Comments by "Lawrence D’Oliveiro" (@lawrencedoliveiro9104) on "7 Cryptography Concepts EVERY Developer Should Know" video.

  1. Technically, “symmetric” encryption is where the encryption and decryption algorithms are the same (e.g. exclusive-or stream ciphers). Here we have ones where the algorithms are different (inverses of each other), but the key is the same. Ones where the same key is used for both are called “secret-key” encryption, where “secret” is used in the sense of “knowledge that is carefully controlled”. I like to refer to RSA and similar algorithms as “key-pair” encryption, since that is less unwieldy than “public-private key pair”. Key-pair encryption is typically about 1000 times slower than secret-key encryption. SSL/TLS (the encryption protocol used by HTTPS, but not exclusively by it) negotiates the secret session key using something called Diffie-Hellman key exchange. This has the interesting property of offering “forward secrecy”: even if someone had full access to the decrypted session-key-negotiation packet exchange, they would be unable to work out what the session key was.
    2
  2. Even with SRP, anybody who gains unauthorized access to the hashed password on the server will be able to impersonate the server.
    1
  3.  @tobiasb6200  The server has to have some information to allow it to authenticate itself to the user. Anybody getting hold of that information can impersonate the server. QED.
    1
  4.  @tobiasb6200  How does your user know they’re connecting to the right server?
    1
  5. You can encrypt arbitrary long messages with any decent encryption algorithm using any key.
    1
  6.  @vishalmishra3046  Consider that there is no limit on the length of a TLS certificate.
    1
  7. Yes. For example, I saw a PHP password algorithm using MD5, which sounds bad. But it iterates the hash 8000 times, which is good. Not suitable for cryptographic message hashes, but good for password hashes.
    1
  8. They have to get it via a trusted channel somehow. It’s not a large amount of data.
    1
  9. Quantum computers that can run Shor’s algorithm are vapourware, and destined to remain that way indefinitely.
    1
  10. It would take you longer than the age of the Universe to come up with a hash collision.
    1