Hashing for Integrity

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Now we'll talk about hashing,
00:00
checksums and message digests.
00:00
We've just talked about how we get
00:00
privacy through asymmetric cryptography.
00:00
We said that if we encrypt data
00:00
with the receivers public key,
00:00
we'll be able to send the message across the network,
00:00
and that private key is
00:00
the only thing that can be decrypt it.
00:00
But we also said that we need things like
00:00
authenticity and integrity and non-repudiation.
00:00
Here we'll talk a little bit
00:00
about how we can get integrity.
00:00
One way we can do that is through hashing.
00:00
Hashes can also be referred to as
00:00
checksums or message digests.
00:00
Any of those terms can be used interchangeably.
00:00
Let's say I'm sending you a message
00:00
across the network, or the Internet,
00:00
or across a private line,
00:00
and let's say that connection is really unreliable.
00:00
It has a lot of interference and drop
00:00
packets and a lot of issues.
00:00
I want to make sure that you know,
00:00
what I sent you across the network hasn't
00:00
>> been corrupted.
00:00
>> That's exactly the purpose of hashing,
00:00
to detect unintentional modification like corruption.
00:00
Before I send you the message,
00:00
let's say that I determined
00:00
the numeric value for every character in the message.
00:00
For example, in the word hello,
00:00
The H is the eighth letter of the alphabet,
00:00
and the E is the fifth letter,
00:00
and the L is the 12th letter and so forth.
00:00
I'm going to take
00:00
all the numeric values and add them all together,
00:00
and then I'll put that value at the bottom of
00:00
the message, that's my hash.
00:00
In this case, if the message is hello,
00:00
then the value is 52.
00:00
I send the message to you,
00:00
your software does the same process,
00:00
adds up the numeric value
00:00
for every letter in the message,
00:00
and when you come up with the number 52,
00:00
then your software makes a reasonable assumption
00:00
that the message has not been modified.
00:00
Now, I realize that this is a weak idea of a hash,
00:00
but I'm just giving you this as an example so
00:00
you can understand how a hash works.
00:00
In reality, the hash would be more robust.
00:00
One thing to note about the hash and any hash,
00:00
is that it uses one-way math.
00:00
Hashes don't use keys
00:00
and they aren't symmetric or asymmetric.
00:00
The only reason I've included hashing here with
00:00
asymmetric cryptography is that we're
00:00
going to combine it with asymmetric cryptography
00:00
in a few minutes to get an additional service.
00:00
But I want you to know that a hash's magic
00:00
is a one-way nature of the math.
00:00
It's easy to take all these
00:00
numbers and add them together.
00:00
But if you look at the result,
00:00
you can't use that to reverse it.
00:00
If the message is encrypted
00:00
and all you saw was the number 52,
00:00
you couldn't say for sure that the message was Hello.
00:00
Again, my hash is nowhere near
00:00
the sophistication of a real hash.
00:00
Real hashes have a fixed length
00:00
>> for the hash themselves.
00:00
>> For example, MD-5 always creates a 128-bit hash,
00:00
regardless of how long your message is.
00:00
SHA-1 creates a 160 bit hash
00:00
and SHA-2 can create a 256-bit,
00:00
384-bit, 512-bit, 1024-bit hashes.
00:00
Make sure you know those hash bit links for the test,
00:00
SHA Secure Hashing Algorithm.
00:00
There are also other hashes called
00:00
HAVAL, TIGER and RIPEMD.
00:00
I don't think they will be on the test,
00:00
but at least know that they are hashes.
00:00
These days SHA-2 with
00:00
a 256-bit hash is the one people use the most.
00:00
Now with hashes, I'm going to get
00:00
a guarantee that the message has
00:00
not changed since it was sent.
00:00
But one problem can occur,
00:00
which is called a collision.
00:00
Its possible for two different documents
00:00
to produce the same hash.
00:00
When we see a collision,
00:00
we see that the hashing algorithm is broken.
00:00
But its very rare for a hash to cause a collision.
00:00
We look for hashes to be collision-resistant.
00:00
Now, a birthday attack
00:00
is an attempt to cause collisions.
00:00
Its based on the idea that it's going to
00:00
be incredibly difficult for you to
00:00
look at a hash and produce
00:00
a document that matches that hash.
00:00
You shouldn't be able to reverse a hash,
00:00
but the birthday attack says if you have
00:00
enough documents that you are comparing,
00:00
you might just find two documents
00:00
whose hashes happen to match,
00:00
its like saying, I'd rather be lucky than smart.
00:00
Just a quick wrap up with the hashes,
00:00
they're here to protect integrity and confirm that
00:00
a message hasn't been modified after being sent.
00:00
However, there is the possibility of
00:00
a collision where two documents produce the same hash,
00:00
but those are incredibly unlikely.
Up Next