1
00:00:00,210 --> 00:00:06,540
So in this video, let's try to look into what is encoding encryption and hashing mechanisms and how

2
00:00:06,540 --> 00:00:10,980
they can be useful to our password management in any application.

3
00:00:11,130 --> 00:00:16,620
So the very first, a basic approach that any application follow is encoding.

4
00:00:16,860 --> 00:00:22,850
So encoding is a process or mechanism, converting data from one form to another form.

5
00:00:22,920 --> 00:00:30,150
So there is nothing related to cryptography here, like they don't encrypt converting to some form where

6
00:00:30,150 --> 00:00:35,490
others can't understand it, just that they follow an algorithm like and we have a data one, two,

7
00:00:35,490 --> 00:00:36,120
three, four, five.

8
00:00:36,240 --> 00:00:42,960
So instead of sending plaintext out, which is a very simple way of understanding for users to understand

9
00:00:43,140 --> 00:00:50,940
who are intercepting requests, I may follow a process or algorithm that I will encoded to by releasing

10
00:00:50,940 --> 00:00:51,220
it.

11
00:00:51,240 --> 00:00:56,460
Like instead of sending one, two, three, four, five, I will send to my back in five, four, three,

12
00:00:56,460 --> 00:01:03,840
two, one and in the back and I'll have a logic or algorithm to reverse it again to see what is somewhat

13
00:01:03,870 --> 00:01:04,200
general.

14
00:01:04,800 --> 00:01:12,240
So this is one of the basic way of protecting your password or any information where you don't want

15
00:01:12,240 --> 00:01:16,710
anyone to read or understand without any effort.

16
00:01:17,040 --> 00:01:25,300
But encoding lacks all properties like it lacks confidentiality, integrity and authenticity.

17
00:01:25,680 --> 00:01:35,100
The reason is anyone can decode you're encoding request data that you and I may send some data password,

18
00:01:35,430 --> 00:01:41,120
but decoding it is very easy if someone knows that this is the encoding approach that I'm following.

19
00:01:41,370 --> 00:01:46,690
So encoding is a process where we can get data from one form to another form.

20
00:01:46,860 --> 00:01:53,730
That doesn't mean people can't understand what is my general text or plaintext that I initially sent

21
00:01:54,000 --> 00:01:59,590
so that there are good mechanisms for decoding and converting into your general text.

22
00:01:59,620 --> 00:02:08,009
So that's why encoding should not be used for securing data or any passwords that you don't want to

23
00:02:08,039 --> 00:02:09,960
expose for public.

24
00:02:10,320 --> 00:02:12,150
But we do use this encoding.

25
00:02:12,300 --> 00:02:19,080
So encoding we use mostly like converting data from one form to another form, like for compressing

26
00:02:19,080 --> 00:02:19,800
my data.

27
00:02:20,070 --> 00:02:26,340
Like I want to send a data to the backend, but instead of sending it original form, like an image

28
00:02:26,340 --> 00:02:33,370
or audio, I can proceed like into a binary format, which means I encode into a binary format and I

29
00:02:33,480 --> 00:02:38,640
send to back and and my backend will have a decoding mechanism to derive.

30
00:02:38,640 --> 00:02:47,030
That would, for most of the encoding that we have is base64 encoding Unicode ASCII and which usually

31
00:02:47,280 --> 00:02:55,290
Web application use for their Eurail parameters that they expose in the browser or sending any header

32
00:02:55,290 --> 00:02:57,520
information in history tips.

33
00:02:57,660 --> 00:03:02,780
So for all such requests or all such scenarios, we use encoding.

34
00:03:02,790 --> 00:03:11,400
But as our discussion encoding clearly is not eligible to maintain our passwords, it clearly can't

35
00:03:11,400 --> 00:03:17,910
protect our passwords from hackers or some unwanted people who want to try to access the passwords.

36
00:03:19,110 --> 00:03:27,150
So then let's look at the and I would say encryption is the next advanced question of encoding, because

37
00:03:27,270 --> 00:03:30,450
even in encryption, the reverse is possible.

38
00:03:30,660 --> 00:03:36,900
Like if I encrypted text, like one, two, three, four has been encrypted into some random encryption

39
00:03:36,900 --> 00:03:39,880
text while encrypting it, I use a key.

40
00:03:40,080 --> 00:03:43,530
So I may use any algorithm for that algorithm.

41
00:03:43,530 --> 00:03:51,760
I passing secret key, which my encryption algorithm uses to encrypt and who want to decrypt our versa

42
00:03:51,780 --> 00:03:53,880
to what they should know.

43
00:03:53,880 --> 00:03:55,780
The key that I used initially.

44
00:03:55,980 --> 00:04:03,080
So without the key, it is impossible almost to decrypt my encrypted value to the ordinary text.

45
00:04:03,450 --> 00:04:08,980
That means this is far better than encoding because encoding there is no secret.

46
00:04:09,150 --> 00:04:16,200
So if everyone knows, like what is the algorithm that I'm using, like base64 or ASCII Unicode, they

47
00:04:16,200 --> 00:04:17,370
can easily decode it.

48
00:04:17,370 --> 00:04:24,870
But here, even though they know my algorithm, they can't be corrupted because it is associated with

49
00:04:24,870 --> 00:04:26,070
their secret key.

50
00:04:26,280 --> 00:04:29,820
But again, in encryption, we have two different categories.

