6.4 Hashes

00:00

Hello, everybody. And welcome to the I T Security episode number to any three petro graphic cash is my name is 100 Gina. And now begin instructor for today's session.

00:13

Uh, learning operatives is to understand and be able to identify the man concepts off cryptographic *** cash functions.

00:22

Well, we have here, and Bob and Alice,

00:31

and they're trying to exchange message. You know, again, Well, strident. Say hello

00:39

to always.

00:42

But this time he doesn't care if the message is confidential or not. We're not dealing with confidentiality in this scenario. What, Bubs, what boat is most most concerned with is that hey wants to make sure that the message he send was the message. All this received

01:00

it, Meaning that if he says hello to to to Ali's,

01:06

it doesn't get modified in the way and if somehow say, uh,

01:11

I don't know

01:12

goodbye

01:15

or something like that.

01:18

Uh, so, uh,

01:19

for that hashes comes into play. Hushes, you know, are just algorithms used to calculate a value

01:30

in order to send value along with the original message to the receiver. So the receiver king go through the same process and calculate calculate the exact same value, bypassing the message he or she received through the same algorithm,

01:49

son, hashes algorithm will do a lot. But you know, the most used When are the shot shot shot? Finally, which will be

02:00

so on

02:01

two,

02:04

you know, she atresia five and also the MD five family

02:09

MD five

02:12

and, you know, and before empty six which all of them are already. You know something? Most of the empty five family or the empty family is replicated already. We're going to shut too, And above

02:25

No, shut you the most. Use one right now, Taiwan is still being used. But, you know, we're making my rating to shut Shut you and above.

02:37

So let's just shot 2 56 for this example. So, uh, Bob here came and passed the hello message to raise that. These right here,

02:50

uh, both came here and pass the hello message to, um

02:54

ah, a shot to algorithm.

02:59

Shots to 56

03:00

and result waas. You know, hash function, which included, you know, um

03:07

a B C 12 tree that that

03:14

from this house function is sent to always

03:16

along with the really original message.

03:21

So, as you can see, we're not dealing. If the bad guy again comes into play right here again, his mind

03:29

no and intercepts this message right here, he will be able to see the below a message. It doesn't matter if it intercepts the hash right here, but if it intercepts the original message, you know he will be able to see the message itself.

03:46

So we're not dealing with confidentiality when we talk about hashes.

03:51

Also, as you can see, well, let's not get ahead of ourselves and finally know finalized explanation. So Ali's right here receives both messages. You know, the hello message

04:05

right here. And he also received the hash. You know, a

04:10

BC once you treat that

04:13

and

04:14

what she does next is to pass this message through the same algorithm, remember shar

04:25

2 56

04:27

And it has to calculate the exact same message, which at the same time, the exact same hash. I'm sorry, which is ABC Want to treat that that if it doesn't calculate and for some reason, Ali's. After passing hello through the same algorithm which in this case is shot to 56

04:46

calculates a B C 12 tree dot Hi, uh slash

04:55

Uh, this is not the same message. Us, Um

05:00

that's it was intended by above.

05:02

Maybe she received instead of hello, Shoots it goodbye. And that's why she's calculating a different Molly, which is right here. So this means that the message somewhere along the communication are, you know, the Internet or the path of communication. The message changed,

05:20

meaning that the integrity of the message is compromised. S o the receiver can no longer trust in the message itself. Maybe was corrupt because park it was lost in during the transit. Or maybe because some someone is this guy right here modified the message intently

05:40

or, you know, because he wanted to

05:42

actually confused the receiver. But, you know, things were using hash is where

05:47

weren't guaranteed it, the integrity of the messages. So if anything changes were about now the problem with with hash is the main problem is is collision,

05:58

uh, meaning that maybe the hello world

06:01

and also that goodbye

06:04

or

06:06

generate the same the same hush volume. So what will happen if

06:15

for some reason, but wants to say hello are Chu Tu Tu Alice and Sense You know the world right here. Since the world and said it passes through the algorithm. Just trap shaft to 56. And it generates this this hash message So it sends this both of this information,

06:33

but somewhere along the way, this guy right here

06:36

changes the message into goodbye instead of hello. But it happens that the algorithm, which is in this case a shock to 56 generates the exact same hash from a different message. In this case, it generates ABC want to treat that that from me, but and also from hello.

06:56

This is called a collision in terms of hashes.

07:00

So when we have a collision, there is a problem because

07:03

at the end were generated through the same hash from two different, uh, sources are two different clear text. So, as you can imagine, ah, good practices to use

07:18

in data basis when we were safe, for example, in access control. When I'm trying to authenticate as in user to a database, I put my clear text spas work,

07:30

uh, maybe in the in the weapons. But, you know, the white *** Southwark hash is the buzzword and incense, the possible over the wire. So what it travels the Internet is actually hush, not the power itself

07:46

salted but their own. Although it is safe here in the Dallas

07:50

are the hash. Is this in case you know, either that the hash is compromised? You know the body's compromise off the transit or when the data is in Brest arrest, meaning that it's someone compromises the database, it will take only the hash is not that clear Decks, passwords.

08:07

But what will happen if my past work in a different buzz word, which is easiest or, you know, you miss your password to guests.

08:15

They both generate the same the same hush. I will be a problem because someone with a different buzz word or a different body will be able to actually authenticate with with my user. You know, that's a problem. This is This is actually, uh, well, now, Belin ability in the hash is which is the further than that,

08:35

uh, this is basically that a group of 23 individuals are joining to 23 users.

08:41

Is required rich the probability off 50% that you know, two people Within this tuning, three users will share share the same birthday. So we put together 23 people. There's a 50% chance. Is that two of them? Sure. Same birthday

08:58

on the probability richest 100%

09:01

when the number of people eyes a 367.

09:05

So this is a from a problem that you know, bird. The attack

09:11

meaning that to have to hash is can be generated. I mean, I'm sorry. One cash could be generated from two different till you're next.

09:20

How many keys are used in a hash function? Well, none. As we said before, this is an algorithm, nor a key. We're not looking for encryption. We're looking for integrity. And we can do that only by using on our

09:33

If you calculate a different hash Baalu value. What does it is, man? It means that the charity was compromised and the message was changed.

09:43

What is the birthday attack? Well, it means this'll is, Ah, statistical attack. You know where it attacks the probability off to different to your text messages generate. The same hash function has value, which is a collision.

10:01

In today's brief lecture, we talk about the main concept off cryptographic hash functions

10:09

again, the fix publication, nothing you hear.