Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,300 --> 00:00:06,480 Welcome to the lecture on hashing and digital signatures, two widely used techniques in cyber security. 2 00:00:07,320 --> 00:00:08,570 Let's start with hashing. 3 00:00:09,210 --> 00:00:14,460 So what happens in hashing is that you provide an input or a document to a one way hashing function, 4 00:00:14,910 --> 00:00:20,390 which basically generates a fixed sized message digest or a summary as the output. 5 00:00:21,240 --> 00:00:26,520 Now, the key point to understand here is that you can provide a document of any size. 6 00:00:26,520 --> 00:00:33,030 It can be small, it can be big, but the output size or the message digest size would remain fixed. 7 00:00:34,410 --> 00:00:40,140 Another important point to understand about hashing functions is that they are one-way. So if I give you the 8 00:00:40,140 --> 00:00:46,140 message digest, it is impossible for you to reverse the hash function and obtain the original document. 9 00:00:46,380 --> 00:00:50,090 In fact, this property of hash functions is of critical importance. 10 00:00:50,100 --> 00:00:56,640 It should be impossible to recover the original data or the original file by reversing the hash function. 11 00:00:57,120 --> 00:01:03,300 Another important point to understand about hashing is that if you provide two different input documents, 12 00:01:03,540 --> 00:01:10,000 it should lead to different hashes, which means that different inputs should lead to different outputs. 13 00:01:10,230 --> 00:01:15,150 And if this does not happen, for example, if you provide two different types of documents or input 14 00:01:15,150 --> 00:01:21,660 data and they lead to the same message digest, then we say that we have a collision and hashing functions 15 00:01:21,660 --> 00:01:23,850 which cause collisions are considered poor. 16 00:01:25,310 --> 00:01:28,920 A major application of hashing is in ensuring file integrity. 17 00:01:29,270 --> 00:01:30,560 Let's see how this works. 18 00:01:31,220 --> 00:01:33,220 So let's say you have a source with the file. 19 00:01:33,960 --> 00:01:39,410 So what the source does is that it passes the file through a one-Way hash function and calculates the 20 00:01:39,410 --> 00:01:41,450 hash and stores it along with the file. 21 00:01:42,920 --> 00:01:50,600 Now a user goes ahead and downloads the file and its corresponding hash, and now the user recalculates 22 00:01:50,600 --> 00:01:53,480 the hash of the downloaded file independently. 23 00:01:55,990 --> 00:02:03,010 In the next step, the user compares the downloaded hash with the hash that it has calculated independently. 24 00:02:03,670 --> 00:02:05,340 The two hashes must match. 25 00:02:06,070 --> 00:02:12,220 If the two don't match, then it means that the file has been compromised and the integrity can no longer 26 00:02:12,220 --> 00:02:12,930 be trusted. 27 00:02:13,960 --> 00:02:19,990 Another major use of hashing is in digital signatures. So just like their counterparts, digital 28 00:02:19,990 --> 00:02:26,290 signatures provide authenticity of a message, which means that if someone has digitally signed a document 29 00:02:26,290 --> 00:02:31,510 or data, then they are giving the assurance that that data or file is, in fact, coming from them. 30 00:02:31,960 --> 00:02:35,880 Let's see how digital signatures actually work and how they leverage hashing. 31 00:02:37,070 --> 00:02:42,770 So there is a source with the file, what the source does is that it calculates the hash of the file 32 00:02:43,520 --> 00:02:47,440 and then the source signs that hash using his private key. 33 00:02:48,530 --> 00:02:52,010 And then this signed hash is stored along with the file. 34 00:02:52,460 --> 00:02:56,160 Now, please note that this hash is not visible as plaintext. 