1 00:00:00,000 --> 00:00:01,760 All right, everybody, get ready 2 00:00:01,760 --> 00:00:03,800 because we are diving deep today 3 00:00:03,800 --> 00:00:06,600 into the world of cryptanalytic attacks. 4 00:00:06,600 --> 00:00:08,760 Ooh, cryptanalytic attacks. 5 00:00:08,760 --> 00:00:10,720 Yeah, we're talking about how people try to break codes 6 00:00:10,720 --> 00:00:11,720 and expose secrets. 7 00:00:11,720 --> 00:00:13,520 So, kind of like digital lock picking. 8 00:00:13,520 --> 00:00:14,760 Exactly, it's like cracking a save, 9 00:00:14,760 --> 00:00:16,520 but instead of like lock picks and all that stuff, 10 00:00:16,520 --> 00:00:18,640 it's all about math algorithms and... 11 00:00:18,640 --> 00:00:19,800 A lot of cleverness. 12 00:00:19,800 --> 00:00:21,160 Yeah, a lot of cleverness. 13 00:00:21,160 --> 00:00:22,960 If you ever thought about like how someone might try 14 00:00:22,960 --> 00:00:24,720 to read your secret messages... 15 00:00:24,720 --> 00:00:26,920 Yeah, it's kind of scary when you think about it. 16 00:00:26,920 --> 00:00:27,800 It is. 17 00:00:27,800 --> 00:00:29,680 And to help us understand all of this, 18 00:00:29,680 --> 00:00:31,640 we have some excerpts from an article 19 00:00:31,640 --> 00:00:34,240 all about cryptanalytic attacks. 20 00:00:34,240 --> 00:00:35,640 Okay. 21 00:00:35,640 --> 00:00:38,640 By Krishna Kumar, Mahadevim. 22 00:00:38,640 --> 00:00:39,840 That name rings a bell. 23 00:00:39,840 --> 00:00:42,040 Well, he's kind of a big deal in cybersecurity 24 00:00:42,040 --> 00:00:44,360 over 28 years of experience. 25 00:00:44,360 --> 00:00:46,520 And he's written like a ton of books on the subject. 26 00:00:46,520 --> 00:00:48,800 Wow, so this guy knows his stuff. 27 00:00:48,800 --> 00:00:50,480 Yeah, 98 books to be exact. 28 00:00:50,480 --> 00:00:52,080 98, wow. 29 00:00:52,080 --> 00:00:53,680 So, the stuff he's saying in this article, 30 00:00:53,680 --> 00:00:56,040 like it's probably stuff that's actually used 31 00:00:56,040 --> 00:00:56,840 out there in the field. 32 00:00:56,840 --> 00:00:57,840 Real world stuff. 33 00:00:57,840 --> 00:00:59,280 Yeah, real world stuff. 34 00:00:59,280 --> 00:01:00,840 So let's talk about the basics here. 35 00:01:00,840 --> 00:01:03,000 We're talking about cryptanalytic attacks. 36 00:01:03,000 --> 00:01:07,160 So basically trying to decrypt a secret message, 37 00:01:07,160 --> 00:01:08,840 but without the key. 38 00:01:08,840 --> 00:01:10,800 So it's like you're trying to open up a treasure chest 39 00:01:10,800 --> 00:01:12,200 but you don't know the combination. 40 00:01:12,200 --> 00:01:14,520 Right, you gotta figure out how to pick the lock. 41 00:01:14,520 --> 00:01:15,520 Exactly. 42 00:01:15,520 --> 00:01:17,480 And there are a lot of different ways to do this. 43 00:01:17,480 --> 00:01:18,320 I bet. 44 00:01:18,320 --> 00:01:20,040 Some of them are actually surprisingly straightforward. 45 00:01:20,040 --> 00:01:22,000 Like this thing called the brute force method. 46 00:01:22,000 --> 00:01:25,000 brute force, that sounds intense. 47 00:01:25,000 --> 00:01:27,520 Yeah, it sounds kind of like an action movie or something, right? 48 00:01:27,520 --> 00:01:28,680 Like breaking down a door. 49 00:01:28,680 --> 00:01:31,280 It's kind of like a battering ram just ramming into it again 50 00:01:31,280 --> 00:01:32,280 and again and fill it. 51 00:01:32,280 --> 00:01:32,920 I'll see it gives. 52 00:01:32,920 --> 00:01:33,760 Yeah. 53 00:01:33,760 --> 00:01:37,200 So brute force is basically like you're trying every 54 00:01:37,200 --> 00:01:42,080 single possible key combination until you get the right one. 55 00:01:42,080 --> 00:01:45,840 Okay, so just like trying every number on a combination lock. 56 00:01:45,840 --> 00:01:46,840 Yeah, exactly. 57 00:01:46,840 --> 00:01:49,280 Like if your password is password 123, 58 00:01:49,280 --> 00:01:50,960 which you should not be using that password. 59 00:01:50,960 --> 00:01:52,000 Ever use that password. 60 00:01:52,000 --> 00:01:53,320 Don't use that password. 61 00:01:53,320 --> 00:01:56,480 A brute force attack would just be trying every single 62 00:01:56,480 --> 00:01:59,240 combination of letters numbers symbols. 63 00:01:59,240 --> 00:02:00,800 Until it hits password 123. 64 00:02:00,800 --> 00:02:03,240 Until it lands on exactly that. 65 00:02:03,240 --> 00:02:06,280 And the thing is computers, they can do this really, 66 00:02:06,280 --> 00:02:07,200 really fast. 67 00:02:07,200 --> 00:02:10,040 Yeah, they can try millions of combinations per second, right? 68 00:02:10,040 --> 00:02:11,040 Millions billions. 69 00:02:11,040 --> 00:02:13,720 They can try a ton of combinations per second. 70 00:02:13,720 --> 00:02:14,400 What? 71 00:02:14,400 --> 00:02:17,600 So it actually works, especially if you have like a really weak, 72 00:02:17,600 --> 00:02:18,680 simple password. 73 00:02:18,680 --> 00:02:21,720 If you have a really strong password that's really long and complicated, 74 00:02:21,720 --> 00:02:23,160 then it could take a long time. 75 00:02:23,160 --> 00:02:24,360 Then it takes much longer. 76 00:02:24,360 --> 00:02:25,960 Yeah, maybe even like years or something. 77 00:02:25,960 --> 00:02:27,520 Wow, to actually crack it. 78 00:02:27,520 --> 00:02:29,280 So it's kind of like a numbers game. 79 00:02:29,280 --> 00:02:31,520 The longer your password, the more secure it is. 80 00:02:31,520 --> 00:02:32,040 Exactly. 81 00:02:32,040 --> 00:02:34,320 The longer and the more random your password. 82 00:02:34,320 --> 00:02:35,080 The better. 83 00:02:35,080 --> 00:02:36,880 The more difficult it is to actually crack it. 84 00:02:36,880 --> 00:02:37,640 Makes sense. 85 00:02:37,640 --> 00:02:40,720 That's why it's always good to have a strong unique password 86 00:02:40,720 --> 00:02:41,920 for each of your accounts. 87 00:02:41,920 --> 00:02:43,640 Good advice. 88 00:02:43,640 --> 00:02:45,480 All right, so we talked about brute force, 89 00:02:45,480 --> 00:02:48,240 which is all about like power just trying every combination. 90 00:02:48,240 --> 00:02:48,600 Right. 91 00:02:48,600 --> 00:02:51,200 But what about something a little more subtle, a little more sneaky? 92 00:02:51,200 --> 00:02:52,400 I like sneaky. 93 00:02:52,400 --> 00:02:56,040 The article mentions Cypher text only attacks. 94 00:02:56,040 --> 00:02:57,200 Cypher text only. 95 00:02:57,200 --> 00:02:59,400 Yeah, what do you think that's all about? 96 00:02:59,400 --> 00:03:02,560 Well, Cypher text, I think that's like the scrambled message, right? 