WEBVTT

0
00:01.700 --> 00:07.460
In this lecture we'll talk about the applications of hash algorithms.

1
00:07.460 --> 00:11.640
You'll find hashes in many areas of computer science.

2
00:11.860 --> 00:13.210
Hashes are everywhere.

3
00:13.230 --> 00:20.930
They're a critical part of password systems, digital signatures, security certificates, blockchain technology, 

4
00:21.260 --> 00:26.950
or even how the ATM of your bank verifies the PIN of your credit card

5
00:27.080 --> 00:36.140
when you want to withdraw some cash. Let's see the most useful use-cases! Cryptographic hash functions

6
00:36.380 --> 00:41.750
are very commonly used in password verification. For security reasons

7
00:41.770 --> 00:50.240
password are not stored in clear text. If an attacker was to break into the system and steal the file or

8
00:50.240 --> 00:53.450
the database where passwords are stored,

9
00:53.450 --> 01:01.850
the attacker could then access each user account. A more secure way to store a password is to transform

10
01:01.850 --> 01:08.600
it into data that cannot be converted back into the original password and this is exactly what

11
01:08.600 --> 01:17.710
hashing does; so instead of saving the clear text password the system will calculate its hash and store

12
01:17.800 --> 01:18.730
that hash.

13
01:18.790 --> 01:27.000
This is how Linux, Windows, databases and all other web applications work. Let's see

14
01:27.000 --> 01:31.130
the contents of etc/shadow.

15
01:31.280 --> 01:34.230
Let's take a look at this line.

16
01:34.250 --> 01:43.470
This is the saved hash of the password of user Kali. No one can find out what is its password. By

17
01:43.470 --> 01:44.030
the way

18
01:44.070 --> 01:50.790
there is another dedicated lecture where I have explained in great detail how the Linux systems stores

19
01:50.820 --> 01:57.470
the user's passwords. I'd recommend you to watch that video as well. Okay!

20
01:57.480 --> 02:03.540
Later when the user wants to authenticate he will enter his clear text password.

21
02:03.870 --> 02:12.540
The system will immediately calculate the hash of the entered password and compare it to the hash saved

22
02:12.660 --> 02:17.190
in the password file; if the hashes are equal

23
02:17.190 --> 02:21.390
it means that the user has entered the correct password.

24
02:21.630 --> 02:30.330
Remember that each input, in this case password, has its own unique hash which is deterministic. A wrong

25
02:30.380 --> 02:33.120
password would have given another hash.

26
02:36.160 --> 02:42.400
Sometimes the password is combined to another piece of random data called salt.

27
02:42.460 --> 02:51.070
In this example this is the salt and hashed altogether. Due to rainbow tables hashing alone is not sufficient

28
02:51.130 --> 02:54.760
to protect passwords for mass exploitation.

29
02:54.800 --> 03:01.690
There is another section on rainbow tables and I recommend you to watch those videos as well.

30
03:02.720 --> 03:10.880
Let's move on and talk about File Integrity. Hashing is also used to verify the integrity of a file after

31
03:10.880 --> 03:18.170
it has been transferred from one place to another. When downloading an important document,

32
03:18.170 --> 03:25.760
new software or when updating existing one you want to ensure that your installation is safe, unaltered

33
03:26.060 --> 03:29.820
and from a reputable source. Let's 

34
03:29.820 --> 03:35.190
imagine you want to install a new Linux distribution on your computer.

35
03:35.190 --> 03:43.930
Normally you go and download data from a mirror which is an  http server closer to you geographically.

36
03:43.990 --> 03:50.710
It would be easy for a malicious entity to modify the installation kit so that it contains exploits

37
03:50.950 --> 03:56.230
or malware and host it unofficially. To prevent this issue

38
03:56.380 --> 04:03.730
you'll generate the hash or checksum of your downloaded ISO file and verify that it matches the

39
04:03.730 --> 04:06.300
hash published on the official website.

40
04:07.960 --> 04:17.170
In this example with Kali Linux - this hash. If the hashes are equal it confirms the ISO file hasn't

41
04:17.170 --> 04:20.020
been tampered with or corrupted.

42
04:20.020 --> 04:24.670
But if they are not equal it means your downloaded images

43
04:24.670 --> 04:27.400
integrity is compromised.

44
04:27.400 --> 04:31.500
Maybe it was corrupted during the download process.

45
04:31.570 --> 04:38.970
Remember that if a single bit is different in your downloaded file the file has a different hash than

46
04:39.040 --> 04:44.390
the one calculated by the development team and published online.

47
04:46.500 --> 04:49.530
Let me show you how this works!

48
04:49.540 --> 04:57.510
I've already downloaded CentOS 8 boot ISO file and I want to check its integrity.

49
04:57.780 --> 04:59.310
It's on my desktop.

50
04:59.370 --> 05:08.600
This is the file! I want to be sure that the file hasn't been tampered with or corrupted. 

51
05:08.600 --> 05:10.430
Cenos.org has listed 

52
05:10.430 --> 05:16.340
checksum information via https in the release notes for each software release.

53
05:17.550 --> 05:20.350
My release is  8.1911 

54
05:20.400 --> 05:30.410
and this is the web page for that release. I will calculated the sha256 hash of the downloaded

55
05:30.410 --> 05:34.220
file and then compare the hash to the one published online.

56
05:34.880 --> 05:41.900
If they are the same I have verified the integrity of the ISO file and they can install it without any

57
05:41.900 --> 05:42.510
risk.

58
05:43.390 --> 05:53.960
Sha256sum and the file! it's calculating the hash!Okay.

59
05:54.010 --> 06:00.440
This is the hash; let's check it against the hash published online.

60
06:07.110 --> 06:07.630
Okay.

61
06:07.650 --> 06:13.320
It starts with 7fea13202bf and so on

62
06:19.040 --> 06:28.490
It's the same hash! Another application of hashes is the process of digital signing! Hashing is a critical

63
06:28.490 --> 06:31.520
component of the digital signing process.

64
06:31.520 --> 06:38.960
In fact the digital signature of a file is the hash of the file encrypted with the private key of the

65
06:38.960 --> 06:41.250
one that signs.

66
06:41.340 --> 06:45.210
Let's take a look at the digital certificate of Google.com.

67
06:49.430 --> 07:01.940
We see that the certificate authority signed it by using the same sha256 and RSA algorithms. The last

68
07:01.940 --> 07:03.620
application of hashes

69
07:03.620 --> 07:12.090
I'm gonna talk about in this lecture is related to data structures of programming languages Python dictionaries

70
07:12.180 --> 07:17.460
and sets or go maps are implemented as hash tables.

71
07:17.580 --> 07:19.810
We won't go deeper into it now.

72
07:19.890 --> 07:25.390
You should only know that they provide constant time look up and insertion time on average.