
perform asymmetric encryption and decryption. Symmetric crypto, on the other hand, is much
more efficient. That is why in practice, the two are actually combined. When you use GPG
to encrypt a message, you use the public key if the person you are writing to. Well, that
much we already covered. But what are you encrypting? It turns out you are encrypting the symmetric
key that was actually used to encrypt the message itself. Yes, a symmetric key is used
for efficiency, but we solve the key distribution problem by using an asymmetric key to encrypt
the symmetric key. So when someone sends you a message using your public key, you use
your private key to decrypt the symmetric key, then use the symmetric key to decrypt the
message itself. This is the best combination of security and efficiency in your communication.
Now, there are standards for all of these things, right? So let's take a look at some of
the symmetric encryption standards. First one is something called DES or data encryption
standard. And this was the first popularly used one. It was developed by IBM for the US
government. Without going into a highly technical description, DES employed some techniques that
pop up frequently in cryptography, the block cipher and XOR. In simple terms, a block cipher
operates on a fixed length block of bits to transform them in some way. And XOR, which
stands for exclusive or, provides one of the most common transformations. XOR or exclusive
or, in logic, means that either A is true or B is true, but not both. If used in circuit
design, if either A or B is sending a signal, the signal goes through. But if both are sending
a signal, nothing goes through. When used in cryptography, what XOR does is use a key that is
XOR with the message block in such a way that if both the message and the key have a zero in that
position, the result is zero. If the message has a one and the key has a zero, the result is a one.
If the message has a zero and the key has a one, the result is a one. And if the message has a one
and the key has a one, the result is zero. One way to think about it is that it is essentially
binary addition without the carry part. In binary addition, one plus one equals ten, which is
the binary form of two, so you write down the zero and carry the one. In XOR, you just throw away
the carry part altogether. Understanding how this works begins with the coding. Recall that we
distinguish between codes and ciphers earlier in this series. A code is just a one-to-one transform
of information from one scheme to another. An example is Morse code. There's nothing secret
about it. And a transformation usually is to render information in a way that fits the medium.
In computers, everything is once and zeros. So there is a code that takes our letters and turns
them into binary digits. In fact, there are several, but for the purpose of illustration, I will use
ASCII, which is the American standard code for information interchange. In ASCII, there is a numerical
equivalent for every letter. I will do a very simple example, the word cat. I can see from a table
on my Wikipedia page for ASCII, on I have links to all of this in the show notes.
That c is 110011. A is 110011 and t is 11101000. So the word cat is represented in binary is 1100111110000110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100110011001100
and by a similar process i can find that dog is represented in binary and decided to happen 10011001100 references
we can find that dog that means we can find it when we find that dog that we discovered the dog that we like
I can find that dog is represented in binary as 1, 1, 0, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1.
What happens when I explore them?
Well, this is probably easier if you have it written down or I have it on my web page
and the link is in the show notes, but position by position.
The message has a one in the first position. The key has a one in the first position.
The result is a zero.
The message has a one in the second position. The key has a one in the second position.
The result is zero.
The message has a zero in the third position,
So does the key, so the result is again zero, and so on.
Now, the reason this is useful as an encryption message is that if you X or the key with the result, you get back the original message.
I would suggest you either do an example like I've done, or you know, check out an explanation of it somewhere,
or you can just trust me on this one. But yes, if you X or the key with the result, you get back the original message.
Now, in constructing an encryption algorithm, an algorithm is a series of discrete steps that you go through.
So you would take a number of such methods and combine them and get something that is secure.
So in the data encryption standard, the block size is 64 bits. The key is also 64 bits, except that one bit from each byte was devoted to parity checking.
So the effective key length is actually 56 bits.
In creating the DES standard, you would see that processes were repeated for multiple rounds of transformation, which is common.
So the final output could be the result of multiple XORs and other such stuff.
But the reason it is symmetric is, like we saw with the XOR process. If you have the key, you can reverse all the steps in the algorithm and get back the original message.
Now, DES is really the beginning of modern cryptography.
Bruce Schneier said about it, DES did more to galvanize the field of crypts analysis than anything else. Now there was an algorithm to study.
DES became the standard against which all other algorithms would be compared. But it was not the final word by any means.
As we have seen previously, this is an arms race, and methods and technology continually involve.
DES was found to have some weaknesses, particularly in the key length.
56 bits was just too small as computers got better. The NSA had in fact tried to limit it to 48 bits, but resistance from the cryptographic community resulted in this slightly higher length.
Nevertheless, in 1999, a DES key was cracked by brute force methods in 22 hours, and the standard has since been removed.
Triple DES attempts to solve the weaknesses of the 56-bit key in DES by using three independent 56-bit keys, which are used in a repeated process.