97 00:03:02,560 --> 00:03:04,280 Yeah, it's the encrypted message. 98 00:03:04,280 --> 00:03:08,440 So maybe Cypher text only means you only have the scrambled message 99 00:03:08,440 --> 00:03:10,440 and you don't have anything else to go on. 100 00:03:10,440 --> 00:03:11,840 That's exactly what it is. 101 00:03:11,840 --> 00:03:14,960 So imagine like you're trying to solve a jigsaw puzzle. 102 00:03:14,960 --> 00:03:15,440 Oh. 103 00:03:15,440 --> 00:03:17,200 But you don't have the picture to look at. 104 00:03:17,200 --> 00:03:18,360 Ah, that's tough. 105 00:03:18,360 --> 00:03:20,560 You just have all the pieces that are scrambled. 106 00:03:20,560 --> 00:03:22,080 That sounds like a nightmare. 107 00:03:22,080 --> 00:03:24,320 Yeah, that's what a Cypher text only attack is like. 108 00:03:24,320 --> 00:03:26,680 So you're trying to decipher a secret message, 109 00:03:26,680 --> 00:03:29,480 but you have no idea what it's even supposed to say. 110 00:03:29,480 --> 00:03:30,000 Exactly. 111 00:03:30,000 --> 00:03:31,440 So how do you even start? 112 00:03:31,440 --> 00:03:31,800 Right. 113 00:03:31,800 --> 00:03:35,080 Well, you'd have to look for any kind of patterns and any repetitions. 114 00:03:35,080 --> 00:03:36,080 You're just going on, believe? 115 00:03:36,080 --> 00:03:39,520 Yeah, maybe some kind of weird statistical stuff that's going on. 116 00:03:39,520 --> 00:03:41,640 Any hints about the structure of the code. 117 00:03:41,640 --> 00:03:42,000 Yeah. 118 00:03:42,000 --> 00:03:45,280 But thankfully, with modern encryption, this kind of attack 119 00:03:45,280 --> 00:03:47,080 is really, really hard to pull off. 120 00:03:47,080 --> 00:03:48,320 Oh, that's good to know. 121 00:03:48,320 --> 00:03:50,760 Yeah, modern encryption is pretty strong. 122 00:03:50,760 --> 00:03:52,200 Even if you don't have the key. 123 00:03:52,200 --> 00:03:55,400 So even without the key, the messages are still pretty safe. 124 00:03:55,400 --> 00:03:56,960 Yeah, they are. 125 00:03:56,960 --> 00:03:59,200 But let's move on to a different kind of attack. 126 00:03:59,200 --> 00:04:03,240 This one is called a known plain text attack. 127 00:04:03,240 --> 00:04:05,240 Known plain text. 128 00:04:05,240 --> 00:04:07,880 So that means you know something about the original message. 129 00:04:07,880 --> 00:04:10,560 Yeah, this time it's like you do have a piece of the puzzle. 130 00:04:10,560 --> 00:04:13,600 OK, so you have the scrambled message, the Cypher text, 131 00:04:13,600 --> 00:04:16,440 but you also have a part of the original message. 132 00:04:16,440 --> 00:04:16,920 You got it. 133 00:04:16,920 --> 00:04:19,040 So you might have like the encrypted message, 134 00:04:19,040 --> 00:04:20,960 and maybe a little bit of the original message. 135 00:04:20,960 --> 00:04:21,880 Like a clue. 136 00:04:21,880 --> 00:04:23,000 Yeah, like a clue. 137 00:04:23,000 --> 00:04:25,160 And that can give you a big advantage in figuring out 138 00:04:25,160 --> 00:04:25,640 the whole thing. 139 00:04:25,640 --> 00:04:26,160 Oh, I bet. 140 00:04:26,160 --> 00:04:29,800 Like having a few pieces already in place in a jigsaw puzzle. 141 00:04:29,800 --> 00:04:30,160 Exactly. 142 00:04:30,160 --> 00:04:31,400 Give you a starting point. 143 00:04:31,400 --> 00:04:32,280 It does. 144 00:04:32,280 --> 00:04:34,840 And there's some really cool historical examples of this. 145 00:04:34,840 --> 00:04:36,160 Oh, like what? 146 00:04:36,160 --> 00:04:37,760 Remember the Enigma machine? 147 00:04:37,760 --> 00:04:38,960 The one from World War II? 148 00:04:38,960 --> 00:04:40,960 Yeah, the Germans used it in World War II. 149 00:04:40,960 --> 00:04:41,880 I've heard of that. 150 00:04:41,880 --> 00:04:46,520 And the allies, they were able to intercept some of the messages. 151 00:04:46,520 --> 00:04:49,560 And sometimes they actually knew part of the original message 152 00:04:49,560 --> 00:04:50,760 like weather reports. 153 00:04:50,760 --> 00:04:54,280 Oh, so they knew what some of the messages were supposed to say. 154 00:04:54,280 --> 00:04:55,280 They did. 155 00:04:55,280 --> 00:04:58,240 And that actually helped them to crack the Enigma code. 156 00:04:58,240 --> 00:04:58,760 Wow. 157 00:04:58,760 --> 00:05:02,880 So known plain text attacks were used to help in the war. 158 00:05:02,880 --> 00:05:03,960 That's what they say. 159 00:05:03,960 --> 00:05:05,320 And that actually shortened the war. 160 00:05:05,320 --> 00:05:06,760 And it probably saved a lot of lives. 161 00:05:06,760 --> 00:05:07,760 That's amazing. 162 00:05:07,760 --> 00:05:08,920 Yeah. 163 00:05:08,920 --> 00:05:11,360 OK, let's move on to another type of attack. 164 00:05:11,360 --> 00:05:12,200 OK. 165 00:05:12,200 --> 00:05:14,680 This one is called frequency analysis. 166 00:05:14,680 --> 00:05:17,800 Frequency analysis that sounds a little bit more technical. 167 00:05:17,800 --> 00:05:18,800 It does. 168 00:05:18,800 --> 00:05:21,040 And it actually has to do with the way that we use language. 169 00:05:21,040 --> 00:05:22,240 OK, tell me more. 170 00:05:22,240 --> 00:05:25,320 So in any language, certain letters, 171 00:05:25,320 --> 00:05:27,360 they appear more often than others. 172 00:05:27,360 --> 00:05:27,680 Right. 173 00:05:27,680 --> 00:05:29,920 Like an English E is the most common letter. 174 00:05:29,920 --> 00:05:30,440 Exactly. 175 00:05:30,440 --> 00:05:31,400 E is a really common. 176 00:05:31,400 --> 00:05:34,800 When you've got like T and A are pretty common, too. 177 00:05:34,800 --> 00:05:38,920 And so if you're looking at a secret message, just scrambled message. 178 00:05:38,920 --> 00:05:42,720 And you see like one symbol appearing way more than any other symbol. 179 00:05:42,720 --> 00:05:44,800 You might guess that it stands for E. 180 00:05:44,800 --> 00:05:45,440 Exactly. 181 00:05:45,440 --> 00:05:48,240 It's like imagine an alien, right? 182 00:05:48,240 --> 00:05:49,880 Intercepts a message from Earth. 183 00:05:49,880 --> 00:05:50,480 OK. 184 00:05:50,480 --> 00:05:53,760 And they see that the letter X is like the most common letter. 185 00:05:53,760 --> 00:05:55,320 They might think X stands for E. 186 00:05:55,320 --> 00:05:55,600 Right. 187 00:05:55,600 --> 00:05:57,960 They might think, OK, it is weird earth language. 188 00:05:57,960 --> 00:05:59,600 They use X for E. 189 00:05:59,600 --> 00:06:00,560 That's pretty clever. 190 00:06:00,560 --> 00:06:03,520 So by looking at how often different symbols appear, 191 00:06:03,520 --> 00:06:05,040 you can start to crack the code. 192 00:06:05,040 --> 00:06:05,640 Exactly. 