Hashing, Digital Certificates and Digital Signatures

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course and this video we're to talk through hashing digital signatures,
00:05
and we'll also talk about some different hashing algorithms. Will, uh, talk a little bit About what? PK iess. We'll learn what that stands for, and we're also gonna talk about digital certificates.
00:17
So what is hashing? Well, hashing is basically just a one way mathematical function, and so it's a fixed length. So I put in my password, for example, and depending on the hash algorithm, I use, for example, MD five or shot to 56 or 5 12, it'll produce a fixed length of output.
00:34
And, as you see depicted here is gonna be a bunch of random letters and numbers.
00:39
This allows us to prove the integrity or at least should prove the integrity of a file, for example, so a lot of times when you go to update your software, you'll see when you go to the website to download, it will also have the hash calculation of the file. So if you download a file, you performer hash on it and it doesn't match up to that calculation,
00:58
you can be assured that that file has been altered in some way,
01:02
so you probably don't want to go ahead and install it.
01:03
But if the calculation matches up, if the hash matches up to what's on the website, then it's more than likely that that file has not been tampered with and it's safe to use.
01:15
So some hashing algorithms are MD five
01:18
Shot to
01:19
Shaw three and Blake, three is another one. So let's talk about those a little more so empty five or the Message Digest algorithm. It's been around for a while. This one produces 128 but output
01:32
32 digit hex number shot 2 to 24 bit output and actually several different outputs. The most common ones are gonna be 2 56 and 5 12,
01:42
and then shot three uses what's called sponge construction. So basically it does during of the initial bits, and then the output blocks read an alternative in alternated
01:53
um,
01:53
with the State transformations.
01:57
And then finally we have Blake three. So this one's a single algorithm. Hey uses what's called a Merkel tree,
02:02
and it's
02:04
designed for speed, so it's fast. It's not
02:08
adopted very well, right? There's some organizations that use it. But it's not, um, or it's not a prevalent one that you'll see out there. You're more likely to she, like, shot two or shot three and use or even MD five in some instances,
02:23
All right, so this is an example of P. K. I or public key infrastructure. And so what happens here is that the user requests a certificate
02:31
and it goes to the registration authority. So that request goes here. The registration authority validates who that user identity actually is right and says, Yes, this is a legitimate request. The R A then sends out requests to the certificate authority to create the user certificate and also the keys that will be needed.
02:51
And then the CIA creates a certificate and sends it to the user. They send basically a copy of it to the user.
02:58
Then that certificate could be sent to the other user. So let's just say, for example, this user. This initial user is Jack, right? So Jack gets validated by the certificate authority. Then Jack goes ahead and sends it to Susie Q. So Susie Q.
03:13
Reaches out to the certificate authority and says, Hey, is this a valid certificate? that I've gotten from Jack, right?
03:17
Right.
03:19
And the certificate authority says yes, that is Jack is legitimate. We verified who Jack is. That is a valid certificate. So then Susie knows Susie Q knows that it's okay to use a certificate.
03:32
So let's talk about our digital certificates for a moment. So the key things that you'll want to know for the CH exam of what's contained with a digital certificate it's usually version, uh, serial number subject algorithm. I'd the issue where the validates. So what date
03:50
was it's basically signed. And how long is it good for? What are the dates, right?
03:53
Andi, if you're not familiar with any of that stuff, just go, uh, to most of the software applications that you can download, or the ones that are installed on your windows machine on your Mac or whatever. And look at the security certificate in place. You can also go to a website
04:08
and look for the A. C. T. P s and then open up that certificate and just look at the validates to get a better visual understanding of what that might look like.
04:17
Also, key usage is another one as well,
04:21
so our digital signature. So why do we care about this? Well, I want to validate that a file actually came from someone else, right? So if someone sending me a file, I wanna make sure it was really that person that sent the file to me. So in advance, what I can do is is we can create a common
04:40
body of knowledge, right? So basically using a key or password,
04:44
we can say, Okay, we know that this is gonna be the public or the shared information for this particular file, right? So we know that this will unlock the file. So we've got that common shared key, and basically, this allows me to validate that the file itself has not been altered in any way that it actually came
05:02
from. That source we talked about earlier
05:04
with hashing right hashing algorithm. So let's have a website and I provide software updates for the application that I that you're buying for me, right? That you're you're running this application for me.
05:16
So you come to my website to get the updated version of it.
05:19
You see that? I've done a hash on the file.
05:23
You download that file, you do your own hash with that same hashing algorithm, right? So, for example, if I hashed with MD five, you wouldn't go ahead and hash it on your end with Shah two or something, right? Or it doesn't make any sense because you're you're hash is gonna obviously gonna be different than mine. But if we use the same hashing algorithm
05:42
and you get to say and you get a different result, then you know the files been altered.
05:46
But if you get the same result as me using the same hashing algorithm, then you know that the file has not been altered and it's safe to use.
05:55
So that's what the digital signature does for us, right? It validates that this file was is actually unaltered. That is actually the file that we're looking for and that there's integrity with the data inside the file.
06:06
Quick quiz question here for you, which hashing algorithm offers 128 but output.
06:12
So I'm gonna be shot. Three empty five or Blake.
06:17
All right, so if you just empty five, you are correct.
06:20
So in this video, we just took a high level overview of what hashing is. We talked about some different hashing algorithms. We also talked about what p k. I s so again public key infrastructure. We also talked about digital certificates like why? What they are, what we actually care about as well as what a digital signature is.
Up Next