35 00:02:56,450 --> 00:03:01,210 It has been encrypted or signed with the private key of the user. 36 00:03:01,520 --> 00:03:06,830 And we call it a digital signature because only the source has access to the private key and nobody 37 00:03:06,830 --> 00:03:10,010 else in the world can encrypt the data using source's 38 00:03:10,010 --> 00:03:10,660 private key. 39 00:03:12,330 --> 00:03:19,140 So now the user downloads the file, as well as the signed hash, and the user recalculates the hash of the 40 00:03:19,140 --> 00:03:25,590 downloaded file independently. Now the user also has access to the public key of the source, and he 41 00:03:25,590 --> 00:03:28,510 decrypts the signed hash using the public key. 42 00:03:28,830 --> 00:03:35,580 So the only way this hash could be decrypted was if this was signed by the private key of the source. 43 00:03:35,940 --> 00:03:38,550 And that's why we use the public key to decrypt it. 44 00:03:38,550 --> 00:03:39,270 And it worked. 45 00:03:39,990 --> 00:03:42,570 So this is the basic principle of public cryptography. 46 00:03:42,810 --> 00:03:48,300 Anything which is encrypted with private key can only be decrypted with the public key and vice versa. 47 00:03:48,990 --> 00:03:54,900 So now the user has obtained the unencrypted or the plain text hash and he has also recalculated the 48 00:03:54,900 --> 00:03:55,940 hash on his own. 49 00:03:56,580 --> 00:04:02,250 So the last step, the user compares the two hashes and if the two match, then it means the digital 50 00:04:02,250 --> 00:04:05,940 signature is valid and this file actually came from the sender. 51 00:04:06,810 --> 00:04:12,240 However, if there is any difference, then this means either the file has changed or somebody has tried 52 00:04:12,240 --> 00:04:15,060 to modify the contents of the signed hash. 53 00:04:15,330 --> 00:04:21,600 In either case, the authenticity is violated and we can be sure, that this was encrypted by the source 54 00:04:21,600 --> 00:04:27,240 because only private key can be used to encrypt data which is subsequently decrypted by the public. 55 00:04:27,990 --> 00:04:32,400 So just like their counterparts, digital signatures provide authenticity. 56 00:04:32,790 --> 00:04:39,240 What it means is that if someone digitally signed a document or data, then they are giving assurance 57 00:04:39,240 --> 00:04:42,540 that this data or this file is in fact coming from them. 58 00:04:44,000 --> 00:04:50,030 A digital signature is always done using the private key and the corresponding public key is distributed 59 00:04:50,030 --> 00:04:51,330 to thousands of users. 60 00:04:51,770 --> 00:04:57,290 So we are again leveraging the concepts of public key cryptography in which you sign using your private 61 00:04:57,290 --> 00:05:02,830 key or you encrypt using your private key, and then you distribute it publicly to the public at large 62 00:05:02,990 --> 00:05:05,810 and they can decrypt your message using your public key. 63 00:05:07,490 --> 00:05:13,730 Confidentiality can additionally be added by encrypting the entire file, using the private key in addition 64 00:05:13,730 --> 00:05:14,330 to the hash. 65 00:05:15,990 --> 00:05:22,170 Some popular hashing solutions include MD5 - the message digest algorithm, which always creates 66 00:05:22,170 --> 00:05:26,410 128-bit fixed sized output hashes regardless of the input. 67 00:05:27,120 --> 00:05:32,100 However, in some instances, MD5 five has been shown to suffer from collisions. 68 00:05:32,580 --> 00:05:36,630 What this means is that for two different inputs, it generates the same message 69 00:05:36,630 --> 00:05:37,800 digest or the hash. 70 00:05:38,880 --> 00:05:45,480 We also have SHA - the secure hash algorithm now SHA-1 is known to be weak, and is no longer 71 00:05:45,480 --> 00:05:45,900 used. 72 00:05:46,500 --> 00:05:50,170 However, for SHA-2, we have different outputs available. 73 00:05:50,460 --> 00:05:54,980 We have SHA-224, 256, 384 and 512. 74 00:05:55,650 --> 00:05:59,430 So these numbers represent the size of the hash output. 75 00:06:00,550 --> 00:06:01,780 This concludes our lecture. 76 00:06:01,810 --> 00:06:03,070 I'll see you in the next one. 8382