193 00:06:05,640 --> 00:06:08,720 You can start to guess what they substituted for what letter. 194 00:06:08,720 --> 00:06:11,040 It's not foolproof, but it's a good starting point. 195 00:06:11,040 --> 00:06:12,320 Yeah, it's a good starting point. 196 00:06:12,320 --> 00:06:13,560 Not always going to work. 197 00:06:13,560 --> 00:06:16,280 But for simpler codes, it can be really useful. 198 00:06:16,280 --> 00:06:17,280 Awesome. 199 00:06:17,280 --> 00:06:24,000 So we've got brute force, Cypher text, only, known plain text, and frequency analysis. 200 00:06:24,000 --> 00:06:25,000 All right. 201 00:06:25,000 --> 00:06:26,000 So we've got all of those. 202 00:06:26,000 --> 00:06:28,800 But now let's talk about something a little bit more devious. 203 00:06:28,800 --> 00:06:30,600 Chosen Cypher text attacks. 204 00:06:30,600 --> 00:06:33,200 Ooh, chosen Cypher text. 205 00:06:33,200 --> 00:06:34,480 Yeah, what do you think that means? 206 00:06:34,480 --> 00:06:38,440 Well, chosen that makes it sound like the attacker is choosing something specific. 207 00:06:38,440 --> 00:06:39,680 Yeah, they're getting involved somehow. 208 00:06:39,680 --> 00:06:43,880 The Cypher text is the encrypted message, so maybe they're choosing a specific encrypted 209 00:06:43,880 --> 00:06:45,800 message to a tap. 210 00:06:45,800 --> 00:06:46,920 You're on the right track. 211 00:06:46,920 --> 00:06:52,160 So basically what happens is the attacker tries to trick the recipient into decrypting 212 00:06:52,160 --> 00:06:56,200 a message that they've modified in some way. 213 00:06:56,200 --> 00:06:59,760 Oh, so they're tampering with the message before it gets decrypted. 214 00:06:59,760 --> 00:07:00,760 Exactly. 215 00:07:00,760 --> 00:07:01,760 They're tampering with it. 216 00:07:01,760 --> 00:07:05,000 And by doing that, they're hoping that it'll leak some information about the key. 217 00:07:05,000 --> 00:07:07,880 So it's like setting a trap for the decryption process. 218 00:07:07,880 --> 00:07:11,320 Yeah, like a trap to see if you can get it to reveal some of its secrets. 219 00:07:11,320 --> 00:07:12,320 Clever. 220 00:07:12,320 --> 00:07:15,000 So chosen Cypher text attacks. 221 00:07:15,000 --> 00:07:18,680 They really take advantage of this concept called maliability. 222 00:07:18,680 --> 00:07:19,680 Maliability. 223 00:07:19,680 --> 00:07:20,680 That's a new one. 224 00:07:20,680 --> 00:07:24,480 So basically it's like how easy is it to manipulate an encryption system? 225 00:07:24,480 --> 00:07:25,480 Oh, OK. 226 00:07:25,480 --> 00:07:27,640 You can change the Cypher text a little bit. 227 00:07:27,640 --> 00:07:28,640 Uh-huh. 228 00:07:28,640 --> 00:07:30,880 And then see how the point text the decrypt a message changes. 229 00:07:30,880 --> 00:07:32,520 You can start to figure out the key. 230 00:07:32,520 --> 00:07:33,680 You can start to figure things out. 231 00:07:33,680 --> 00:07:34,680 Yeah. 232 00:07:34,680 --> 00:07:35,680 That's sneaky. 233 00:07:35,680 --> 00:07:36,680 It is sneaky. 234 00:07:36,680 --> 00:07:37,680 It's a very sneaky type of attack. 235 00:07:37,680 --> 00:07:41,080 So we've got brute force, sneaky attacks. 236 00:07:41,080 --> 00:07:42,080 What else is there? 237 00:07:42,080 --> 00:07:45,080 Well, let's talk about something called implementation attacks. 238 00:07:45,080 --> 00:07:46,080 Implementation attacks. 239 00:07:46,080 --> 00:07:47,280 That sounds a little different. 240 00:07:47,280 --> 00:07:48,280 It is a little different. 241 00:07:48,280 --> 00:07:52,080 So with these attacks, you're not actually attacking the code itself. 242 00:07:52,080 --> 00:07:53,080 OK. 243 00:07:53,080 --> 00:07:55,280 You're attacking the systems that are running the code. 244 00:07:55,280 --> 00:07:56,280 Oh, I see. 245 00:07:56,280 --> 00:07:59,840 So like finding a weak spot in the way the encryption is set up. 246 00:07:59,840 --> 00:08:00,840 Exactly. 247 00:08:00,840 --> 00:08:02,000 So it's like a magic in a bank. 248 00:08:02,000 --> 00:08:03,000 Right. 249 00:08:03,000 --> 00:08:04,000 And you're trying to get in. 250 00:08:04,000 --> 00:08:05,000 Yeah. 251 00:08:05,000 --> 00:08:10,400 Into the vault directly, or you could look for like a side door, a side door, a weak spot 252 00:08:10,400 --> 00:08:11,400 in the security system. 253 00:08:11,400 --> 00:08:12,800 Like a broken window or something. 254 00:08:12,800 --> 00:08:13,800 Yeah. 255 00:08:13,800 --> 00:08:14,800 Exactly. 256 00:08:14,800 --> 00:08:17,800 So implementation attacks are all about finding those kind of weaknesses. 257 00:08:17,800 --> 00:08:20,200 So it's not about the strength of the encryption itself. 258 00:08:20,200 --> 00:08:23,000 It's about how it's being used. 259 00:08:23,000 --> 00:08:24,000 That's a great way to put it. 260 00:08:24,000 --> 00:08:26,400 It's like, even if you have a really strong lock. 261 00:08:26,400 --> 00:08:29,600 If the door is flimsy, if the door is flimsy, it doesn't really matter. 262 00:08:29,600 --> 00:08:30,600 Makes sense. 263 00:08:30,600 --> 00:08:31,600 Right. 264 00:08:31,600 --> 00:08:32,600 You can just kick the door down. 265 00:08:32,600 --> 00:08:36,120 The internet attacks are about finding those flimsy doors in the system. 266 00:08:36,120 --> 00:08:37,120 Exactly. 267 00:08:37,120 --> 00:08:39,560 Now get ready because this next one is really cool. 268 00:08:39,560 --> 00:08:41,000 Side channel attacks. 269 00:08:41,000 --> 00:08:42,160 Side channel attacks. 270 00:08:42,160 --> 00:08:43,160 What are those? 271 00:08:43,160 --> 00:08:45,880 They're kind of like whispers like the machine is whispering secrets. 272 00:08:45,880 --> 00:08:47,400 Whispering secrets. 273 00:08:47,400 --> 00:08:48,680 How does that work? 274 00:08:48,680 --> 00:08:51,240 So imagine you're like a safe cracker. 275 00:08:51,240 --> 00:08:52,240 Right. 276 00:08:52,240 --> 00:08:57,600 And you're trying to listen really carefully to the clicks of the tumblers as you're turning 277 00:08:57,600 --> 00:08:58,600 the dial. 278 00:08:58,600 --> 00:08:59,600 So figure out the combination. 279 00:08:59,600 --> 00:09:00,600 Exactly. 280 00:09:00,600 --> 00:09:03,680 You're not directly attacking the code. 281 00:09:03,680 --> 00:09:06,840 You're trying to listen to what's happening during the process. 282 00:09:06,840 --> 00:09:09,000 Like, Eve's dropping on the encryption process. 283 00:09:09,000 --> 00:09:10,000 Exactly. 