Each block of the message is encrypted three times, once each for the three keys.
If done this way, it is generally regarded as secure, and NIST regards it as safe through the year 2030.
On the other hand, there are theoretical attacks, which, though not considered feasible with current technology, have led to a new standard.
The next step, the Advanced Encryption Standard, AES.
The Advanced Encryption Standard was adopted by NIST in 2001. This is now considered the best available symmetric encryption.
It employs a cipher called Rhindall, which is a play on the name of the two inventors, Vincent Ryman and Joan Damon.
So they combine those, I think, Dutch, so spelled R-I-J-N-D-A-E-L.
Now, this version of Rhindall used in AES is a block size of 128 bits, and key sizes of 128, 192, or 256 bits.
And in general, it can be referred to as AES128, AES192, or AES256, depending on the key length, and the most secure would be AES256.
As with other symmetric ciphers, each block is subjected to repeated rounds of transformation to get to the encrypted text.
Now, one thing you may have noticed in the above discussion of symmetric encryption is the lack of discussion of entropy in the process.
It is not needed here, because the only thing that matters is that the key is agreed, not that it is random.
But in asymmetric key encryption entropy is essential. It is the combination of the entropy with the one-way function that makes it work.
One-way functions, as you may recall from our earlier discussion, are functions that can easily be computed in one direction, but are computationally infeasible in reverse.
Right now, there appear to be three types that are known and can be used in cryptography.
But we should recognize research is always ongoing, and other types of things could come up.
So, what are the three that we know about? The first one is multiplying large prime numbers. That's what RSA does.
The second one is discrete logarithm, and the third one is elliptic curve.
Now, I am not going to dig into the mathematics. They're more than I can handle on all of these.
You probably need something like a PhD in math to make sense of this stuff, or maybe I'm just not that bright.
But here's the basics of each. Prime number factorization, which, as I said, that's used in RSA encryption.
Two large prime numbers are found and multiplied together to get a product.
Multiplying them together is simple for a computer, but decomposing the product to the two primes you started with is computationally infeasible, so far as we know.
Of course, since RSA is widely used, it has sparked intense interest in approaches to factorization, so this may get weakened over time.
And of course, with improvement in computer technology, what now appears to be a difficult problem may become much simpler in the future.
But for now, RSA appears to be secure.
The role of entropy in this case lies in finding the prime numbers. Generally, they should each be in the neighborhood of 1024 digits.
And for security, they should not only be random, but not near each other.
With the large prime numbers found and multiplied, the product is used to generate other prime numbers, which help form the public key and the private key.
The point here is that these are just two keys, such that one key cannot decrypt anything it itself encrypted, but can decrypt anything it's complimentary key encrypted.
So you could, in theory, use either one as the private key, it's not particularly privileged.
In fact, using the public key to decrypt something encrypted with the private key is the principle behind digital signatures, which we will discuss in our next lesson.
Now, discrete logarithm involves finding an integer that solves a logarithmic equation.
This is the approach used in El Gamel encryption and the Diffie-Hellman key exchange among many uses.
Choosing the particular numbers to logarithmic equation is where the entropy comes in.
Diffie-Hellman key exchange is used for perfect forward secrecy among other uses, and that's definitely something we will eventually get around to discussing.
Elliptic curve cryptography builds on the discrete logarithm approach.
A curve with the right properties is chosen, then a point on that curve, and the problem becomes finding the discrete logarithm of that point.
Generally, the curve is chosen from a small number of appropriate curves that have been agreed upon by the crypto community.
NIST has recommended 15 curves as suitable.
Entropy enters when one chooses the point on the curve that will be used.
Elliptic curve cryptography is usually faster and more efficient than RSA, or general discrete logarithm approaches.
However, it now appears that at least one of the curves selected was chosen by NSA to have deliberate weaknesses so that particular curve is now deprecated.
The larger question of whether any NIST standard can be trusted given the NSA's involvement is still open.
So, this wraps up a somewhat more technical discussion of encryption methods, which I hope will set us up to look at some other security problems and solutions.
So, this is Ahuka signing off for Hacker Public Radio and reminding you as always to support FreeSoftware.
Bye-bye!
You've been listening to Hacker Public Radio at Hacker Public Radio.org.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by an HPR listener like yourself.
If you ever thought of recording a podcast, then click on our contribute link to find out how easy it really is.
Hacker Public Radio was founded by the digital dog pound and the Infonomicon Computer Club and is part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly, leave a comment on the website or record a follow-up episode yourself.
Unless otherwise status, today's show is released under Creative Commons, Attribution, Share a Life, 3.0 license.
Reference in New Issue View Git Blame Copy Permalink