Hi folks, Ed Amoroso here. Now we're going to pick up on our hand-held authentication protocol. We're going to spend a little time on that, but let me remind you of something that you may have forgotten. I hope you hadn't forgotten it. But we spent a little time on cryptoanalysis in some previous videos. Maybe you'd seen them, if not, I want to refresh your mind. Cryptoanalysis is the breaking of codes. So where cryptography is making secret writing, making codes, using them. Cryptoanalysis is breaking them, collecting data from whatever is the gobbledygook, the scrambled stuff decipher text and trying to unravel that to decipher and understand what you're trying to hide from me. That's what cryptoanalysis is all about. It's not valid decryption by an authorized user. It's unauthorized cryptoanalysis of captured text by somebody who has no business understanding what that data is at all. You follow? It's hacking. There's three types. Cyphertext only, that's where you just see the gobbledygook, no hints. Known plain text, that's where there some hints, so you get few little hints to help you. And then the code book form, the third form, code book where it shows in plain text. So the ordering is, cyphertext only is the hardest. Known plain text next hardest. Code book or chosen plain text is, quote unquote, the easiest. But all of them are hard, because you have a cryptographically and computationally complex function that's hard to just sort of guess. And a gigantic domain, so you can't guess all the keys. So you with me? So those are the three types of cryptoanalysis. So let's look at this handheld authentication protocol. You can see, as you recall, I'm Alice, hey, here's lambda, here's a number, then here's f of lambda. And then, [SOUND] you do what you can do, you log off. Now another time, you log in. Hey, I'm Alice, I'm back. I want to log in again. Okay, great. Here's a new lambda, it will be a different number. And then, okay, here's f of lambda. And then I do what I'm going to do, I log off. Then I log back in. Hey, I'm Alice again, I'd like to log in. Okay, here's a third lambda, different number. Great, here's f of lambda. Now what's happening here, is that if Eve is collecting this data, if she's capturing the information going back and forth, what she's getting are hints. She sees lambda, she sees f of lambda, write that down. I don't know f, I don't know the encryption. But one thing I do know is f of 237 is 881, I know that. And then the next round different lambda, different f of lambda, you get the point? What type of cryptoanalysis is this? This code book? No, because you don't have the algorithm. You're not forcing the function here. Is this cyphertext only? No, this is not just known hints. This is called known plain text, where you have some hints that potentially help Eve the attacker do cryptoanalysis in the context of this protocol. Now still, if I'm Eve and my life depends on it, I think I'm going after the calculator. [LAUGH] I'd be going to zone 1 and trying to arm wrestle my friend for her or his calculator, because once I get the calculator, I can spoof for Alice. It's a way easier attack. But assuming I can't attack in zone 1 or 3, then what I would do, is I'd probably be attacking in zone 2, right? And the fact that it's known plain text to a cryptographer is considered quite a terrible thing. Like in their mind anything but Cyphertext only is not acceptable. Now I've got a good friend, Gene Spafford, some of you might know from Purdue University here in the United States. He tells a funny story about this. He says, when you use cryptography between two endpoints, and you're worried about the strength of the cryptography to protect the data. He says it's sort of like the following. Imagine, you know, God forbid, you feel so bad for the homeless, but imagine a homeless person in a park with a bunch of money laying on their chest. The wind's blowing, some of it's blowing around. And you want to get that money from one person playing in a park or something to another person in a park, also homeless laying on a bench. So to do that, you hire an armored car with guns and police. You collect up the money off the guy's chest, and it begins blowing all over the place. So you collect up what you can. You put it in the armored car, and you drive with guns blazing make sure nobody steals while you've got this encrypted payload. And you go over to the other end, when you get there, you dump it on the other guy's chest. And he makes the joke that we make big fuss about cryptography, and making sure its super strong when at the end points, this stuff is probably not well protected, unpatched Windows systems that anybody can break into. It's a funny joke, but you kind of get the idea. So one possible reason the hand-held authentication protocol hasn't been super successful may be that's known plain text. It may also be that it's virtually impossible for any of us to guess which types of protocols will make money, and which won't. So let's do a little quiz now, just to test our overall understanding of hand-held authentication. I think answer a is actually right, like one reason someone might be incline to do this. People flat out just might like have a little calculators, maybe we can see a resurgence of this protocol and certainly with software defined protocols on our mobiles. You might just see these sort of things pop up again, who knows? But I hope you enjoyed that little quiz. We will see you on our next video, where we will look at a protocol similar one that has made an enormous amount of money for a company. It's been deployed all over the world, I think probably close to a billion deployments. And it's very similar to this one, but a little different. So we'll see you in the next video.