284 00:09:10,000 --> 00:09:13,320 And you're looking for any little hints that might give away information about the key. 285 00:09:13,320 --> 00:09:14,320 Oh, I see. 286 00:09:14,320 --> 00:09:17,760 So like, if the encryption process takes a little bit longer for certain keys, that's 287 00:09:17,760 --> 00:09:18,760 one example. 288 00:09:18,760 --> 00:09:22,320 So you can actually pick up on things like electromagnetic commissions from a device. 289 00:09:22,320 --> 00:09:23,320 Electromagnetic emissions. 290 00:09:23,320 --> 00:09:24,320 Yeah. 291 00:09:24,320 --> 00:09:25,920 Or you can look at variations in the power consumption. 292 00:09:25,920 --> 00:09:28,240 So like how much electricity the device is using? 293 00:09:28,240 --> 00:09:29,240 Exactly. 294 00:09:29,240 --> 00:09:32,440 Or even like how long it takes to do certain calculations. 295 00:09:32,440 --> 00:09:33,440 Wait. 296 00:09:33,440 --> 00:09:37,160 So the time it takes to encrypt something can reveal the key. 297 00:09:37,160 --> 00:09:38,160 It can. 298 00:09:38,160 --> 00:09:39,160 It's pretty amazing. 299 00:09:39,160 --> 00:09:40,160 That's mind blowing. 300 00:09:40,160 --> 00:09:44,400 It's like if you have a processor and it's working a little bit harder on certain 301 00:09:44,400 --> 00:09:47,120 calculations, you might take like a tiny bit longer. 302 00:09:47,120 --> 00:09:48,120 Okay. 303 00:09:48,120 --> 00:09:50,960 And if you can measure that time difference, you can figure out something about the 304 00:09:50,960 --> 00:09:51,960 key. 305 00:09:51,960 --> 00:09:52,960 Exactly. 306 00:09:52,960 --> 00:09:53,960 It's like a tiny little fingerprint. 307 00:09:53,960 --> 00:09:54,960 Wow. 308 00:09:54,960 --> 00:09:55,960 That's crazy. 309 00:09:55,960 --> 00:09:56,960 Yeah, isn't it? 310 00:09:56,960 --> 00:09:58,320 So we've got a tax that are like brute force. 311 00:09:58,320 --> 00:10:00,200 We've got sneaky attacks. 312 00:10:00,200 --> 00:10:04,480 And now we've got these attacks that are like listening to whispers. 313 00:10:04,480 --> 00:10:06,920 And now get ready for this one. 314 00:10:06,920 --> 00:10:08,360 Fault injection. 315 00:10:08,360 --> 00:10:09,520 Fault injection. 316 00:10:09,520 --> 00:10:11,000 That sounds a little dangerous. 317 00:10:11,000 --> 00:10:12,320 It does sound a little dangerous. 318 00:10:12,320 --> 00:10:14,480 It's like something a super villain would do. 319 00:10:14,480 --> 00:10:15,480 Okay. 320 00:10:15,480 --> 00:10:16,320 I'm intrigued. 321 00:10:16,320 --> 00:10:20,840 So with fault injection, you're basically trying to make the system mess up. 322 00:10:20,840 --> 00:10:22,080 Deliberately make it mess up. 323 00:10:22,080 --> 00:10:23,080 On purpose. 324 00:10:23,080 --> 00:10:24,080 Yeah. 325 00:10:24,080 --> 00:10:25,080 Why would you do that? 326 00:10:25,080 --> 00:10:28,280 Well, the idea is that if you can make the system malfunction. 327 00:10:28,280 --> 00:10:32,200 It might accidentally leak some information. 328 00:10:32,200 --> 00:10:36,000 Oh, so it's like shaking a vending machine, hoping some candy falls out. 329 00:10:36,000 --> 00:10:37,000 That's a good analogy. 330 00:10:37,000 --> 00:10:38,000 Yeah. 331 00:10:38,000 --> 00:10:40,280 It's like you're trying to jam the gears of the machine and see if you can get it to 332 00:10:40,280 --> 00:10:42,000 spit out something valuable. 333 00:10:42,000 --> 00:10:43,000 Interesting. 334 00:10:43,000 --> 00:10:44,600 So it's all about exploding errors. 335 00:10:44,600 --> 00:10:45,600 Exactly. 336 00:10:45,600 --> 00:10:46,600 Okay. 337 00:10:46,600 --> 00:10:49,040 Now let's talk about a specific type of side channel attack. 338 00:10:49,040 --> 00:10:50,240 Oh, okay. 339 00:10:50,240 --> 00:10:51,880 This one is called a timing attack. 340 00:10:51,880 --> 00:10:52,880 A timing attack. 341 00:10:52,880 --> 00:10:54,040 So it has something to do with time. 342 00:10:54,040 --> 00:10:55,040 It does. 343 00:10:55,040 --> 00:10:58,480 So it's like measuring how long it takes for certain operations to happen. 344 00:10:58,480 --> 00:11:02,040 Like how long it takes to encrypt or decrypt something. 345 00:11:02,040 --> 00:11:03,040 Exactly. 346 00:11:03,040 --> 00:11:06,840 And even the tiniest little variations in time, they can tell you something about the 347 00:11:06,840 --> 00:11:07,840 key. 348 00:11:07,840 --> 00:11:08,840 Wow. 349 00:11:08,840 --> 00:11:09,840 That's incredible. 350 00:11:09,840 --> 00:11:12,400 It's like imagine a safe, right? 351 00:11:12,400 --> 00:11:14,360 And the lock is a little bit sticky. 352 00:11:14,360 --> 00:11:15,360 Okay. 353 00:11:15,360 --> 00:11:17,560 So it takes like a fraction of a second longer. 354 00:11:17,560 --> 00:11:19,120 To open with certain combinations. 355 00:11:19,120 --> 00:11:20,120 Yeah. 356 00:11:20,120 --> 00:11:21,120 To open with certain combinations. 357 00:11:21,120 --> 00:11:24,160 And if you're really good at listening to those tiny differences, you can figure out 358 00:11:24,160 --> 00:11:25,160 the combination. 359 00:11:25,160 --> 00:11:26,280 You might be able to crack the safe. 360 00:11:26,280 --> 00:11:28,120 So that's kind of what a timing attack is like. 361 00:11:28,120 --> 00:11:29,920 So it's all about precision timing. 362 00:11:29,920 --> 00:11:31,120 It is very, very precise. 363 00:11:31,120 --> 00:11:32,120 It's really cool. 364 00:11:32,120 --> 00:11:33,120 All right. 365 00:11:33,120 --> 00:11:35,520 Let's move on to a different type of attack. 366 00:11:35,520 --> 00:11:38,760 This one is a little bit more like something out of a spy movie. 367 00:11:38,760 --> 00:11:41,400 It's called a man in the middle attack. 368 00:11:41,400 --> 00:11:42,400 Man in the middle. 369 00:11:42,400 --> 00:11:43,880 So there's a middle man involved somehow. 370 00:11:43,880 --> 00:11:45,240 Yeah, there's someone in the middle. 371 00:11:45,240 --> 00:11:47,160 So basically imagine this. 372 00:11:47,160 --> 00:11:48,720 You have two people trying to communicate. 373 00:11:48,720 --> 00:11:49,720 Okay. 374 00:11:49,720 --> 00:11:51,680 And then there's a third person, the attacker. 375 00:11:51,680 --> 00:11:52,680 Right. 376 00:11:52,680 --> 00:11:56,360 And then secretly put themselves in between those two people. 377 00:11:56,360 --> 00:11:58,760 Oh, like intercepting the communication. 378 00:11:58,760 --> 00:11:59,760 Exactly. 379 00:11:59,760 --> 00:12:01,760 And they're intercepted the messages going back and forth. 380 00:12:01,760 --> 00:12:03,040 So like a wiretap. 381 00:12:03,040 --> 00:12:05,160 Yeah, kind of like a wiretap. 