If you've been following along on my videos, you should be pretty comfortable with a lot of different encryption algorithms that we use in today's IT world. What I want to do now is take these algorithms and actually plug them into the real world to see real protocols and real applications that use a s or RSA or whatever it might be. Now, before we do that, I want to make sure you're comfortable with something. When we talk about networking and technology today, we're pretty much talking about the world of TCP IP, and the internet as a whole. So when we're doing encryption, we're usually talking about the internet and everything on the internet runs on top of TCP IP. Now that's important, because TCP IP and the internet really kind of predate encryption, the whole world of TCP IP and what eventually became the internet was invented by a bunch of arguably hippies.
I'd like you guys are nice hippies, but they never really thought about encryption or security or anything like that it was open and free man, it was all cool. Well, the first time somebody logged into eBay to buy a pair of sneakers suddenly motivated us to get into the world of encryption. Now, encryption predates the World Wide Web. But the important thing I need you to get in your head right now is that we had all kinds of applications out there, email, the web telnet, all kinds of stuff out there that really didn't have encryption. So we spent a lot of the 80s and 90s. And we still do it today, taking unencrypted applications and either completely rewriting them so that they are encryption capable, or inventing protocols that we slid under unencrypted applications to make them secure.
So the best place to start is to understand a very, very famous encrypted protocol called SSH. Now to give you an idea what's happening here, I've got my little laptop appears running an SSH server called free sshd wonderful free SSH server. And over here on my main machine, I'm running the very popular putty program. putty is a client for all kinds of stuff. But in this case, we're going to be running putty as an SSH client and connecting to this guy. So let's watch all this in action.
So to connect to my SSH, I'm going to go ahead and use good old putty here. Everybody knows about putty. If you don't know about putty, you should. So what I need to do is just type in the IP address of the machine I want to connect to. Now I want you to look very carefully here you see I've typed in an IP address, it uses Port 22. That's an SSH port.
And you'll notice that putty can do all kinds of other connections. But in this case, I want to do SSH. So I have SSH, clicked on radio button. So I hit open. Now the first thing I want you to notice is right here, this is a standard function of SSH SSH. Has the server first pass you his.
It's really they call it a certificate, but it's really just a key. And this particular key is going to be used to make the initial key exchange so that we can go ahead and start sending each other encrypted data. So if we take a look at this, I'm going to go ahead and say yes. And if I want to, I can go ahead and log in. Now I'm going to skip the login for right now, not because I don't want to log in, but because I want to show you how we set all this up within an encrypted application like SSH. So let me bring it back up.
Now, I'm not even going to bother connecting right now, what I want you to do is look down here, do you see where it says SSH? These are the settings for SSH. Now first of all, we're going to have a key exchange. Remember the bottom line here is that on almost any encrypted application or protocol, number one, you do some kind of key exchange, so everybody gets a symmetric key, and then you use a symmetric key to send all your encoded data and SSH. Certainly works just like that. Now if you'll take a look, there are three different kinds of diffie Hellman here.
Don't worry about the different kinds just know that it's got three different ways to do diffie Hellman. And then it has RSA. So what you're looking at here is the order by which this particular client wants to do the key exchange. And that order is important because that is a order of preference. So this is how the client will talk to the server to actually decide how they're going to do the key exchange. Next down here is the cipher.
So once the key exchange is done, what kind of encryption Do you want to use? Now? You'll notice up here at the top, it says A Yes, a yes is the big standard and that's the one we would expect to see at the top. But then it goes down, it could use blowfish, or it could use triple Dez or it could use arc for which I never even heard of before. And then Dez so this is how SSH negotiates all of the things we need to do in order to go ahead and make a connection. Now, to watch this in action, what we really need to do is head over to my laptop, because what we're going to do is light up the SSH server.
And let me show you the SSH server has basically the same type of functions. So this is what free SSH looks like when it's running. So right now I'm running an SSH server. It does other stuff. But I'm not interested in talking about it right now, what I am interested in is a few of the things in here, for example, now on authentication, I could just use a password if I wanted to. But I also have this key authentication.
And right now it says that that's allowed because that's the main way I like to use this. Now once that takes place, though, I need to set an encryption. So on the server side, you'll see he has a list of encryptions that he likes to connect to. So SSH is a secure application. The actual algorithms are built into SSH. So what will take place is when these guys connect to each other, the clients going to say, oh, here are the like the ways I like to connect, and the server is going to go, Well, here's the ways I like to connect.
And then the client will make a decision based on its pecking order, how the actual connection takes place. And from there, everything else is completely transparent. So the key exchange is transparent, the actual symmetric key which is then established, and all the data is encrypted via symmetric and it works beautifully. So SSH is kind of unique, though, because it is an application that has built encryption into it. Now, a lot of other things we do on the internet don't work quite the same way. And probably one of the best examples of that would be good old HTTP.
Now, when you connect to a web page, the webpage itself by default is not encrypted. So what we do is we use a protocol called Transport Layer Security or TLS, which actually acts as an intermediary between the web page And our individual web browser and acts as an intermediary that does all the encryption. So what will happen is we build these protocols into our web servers and to our web clients to make that work. Now, what's actually cool about TLS is that TLS was invented for websites. However, TLS, because of the way it works can work with a lot of other applications. So TLS by itself is not an application.
It's just a protocol. And we plug it into our different types of applications to make it all work. In fact, TLS is so pretty, that I can't repeat what I just did with SSH for you within TLS because it's designed to be very, very robust. What I'm going to do instead In fact, I've already set up a capture is I opened up a web page to my total sem.com but to a secure, I did HTTPS and I use good old Wireshark to make a case So what I'm going to do now is just open up the Wireshark capture, so you can see the results. Okay, so what I've done here is, these are the results of me going to HTTPS, colon, whack whack www dot total seven.com. And this is the entire initial HTTPS connection that took place.
Now, if you don't know how to use Wireshark, to do stuff like this, well, you need to learn how to use Wireshark. But what's actually kind of cool, here's us take a quick look now 192 168 four dot 21 is my computer over here. And 75 dot 126 dot 29 dot 106 is the secure total sem comm website. So you'll see here's my computer saying Hello, hello, hello. So we get the initial connection going. Now, that's all done under TCP.
But now I want you to look right here. Do you see where it says TLS. When we say TLS, like you see right there, what we're doing is in essence making another connection, but this time, we're saying Hey man, I want to do TLS. So let's start talking. So if you look really, really carefully in here, you can see exactly what types of connections that this client wants to use. So here's a elliptic curve.
There's some different types of hashes it wants to use. There's all kinds of information in here that the client uses to establish that secure connection. So in this particular case, he's going to be using RSA because I know how my web server set up. And then once that's set up, it'll be using eight Yes, as the actual symmetric encryption. So you can even see on the other side. Here's where the server talks back.
And you can see that he's already setting up an encryption to begin the conversation to allow these two different devices to talk. Now, the cool part to all this is that every secure connection that happens on the internet is either going to be an encrypted application like SSH, where it's kind of built into the application itself. Or it's going to be using a protocol right now. TLS is the stuff TLS. And we have whole other episodes that are going to go into TLS in more detail. But for right now, understand that if you want to be encrypted on the internet, you're not going to be writing your own algorithms.
What you're going to be doing is you're going to be using applications that have their own built in security ready to go, or you're going to be taking advantage of powerful protocols that pretty much make the entire encryption process completely invisible to you and me