O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required


Video Description

Software developers world-wide place a great deal of trust in the encryption technologies used to protect privacy and sensitive data. What could go wrong? Plenty, says security and encryption expert Brian Sletten in this wide ranging overview of the history, methods, technologies, goals, and perhaps most importantly, limitations of encryption. The video offers a high level discussion of the theories behind encryption as well as a lower level detailed explanation of the technologies and methods used in encryption today.

  • Receive a comprehensive overview of the history, methods, technologies, goals, and limitations of encryption
  • Learn to make practical reasoned choices regarding the forms of encryption to avoid and the forms to deploy
  • Explore stream ciphers, block ciphers, authenticated encryption systems, and symmetric key encryption
  • Discover why the widely used MD-5 hashing algorithm should no longer be used for most encryption purposes
  • Familiarize yourself with Transport Level Security (TLS), the most widely-used Internet encryption mechanism
  • Learn to deploy DHKE, the asymmetric key exchange protocol for establishing encrypted Internet channels
  • Understand RSA, the encryption features it enables, and why it’s the standard for digitally-signing electronic documents
  • Learn to recognize encryption attacks and why government demands for backdoors might cripple modern cryptography

Brian Sletten runs Bosatsu Consulting, Inc., which focuses on security, encryption, and other forward-leaning technologies. Sletten’s twenty-three year software engineering career spans many industries including retail, banking, online games, defense, finance, hospitality and health care. He is author of the O'Reilly titles Resource-Oriented Architectures : Hypermedia, Introduction to Secure Software, Trusted VS. Trustworthy, and What Is Good Enough Security? He holds a B.S. in Computer Science from the College of William and Mary.

Table of Contents

  1. Introduction
    1. Introduction to Video Series 00:08:24
    2. In the News 00:10:05
    3. Encoding vs Encryption 00:10:27
    4. Introduction to Hashing Algorithms 00:13:02
    5. Attacking Encryption With Brute Force 00:08:32
    6. Protecting Data At Rest vs In Transit 00:13:03
    7. The Encryption Key Exchange Problem 00:13:49
    8. Problems With Encryption Implementations 00:10:30
    9. The Importance of Random Number Generation and Entropy to Encryption 00:10:31
  2. History
    1. Historical Substitution Ciphers 00:14:51
    2. Historical Transposition Ciphers 00:07:40
    3. The Historical Playfair Cipher 00:09:23
    4. Encryption During World War II 00:14:06
    5. Encryption After World War II 00:08:41
  3. Stream Ciphers
    1. Overview of Stream Ciphers 00:04:28
    2. Details About the A5/1 Stream Cipher 00:07:56
    3. Details About the RC4 Stream Cipher 00:06:49
    4. Details About the Salsa20/ChaCha20 Stream Ciphers 00:06:13
  4. Block Ciphers
    1. Overview of Block Ciphers 00:03:36
    2. What's Good and Bad With the Electronic Cookbook (ECB) Mode 00:05:10
    3. Improving Things With the Cipher Block Chaining (CBC) Mode 00:03:52
    4. Turning Block Ciphers Into Stream Ciphers With the Output Feedback (OFB) Mode 00:05:14
    5. Details About the Cipher Feedback (CFB) Mode 00:04:46
    6. What's Great About the Counter (CTR) Mode 00:03:31
  5. Hashing Algorithms
    1. When Good Hashing Algorithms Go Bad 00:16:27
  6. Authenticated Encryption
    1. Overview of Authenticated Encryption Systems 00:11:52
  7. Symmetric Key Encryption
    1. Overview of Symmetric Key Encryption 00:03:34
    2. The Fascinating History of DES 00:13:43
    3. The Mechanics of DES 00:03:37
    4. How DES Was Cracked 00:06:32
    5. The Pleasing History of AES 00:03:47
    6. The Mechanics of AES 00:06:46
    7. Making AES Faster With Hardware Acceleration 00:04:10
  8. Key Exchange
    1. The Fascinating History of Diffie-Hellman Key Exchange (DHKE) 00:12:09
    2. Mechanics of DHKE 00:06:07
    3. The History of RSA 00:12:18
  9. Digital Signature
    1. Signing Documents with RSA 00:08:07
  10. Elliptical Curves
    1. Overview of Elliptical Curve Cryptography (ECC) 00:10:42
  11. TLS
    1. Overview of Transport Level Security (TLS) 00:10:21
    2. Setting Up Sessions with the TLS Handshake 00:07:46
    3. Picking Good TLS Ciphersuites 00:08:21
    4. Using OpenSSL 00:09:44
    5. Using Keybase.io 00:12:28
  12. Encryption Technologies
    1. Using JSSE 00:05:17
    2. Encrypting Filesystems With DM-Crypt 00:08:17
  13. Modern TLS Configuration
    1. Avoiding TLS Downgrades with HSTS 00:05:41
    2. Benefits of Certificate Pinning 00:04:22
    3. Benefits of OCSP Stapling 00:03:39
    4. The FREAK Attack 00:07:00
  14. Next Steps
    1. Encouraging The Use of Encryption With Let's Encrypt 00:05:03
    2. The Impact of Quantum Computing on Encryption 00:10:13
    3. What to Expect From The Government and Encryption Laws 00:07:54
    4. Next Steps 00:04:16