382 00:12:05,160 --> 00:12:07,680 But they can actually do even more than just listen. 383 00:12:07,680 --> 00:12:08,680 Really? 384 00:12:08,680 --> 00:12:10,280 They can actually modify the messages. 385 00:12:10,280 --> 00:12:11,280 Oh, wow. 386 00:12:11,280 --> 00:12:12,280 Before they get to the other person. 387 00:12:12,280 --> 00:12:14,480 So they can change what people are saying to each other. 388 00:12:14,480 --> 00:12:15,480 They can. 389 00:12:15,480 --> 00:12:19,120 And the people who are communicating, they have no idea this is happening. 390 00:12:19,120 --> 00:12:20,120 That's terrifying. 391 00:12:20,120 --> 00:12:21,120 Yeah. 392 00:12:21,120 --> 00:12:27,040 So it's like being spied on and manipulated at the same time. 393 00:12:27,040 --> 00:12:28,040 Exactly. 394 00:12:28,040 --> 00:12:29,040 Okay. 395 00:12:29,040 --> 00:12:31,480 Last but not least, let's talk about past the hash attacks. 396 00:12:31,480 --> 00:12:32,480 Past the hash. 397 00:12:32,480 --> 00:12:33,760 That sounds interesting. 398 00:12:33,760 --> 00:12:37,320 So with this attack, it's all about stealing something called a hash. 399 00:12:37,320 --> 00:12:38,320 A hash. 400 00:12:38,320 --> 00:12:39,320 Yeah. 401 00:12:39,320 --> 00:12:42,520 And a hash is basically like a scrambled version of your password. 402 00:12:42,520 --> 00:12:43,520 Okay. 403 00:12:43,520 --> 00:12:45,440 So instead of trying to steal your actual password. 404 00:12:45,440 --> 00:12:46,440 They steal the scrambled. 405 00:12:46,440 --> 00:12:48,360 They steal the scrambled version of the hash. 406 00:12:48,360 --> 00:12:49,880 And what can they do with that? 407 00:12:49,880 --> 00:12:54,920 The thing is, on a lot of systems, the hash is enough to gain access. 408 00:12:54,920 --> 00:12:55,920 Oh, I see. 409 00:12:55,920 --> 00:12:58,640 So they don't need the actual password, just the scrambled version. 410 00:12:58,640 --> 00:12:59,640 Exactly. 411 00:12:59,640 --> 00:13:03,840 So it's kind of like using a photocopy of someone's ID to get past security. 412 00:13:03,840 --> 00:13:05,320 Yeah, to get past security. 413 00:13:05,320 --> 00:13:06,800 You don't need the original. 414 00:13:06,800 --> 00:13:09,600 You just need a copy that looks real enough. 415 00:13:09,600 --> 00:13:10,600 That's clever. 416 00:13:10,600 --> 00:13:11,840 It is clever. 417 00:13:11,840 --> 00:13:13,400 But it's also pretty dangerous. 418 00:13:13,400 --> 00:13:14,400 Yeah. 419 00:13:14,400 --> 00:13:18,040 Because once they have the hash, they can potentially get into a lot of different systems. 420 00:13:18,040 --> 00:13:19,040 Exactly. 421 00:13:19,040 --> 00:13:22,480 And network and potentially access a lot of sensitive information. 422 00:13:22,480 --> 00:13:23,480 Wow. 423 00:13:23,480 --> 00:13:24,680 We've covered a lot of ground today. 424 00:13:24,680 --> 00:13:25,680 We have. 425 00:13:25,680 --> 00:13:30,000 We've gone from brute force to like these super subtle sneaky techniques. 426 00:13:30,000 --> 00:13:33,680 It's amazing how many different ways there are to attack encrypted data. 427 00:13:33,680 --> 00:13:34,680 It is. 428 00:13:34,680 --> 00:13:35,680 And the world of cryptography. 429 00:13:35,680 --> 00:13:37,320 It is constantly evolving. 430 00:13:37,320 --> 00:13:38,680 Like a constant arms race. 431 00:13:38,680 --> 00:13:39,680 Yeah. 432 00:13:39,680 --> 00:13:41,800 The constant arms race between the attackers and the defenders. 433 00:13:41,800 --> 00:13:44,480 And thankfully, the defenders are getting better all the time. 434 00:13:44,480 --> 00:13:45,480 That's good to know. 435 00:13:45,480 --> 00:13:46,480 Yeah. 436 00:13:46,480 --> 00:13:47,480 They're developing new technologies. 437 00:13:47,480 --> 00:13:49,320 They're strengthening the systems we have. 438 00:13:49,320 --> 00:13:51,400 And they're always trying to stay one step ahead. 439 00:13:51,400 --> 00:13:53,280 So they're so impressed regular folks. 440 00:13:53,280 --> 00:13:54,440 There is absolutely. 441 00:13:54,440 --> 00:13:56,720 The key is to be aware of the risks. 442 00:13:56,720 --> 00:13:59,080 Take those simple precautions we talked about. 443 00:13:59,080 --> 00:14:00,840 And you'll be much safer online. 444 00:14:00,840 --> 00:14:01,840 I like that. 445 00:14:01,840 --> 00:14:02,840 Knowledge is power. 446 00:14:02,840 --> 00:14:03,840 Absolutely. 447 00:14:03,840 --> 00:14:04,840 All right. 448 00:14:04,840 --> 00:14:08,280 Well, that's it for today's Deep Dive Into the World of Crypt Analytica Tax. 449 00:14:08,280 --> 00:14:09,280 Thanks for having me. 450 00:14:09,280 --> 00:14:10,720 It's been a fascinating conversation. 451 00:14:10,720 --> 00:14:12,720 And to our listeners, thank you for joining us. 452 00:14:12,720 --> 00:14:13,880 We'll see you next time. 453 00:14:13,880 --> 00:14:15,520 Until next time, stay safe out there. 454 00:14:15,520 --> 00:14:16,520 Yeah. 455 00:14:16,520 --> 00:14:19,800 But they're always trying to find a new way to outsmart the system. 456 00:14:19,800 --> 00:14:25,280 And in this article, Christiani Kumar Mahadevyn, he does a really good job of not just talking 457 00:14:25,280 --> 00:14:27,840 about what the different attacks are. 458 00:14:27,840 --> 00:14:30,920 But he talks about like the mindset of the attackers. 459 00:14:30,920 --> 00:14:32,240 Oh, interesting. 460 00:14:32,240 --> 00:14:33,440 Like how do they think so? 461 00:14:33,440 --> 00:14:34,760 They're important to know. 462 00:14:34,760 --> 00:14:35,760 It is. 463 00:14:35,760 --> 00:14:38,360 It's like you're learning to think like a criminal mastermind. 464 00:14:38,360 --> 00:14:39,360 Right. 465 00:14:39,360 --> 00:14:40,360 But for a good cause. 466 00:14:40,360 --> 00:14:41,360 Exactly. 467 00:14:41,360 --> 00:14:46,280 Because if you can understand how they think, then you can start to build better 468 00:14:46,280 --> 00:14:47,280 defenses. 469 00:14:47,280 --> 00:14:48,800 Look at chess game. 470 00:14:48,800 --> 00:14:49,800 It is like a chess game. 471 00:14:49,800 --> 00:14:51,040 You got to anticipate their moves. 472 00:14:51,040 --> 00:14:52,200 Stay one step ahead. 473 00:14:52,200 --> 00:14:53,200 Yeah. 474 00:14:53,200 --> 00:14:54,200 Okay. 475 00:14:54,200 --> 00:14:57,600 So we've talked about all these different ways that encryption can be attacked. 476 00:14:57,600 --> 00:14:59,880 It's, it's a little scary to be honest. 477 00:14:59,880 --> 00:15:00,880 It is a little scary. 478 00:15:00,880 --> 00:15:05,400 It kind of makes you realize like how much we rely on encryption for everything these days. 479 00:15:05,400 --> 00:15:06,600 Like all the time. 480 00:15:06,600 --> 00:15:07,600 All the time. 481 00:15:07,600 --> 00:15:08,600 We don't even think about it, right? 482 00:15:08,600 --> 00:15:09,600 Yeah. 483 00:15:09,600 --> 00:15:13,840 Like online banking, setting messages, chopping online, cloud storage. 484 00:15:13,840 --> 00:15:18,160 It's all protected by these like complex codes that thankfully are being attacked by all 485 00:15:18,160 --> 00:15:19,160 these methods. 486 00:15:19,160 --> 00:15:20,160 It is a little unsettling. 487 00:15:20,160 --> 00:15:21,160 It is unsettling. 488 00:15:21,160 --> 00:15:24,560 But the good news is that encryption is getting stronger all the time. 489 00:15:24,560 --> 00:15:25,560 That's good to hear. 490 00:15:25,560 --> 00:15:26,560 Yeah. 491 00:15:26,560 --> 00:15:27,560 So it's not all doom and gloom. 492 00:15:27,560 --> 00:15:28,560 Right. 493 00:15:28,560 --> 00:15:30,360 But that doesn't mean that we could just sit back and relax. 494 00:15:30,360 --> 00:15:31,440 We still have to do our part. 495 00:15:31,440 --> 00:15:32,440 We do. 496 00:15:32,440 --> 00:15:33,880 So what can we do to protect ourselves? 497 00:15:33,880 --> 00:15:35,880 Like, I'm not a cybersecurity expert. 498 00:15:35,880 --> 00:15:36,880 Right. 499 00:15:36,880 --> 00:15:42,000 What can like the average person do to make their data more secure? 500 00:15:42,000 --> 00:15:43,240 It's a great question. 501 00:15:43,240 --> 00:15:47,040 And there are actually a lot of simple things that anyone can do. 502 00:15:47,040 --> 00:15:48,040 Okay. 503 00:15:48,040 --> 00:15:49,040 Give us the insider tips. 504 00:15:49,040 --> 00:15:50,040 Okay. 505 00:15:50,040 --> 00:15:52,240 Well, first of all, just being aware of these attacks. 506 00:15:52,240 --> 00:15:53,760 That's a huge step. 507 00:15:53,760 --> 00:15:55,920 So just knowing that these things exist. 508 00:15:55,920 --> 00:15:56,920 Exactly. 509 00:15:56,920 --> 00:16:00,960 Because when you know about the risks, you're more likely to be careful. 510 00:16:00,960 --> 00:16:03,120 It's like knowing the tricks a magician might use. 511 00:16:03,120 --> 00:16:04,120 Right. 512 00:16:04,120 --> 00:16:05,120 You're less likely to be fooled. 513 00:16:05,120 --> 00:16:06,120 Yeah. 514 00:16:06,120 --> 00:16:07,120 Okay. 515 00:16:07,120 --> 00:16:08,120 So awareness is good. 516 00:16:08,120 --> 00:16:09,920 But what else can we do? 517 00:16:09,920 --> 00:16:15,080 Well, the most important thing is to use strong unique passwords for every single account. 518 00:16:15,080 --> 00:16:16,080 Okay. 519 00:16:16,080 --> 00:16:17,080 I've heard that before. 520 00:16:17,080 --> 00:16:18,080 Yeah. 521 00:16:18,080 --> 00:16:19,480 I know it's a pain to remember so many passwords. 522 00:16:19,480 --> 00:16:20,480 It is. 523 00:16:20,480 --> 00:16:21,480 But it's really important. 524 00:16:21,480 --> 00:16:22,840 Is there anything that can help with that? 525 00:16:22,840 --> 00:16:23,840 Yeah. 526 00:16:23,840 --> 00:16:24,840 You can use a password manager. 527 00:16:24,840 --> 00:16:25,840 A password manager. 528 00:16:25,840 --> 00:16:26,840 Yeah. 529 00:16:26,840 --> 00:16:28,440 It's a program that stores all your passwords securely. 530 00:16:28,440 --> 00:16:29,640 Oh, that sounds helpful. 531 00:16:29,640 --> 00:16:30,640 It is. 532 00:16:30,640 --> 00:16:32,640 And it can even generate strong passwords for you. 533 00:16:32,640 --> 00:16:33,640 Okay. 534 00:16:33,640 --> 00:16:34,880 So strong unique passwords. 535 00:16:34,880 --> 00:16:35,880 Check what else. 536 00:16:35,880 --> 00:16:39,880 Another important thing is to enable two factor authentication whenever you can. 537 00:16:39,880 --> 00:16:41,280 Two factor authentication. 538 00:16:41,280 --> 00:16:42,280 What's that? 539 00:16:42,280 --> 00:16:44,520 So basically, it adds an extra layer of security. 540 00:16:44,520 --> 00:16:45,520 Okay. 541 00:16:45,520 --> 00:16:48,880 By requiring you to enter a code from your phone or something like that, in addition to your 542 00:16:48,880 --> 00:16:49,880 password. 543 00:16:49,880 --> 00:16:54,640 Oh, so even if someone steals your password, they can't get in without that second factor. 544 00:16:54,640 --> 00:16:56,880 So it's like having two locks on your door. 545 00:16:56,880 --> 00:16:57,880 Exactly. 546 00:16:57,880 --> 00:16:59,240 Makes it much harder to break in. 547 00:16:59,240 --> 00:17:00,240 Right. 548 00:17:00,240 --> 00:17:01,760 So that's another really important tip. 549 00:17:01,760 --> 00:17:02,760 Okay. 550 00:17:02,760 --> 00:17:03,760 Two factor authentication got it. 551 00:17:03,760 --> 00:17:04,760 What else? 552 00:17:04,760 --> 00:17:06,560 And be careful about fishing attacks. 553 00:17:06,560 --> 00:17:07,560 Fishing attacks. 554 00:17:07,560 --> 00:17:09,400 Those are the emails that look like they're from your bank. 555 00:17:09,400 --> 00:17:10,400 Exactly. 556 00:17:10,400 --> 00:17:13,200 They try to trick you into giving them your personal information. 557 00:17:13,200 --> 00:17:15,000 Like your password or your credit card number. 558 00:17:15,000 --> 00:17:19,640 I write so never click on links and suspicious email or open attachments from people you 559 00:17:19,640 --> 00:17:20,640 don't know. 560 00:17:20,640 --> 00:17:21,640 Yeah. 561 00:17:21,640 --> 00:17:24,000 And if something seems fishy, you guys trust your gut. 562 00:17:24,000 --> 00:17:25,640 Trust your gut exactly. 563 00:17:25,640 --> 00:17:29,280 And if you're not sure, you can always contact the company directly. 564 00:17:29,280 --> 00:17:30,280 Good advice. 565 00:17:30,280 --> 00:17:32,400 Don't let those digital fishers get you. 566 00:17:32,400 --> 00:17:33,720 That's right. 567 00:17:33,720 --> 00:17:34,960 And one more thing. 568 00:17:34,960 --> 00:17:36,720 Keep your software up to date. 569 00:17:36,720 --> 00:17:37,720 Oh, yeah. 570 00:17:37,720 --> 00:17:38,720 The updates. 571 00:17:38,720 --> 00:17:39,720 You can be annoying. 572 00:17:39,720 --> 00:17:40,720 They are. 573 00:17:40,720 --> 00:17:43,120 But they often include important security fixes. 574 00:17:43,120 --> 00:17:46,200 So those updates might actually be protecting me from an attack. 575 00:17:46,200 --> 00:17:47,200 Exactly. 576 00:17:47,200 --> 00:17:48,200 So don't ignore them. 577 00:17:48,200 --> 00:17:49,200 All right. 578 00:17:49,200 --> 00:17:50,200 Updates are important. 579 00:17:50,200 --> 00:17:52,000 I'll try to remember that. 580 00:17:52,000 --> 00:17:53,000 Anything else? 581 00:17:53,000 --> 00:17:54,200 One last thing. 582 00:17:54,200 --> 00:17:56,440 Be mindful of what you share online. 583 00:17:56,440 --> 00:17:57,440 Oh, yeah. 584 00:17:57,440 --> 00:17:58,440 Like on social media instead. 585 00:17:58,440 --> 00:17:59,440 Yeah. 586 00:17:59,440 --> 00:18:00,440 The more information you share. 587 00:18:00,440 --> 00:18:01,440 Right. 588 00:18:01,440 --> 00:18:02,440 The more valuable you are to attackers. 589 00:18:02,440 --> 00:18:03,960 So think before you post. 590 00:18:03,960 --> 00:18:04,960 Think before you post. 591 00:18:04,960 --> 00:18:05,960 Think before you share. 592 00:18:05,960 --> 00:18:07,640 Think before you click. 593 00:18:07,640 --> 00:18:08,640 Good advice. 594 00:18:08,640 --> 00:18:09,640 That's a good advice. 595 00:18:09,640 --> 00:18:10,640 It's been really helpful. 596 00:18:10,640 --> 00:18:11,640 I'm glad. 597 00:18:11,640 --> 00:18:13,640 It's all about taking those small steps to protect yourself. 598 00:18:13,640 --> 00:18:14,640 Yeah. 599 00:18:14,640 --> 00:18:16,040 And it's not about being scared of technology. 600 00:18:16,040 --> 00:18:17,640 It's just about being aware. 601 00:18:17,640 --> 00:18:18,640 Exactly. 602 00:18:18,640 --> 00:18:21,840 And remember, security isn't on going thing. 603 00:18:21,840 --> 00:18:23,160 It's not just a one time thing. 604 00:18:23,160 --> 00:18:26,560 You have to keep learning, keep adapting, and stay vigilant. 605 00:18:26,560 --> 00:18:27,560 Like a leaky boat. 606 00:18:27,560 --> 00:18:29,160 You got to keep bailing out the water. 607 00:18:29,160 --> 00:18:30,360 That's a great analogy. 608 00:18:30,360 --> 00:18:33,440 The more leaks you plug, the safer you'll be. 609 00:18:33,440 --> 00:18:34,440 That makes sense. 610 00:18:34,440 --> 00:18:35,440 Okay. 611 00:18:35,440 --> 00:18:36,440 Okay. 612 00:18:36,440 --> 00:18:37,880 So we've talked about all these different ways to attack encryption. 613 00:18:37,880 --> 00:18:43,800 But now I want to talk about something specific that Krishna Kumar Mahadev and mentions in 614 00:18:43,800 --> 00:18:44,800 his article. 615 00:18:44,800 --> 00:18:45,800 Okay. 616 00:18:45,800 --> 00:18:46,800 What's that? 617 00:18:46,800 --> 00:18:48,080 He mentioned something called NTLM. 618 00:18:48,080 --> 00:18:49,080 NTLM. 619 00:18:49,080 --> 00:18:50,080 Yeah. 620 00:18:50,080 --> 00:18:51,080 Do you know what that is? 621 00:18:51,080 --> 00:18:53,320 I've heard of it, but I'm not exactly sure what it is. 622 00:18:53,320 --> 00:18:56,480 So NTLM stands for new technology land manager. 623 00:18:56,480 --> 00:18:57,480 Okay. 624 00:18:57,480 --> 00:19:02,400 It's basically an authentication protocol that's used in a lot of Windows networks. 625 00:19:02,400 --> 00:19:03,400 Authentication protocol. 626 00:19:03,400 --> 00:19:06,520 So it's how computers verify your identity. 627 00:19:06,520 --> 00:19:07,520 Exactly. 628 00:19:07,520 --> 00:19:10,440 It's like a digital handshake to make sure that you are who you say you are. 629 00:19:10,440 --> 00:19:11,440 Right. 630 00:19:11,440 --> 00:19:12,440 But here's the thing. 631 00:19:12,440 --> 00:19:14,440 NTLM is known to have some weaknesses. 632 00:19:14,440 --> 00:19:15,440 Oh no. 633 00:19:15,440 --> 00:19:18,880 Especially when it comes to those past the hash attacks we talked about earlier. 634 00:19:18,880 --> 00:19:22,280 Oh, so those attacks where they steal the hash of your password? 635 00:19:22,280 --> 00:19:23,280 Yeah. 636 00:19:23,280 --> 00:19:25,040 Those attacks are particularly effective against NTLM. 637 00:19:25,040 --> 00:19:26,040 That's not good. 638 00:19:26,040 --> 00:19:27,040 Yeah. 639 00:19:27,040 --> 00:19:28,040 It's not ideal. 640 00:19:28,040 --> 00:19:32,320 So a lot of security experts, they recommend moving away from NTLM if you can. 641 00:19:32,320 --> 00:19:33,560 To something more secure. 642 00:19:33,560 --> 00:19:37,080 Something that's less vulnerable to these attacks. 643 00:19:37,080 --> 00:19:41,440 Like Kerberos, for example, is more modern protocol that's considered to be much more 644 00:19:41,440 --> 00:19:42,440 secure. 645 00:19:42,440 --> 00:19:43,440 Okay. 646 00:19:43,440 --> 00:19:48,080 So it's a reminder that even the systems we rely on for security, they can have weaknesses. 647 00:19:48,080 --> 00:19:49,080 They can. 648 00:19:49,080 --> 00:19:50,360 Especially throughout data. 649 00:19:50,360 --> 00:19:54,480 So it's really important to keep everything up to date and use the latest and greatest 650 00:19:54,480 --> 00:19:57,560 security protocols whenever possible. 651 00:19:57,560 --> 00:19:59,560 It's a never-ending process. 652 00:19:59,560 --> 00:20:01,400 This whole security thing. 653 00:20:01,400 --> 00:20:02,400 It is. 654 00:20:02,400 --> 00:20:03,400 Like you said earlier, it's a journey. 655 00:20:03,400 --> 00:20:05,240 It's a journey not a destination. 656 00:20:05,240 --> 00:20:09,200 We have to keep learning, keep adapting, and stay vigilant. 657 00:20:09,200 --> 00:20:10,200 Exactly. 658 00:20:10,200 --> 00:20:12,840 And that's why conversations like this are so important. 659 00:20:12,840 --> 00:20:13,840 Because the more we know. 660 00:20:13,840 --> 00:20:15,120 The better prepared we are. 661 00:20:15,120 --> 00:20:16,120 Yeah. 662 00:20:16,120 --> 00:20:17,120 Yeah. 663 00:20:17,120 --> 00:20:19,040 It's a constant back and forth like a game of cat and mouse. 664 00:20:19,040 --> 00:20:22,640 And it feels like the more technology we have, the more complicated it gets. 665 00:20:22,640 --> 00:20:23,640 Yeah. 666 00:20:23,640 --> 00:20:24,640 It can feel that way. 667 00:20:24,640 --> 00:20:27,440 The more places there are for these vulnerabilities to hide. 668 00:20:27,440 --> 00:20:31,640 That's true, but complexity can also be a good thing when it comes to security. 669 00:20:31,640 --> 00:20:32,640 Oh, how so. 670 00:20:32,640 --> 00:20:37,320 Because if you have multiple layers of security, it makes it that much harder for attackers 671 00:20:37,320 --> 00:20:38,320 to get through. 672 00:20:38,320 --> 00:20:41,560 So it's not just about like building one really, really strong wall. 673 00:20:41,560 --> 00:20:42,560 Right. 674 00:20:42,560 --> 00:20:43,960 It's about having like layers. 675 00:20:43,960 --> 00:20:48,920 Layers, yeah, like a vote and guard dogs and like the whole like the whole castle defense 676 00:20:48,920 --> 00:20:51,840 is a multi-layered approach is always the best. 677 00:20:51,840 --> 00:20:53,240 Yeah, like a medieval castle. 678 00:20:53,240 --> 00:20:54,240 Yeah, like a castle. 679 00:20:54,240 --> 00:20:55,640 You got the outer wall. 680 00:20:55,640 --> 00:20:56,640 You got the inner key. 681 00:20:56,640 --> 00:20:58,240 You got the hidden passageway. 682 00:20:58,240 --> 00:20:59,240 A guard. 683 00:20:59,240 --> 00:21:00,240 Like everywhere. 684 00:21:00,240 --> 00:21:01,240 Exactly. 685 00:21:01,240 --> 00:21:03,440 The obstacles you put in the way of an attacker are the better. 686 00:21:03,440 --> 00:21:05,440 The less likely they are to actually succeed. 687 00:21:05,440 --> 00:21:06,440 Right. 688 00:21:06,440 --> 00:21:08,960 It's all about making it as difficult as possible for them. 689 00:21:08,960 --> 00:21:10,440 That's a really good analogy. 690 00:21:10,440 --> 00:21:11,760 I like to think of it visually. 691 00:21:11,760 --> 00:21:12,760 Yeah. 692 00:21:12,760 --> 00:21:13,760 Okay. 693 00:21:13,760 --> 00:21:15,040 So we've talked about a lot of different stuff today. 694 00:21:15,040 --> 00:21:19,240 We've talked about a lot of different ways to attack those digital castles. 695 00:21:19,240 --> 00:21:20,240 Exactly. 696 00:21:20,240 --> 00:21:21,760 A lot of different ways to attack encryption. 697 00:21:21,760 --> 00:21:26,840 So if we want to keep our digital castles safe, what are like the key takeaways 698 00:21:26,840 --> 00:21:27,840 here? 699 00:21:27,840 --> 00:21:31,040 Well, I think the most important thing is strong, unique passwords. 700 00:21:31,040 --> 00:21:32,040 Okay. 701 00:21:32,040 --> 00:21:33,040 That's like, that's the foundation. 702 00:21:33,040 --> 00:21:34,040 The foundation. 703 00:21:34,040 --> 00:21:35,040 Yeah. 704 00:21:35,040 --> 00:21:39,600 If you have weak passwords, it doesn't matter how strong your other defenses are. 705 00:21:39,600 --> 00:21:40,600 Right. 706 00:21:40,600 --> 00:21:42,600 It's like leaving the drawbridge to your castle wide open. 707 00:21:42,600 --> 00:21:43,600 Exactly. 708 00:21:43,600 --> 00:21:45,240 And what about two factor authentication? 709 00:21:45,240 --> 00:21:46,800 That's another crucial one. 710 00:21:46,800 --> 00:21:47,800 Yeah. 711 00:21:47,800 --> 00:21:49,040 It's like having a night guarding the gate. 712 00:21:49,040 --> 00:21:51,240 Making sure that only the right people get in. 713 00:21:51,240 --> 00:21:53,360 Two factor authentication is important. 714 00:21:53,360 --> 00:21:54,360 Very important. 715 00:21:54,360 --> 00:21:56,480 And we can't forget about those fishing attacks. 716 00:21:56,480 --> 00:21:57,480 Oh, yeah. 717 00:21:57,480 --> 00:21:59,320 The sneaky emails and messages. 718 00:21:59,320 --> 00:22:00,720 We got to be careful about those. 719 00:22:00,720 --> 00:22:02,600 Similarly, they're like Trojan horses. 720 00:22:02,600 --> 00:22:04,640 They look harmless, but they're not. 721 00:22:04,640 --> 00:22:05,760 But they're dangerous. 722 00:22:05,760 --> 00:22:08,240 So always be careful about what you click on. 723 00:22:08,240 --> 00:22:09,240 Yeah. 724 00:22:09,240 --> 00:22:10,240 Something seems off. 725 00:22:10,240 --> 00:22:11,240 Trust your gut. 726 00:22:11,240 --> 00:22:12,240 Trust your debt. 727 00:22:12,240 --> 00:22:15,680 And if you're not sure, you can always contact the company directly to verify. 728 00:22:15,680 --> 00:22:16,680 Okay. 729 00:22:16,680 --> 00:22:19,960 So strong passwords, two factor authentication. 730 00:22:19,960 --> 00:22:21,480 Watch out for fishing. 731 00:22:21,480 --> 00:22:22,480 Anything else? 732 00:22:22,480 --> 00:22:24,320 I think the biggest thing is just to be aware. 733 00:22:24,320 --> 00:22:25,320 Yeah. 734 00:22:25,320 --> 00:22:28,600 The more you know about the threats out there, the better prepared you'll be to defend 735 00:22:28,600 --> 00:22:29,600 yourself. 736 00:22:29,600 --> 00:22:31,640 You can feel a little overwhelming though, right? 737 00:22:31,640 --> 00:22:34,040 It can, but it's important not to panic. 738 00:22:34,040 --> 00:22:35,040 Yeah. 739 00:22:35,040 --> 00:22:38,360 You don't have to be a cybersecurity expert to be safe online. 740 00:22:38,360 --> 00:22:39,840 You got to take those simple steps. 741 00:22:39,840 --> 00:22:40,840 Exactly. 742 00:22:40,840 --> 00:22:44,560 And if you're ever unsure about something, don't be afraid to ask for help. 743 00:22:44,560 --> 00:22:45,560 Oh, yeah. 744 00:22:45,560 --> 00:22:46,560 Good point. 745 00:22:46,560 --> 00:22:48,120 There are a lot of resources available. 746 00:22:48,120 --> 00:22:50,760 Your IT department, security teams. 747 00:22:50,760 --> 00:22:54,560 There are websites and forums dedicated to cybersecurity. 748 00:22:54,560 --> 00:22:55,960 People who know what they're talking about. 749 00:22:55,960 --> 00:22:56,960 Exactly. 750 00:22:56,960 --> 00:22:59,480 So don't hesitate to reach out if you need guidance. 751 00:22:59,480 --> 00:23:00,480 All right. 752 00:23:00,480 --> 00:23:02,600 Well, I think that about wraps it up for today's Deep Dive. 753 00:23:02,600 --> 00:23:04,120 We covered a lot of ground. 754 00:23:04,120 --> 00:23:05,120 We did. 755 00:23:05,120 --> 00:23:09,600 We talked about everything from brute force attacks to those really subtle side 756 00:23:09,600 --> 00:23:12,400 channel attacks and everything in between and everything in between. 757 00:23:12,400 --> 00:23:14,160 It's been a fascinating journey. 758 00:23:14,160 --> 00:23:15,160 It has. 759 00:23:15,160 --> 00:23:18,600 And thanks to Krishna Kumar, Makadev, and for writing that article that really helped us 760 00:23:18,600 --> 00:23:20,000 to understand all this stuff. 761 00:23:20,000 --> 00:23:21,000 Yeah. 762 00:23:21,000 --> 00:23:22,000 He really knows his stuff. 763 00:23:22,000 --> 00:23:23,000 He does. 764 00:23:23,000 --> 00:23:26,720 And to our listeners, thanks for sticking with us through this Deep Dive into the world of 765 00:23:26,720 --> 00:23:28,520 Crypt Analytica attacks. 766 00:23:28,520 --> 00:23:30,200 We hope that you learn something new. 767 00:23:30,200 --> 00:23:33,440 And that you feel empowered to take steps to protect your own data. 768 00:23:33,440 --> 00:23:34,440 Absolutely. 769 00:23:34,440 --> 00:23:38,640 Knowledge is power in the world of cybersecurity that knowledge is your best defense. 770 00:23:38,640 --> 00:23:39,640 Stay curious. 771 00:23:39,640 --> 00:23:42,640 Stay vigilant and stay safe out there. 772 00:23:42,640 --> 00:23:48,080 And until next time, keep exploring, keep learning, and keep those digital 773 00:23:48,080 --> 00:24:02,800 drawbridge's raised high.