51
00:04:30,060 --> 00:04:33,090
One is symmetric and other one is asymmetric.

52
00:04:33,390 --> 00:04:35,800
It's symmetric encryption algorithm.

53
00:04:36,090 --> 00:04:42,000
A single secret key will be maintained by both parties, like whoever is encrypting at one site and

54
00:04:42,000 --> 00:04:47,160
whoever is taking that encryption data and try to decrypt it, they follow the same secret.

55
00:04:47,490 --> 00:04:55,860
So this you can use if you are sure that no one can misuse urogenital key in such scenarios, we can

56
00:04:55,860 --> 00:04:58,500
go to symmetric encryption.

57
00:04:58,630 --> 00:05:02,790
Suppose things like there are two backend applications are microsurgeons.

58
00:05:02,790 --> 00:05:09,060
They're trying to communicate with each other and one micro services is trying to encrypted and sent

59
00:05:09,060 --> 00:05:16,050
to the microcircuits to and microcircuits through with trying to decrypt it using the same key user

60
00:05:16,110 --> 00:05:17,520
by microcircuits do.

61
00:05:17,550 --> 00:05:23,910
In this scenario, if you own both Microsoft, which one and Microsoft Vista, then you are free to

62
00:05:23,910 --> 00:05:30,390
use the same secret because anyway's both Microsoft Services is maintained by the same organization

63
00:05:30,390 --> 00:05:34,980
of same web application and there is no harm of using the same secret.

64
00:05:35,280 --> 00:05:40,040
And as long as the key protector who should be good with this encryption mechanism.

65
00:05:40,290 --> 00:05:42,720
But again, here there is a problem.

66
00:05:42,930 --> 00:05:50,070
Whatever security measures that you can use, you have to store this key in some way, either in your

67
00:05:50,070 --> 00:05:55,740
environmental variables or a system variables or in some your external properties.

68
00:05:55,960 --> 00:05:59,330
There are several things can easily understand it.

69
00:05:59,400 --> 00:06:05,490
So if someone knows the key incarcerator means they can easily decrypt our passwords.

70
00:06:05,680 --> 00:06:11,080
That's why encryption symmetric approach also is not apt for our password management.

71
00:06:11,310 --> 00:06:14,550
Now let's look into the asymmetric encryption algorithm.

72
00:06:14,760 --> 00:06:18,510
So in asymmetric, what will happen is there'll be two keys.

73
00:06:18,510 --> 00:06:22,140
One is less public and the other one is less private.

74
00:06:22,560 --> 00:06:31,680
The person of the system which has publicly is responsible to use that and encrypted and publicly is

75
00:06:31,680 --> 00:06:32,970
accessible to anyone.

76
00:06:33,240 --> 00:06:39,960
Like, whenever I access any Web application or any website, you might be seeing History Tips, which

77
00:06:39,960 --> 00:06:43,730
is a SSL, are peerless certificates.

78
00:06:44,040 --> 00:06:51,060
So what are we see that green color in our browsers that indicate a public certificate installed on

79
00:06:51,060 --> 00:06:53,280
my browser for that Web site.

80
00:06:53,520 --> 00:07:01,830
But when I have my public certificate or public key on my browser, I can enter my username and credentials.

81
00:07:02,370 --> 00:07:07,540
They will be encrypted and be sent to the backend server which maintains that website.

82
00:07:07,950 --> 00:07:15,890
So my backend application will have a private key and only who has private key can decrypt the data.

83
00:07:16,110 --> 00:07:22,110
It is generally encrypted by a public so someone can copy or take my public.

84
00:07:22,110 --> 00:07:29,270
There is no harm because using public key you can only always encrypted data but can't decrypted in

85
00:07:29,280 --> 00:07:31,440
asymmetric encryption algorithms.

86
00:07:31,830 --> 00:07:36,500
So public and private key is responsible for encryption.

87
00:07:36,990 --> 00:07:43,680
But again, this has the same problem as symmetric encryption is who knows the private key that can

88
00:07:43,680 --> 00:07:48,580
easily be crypto data or password and they can hack your application.

89
00:07:48,870 --> 00:07:53,490
So again, encryption also is not suitable for password management.

90
00:07:53,790 --> 00:07:59,250
And the scenarios where you see encryption in our day to day basis is symmetric encryption.

91
00:07:59,250 --> 00:08:06,720
You can see whenever you try to store some secure data in your database, like credit card information

92
00:08:06,900 --> 00:08:14,490
or my sensitive information like data on my phone number, but not the password, because password is

93
00:08:14,730 --> 00:08:16,280
very sensitive in nature.

94
00:08:16,710 --> 00:08:18,400
And with that password, anyone at.

95
00:08:18,730 --> 00:08:27,340
Your application, and similarly in asymmetric encryption, it is used in tailor security's VPN stretch,

96
00:08:27,610 --> 00:08:32,690
where two different parties maintain different keys, which is public and private.

97
00:08:33,159 --> 00:08:36,220
The reason that why we are not maintaining the same keys.

98
00:08:36,520 --> 00:08:42,120
There are two different parties and I'm of the application and I maintain parity.

99
00:08:42,429 --> 00:08:49,180
I'm not sure whether the other third party will maintain the same secrecy towards me.

100
00:08:49,900 --> 00:08:53,480
That's why I will never share my private key to anyone.

101
00:08:53,770 --> 00:08:58,120
Instead, I will give a public key to them using which they can encrypt.

102
00:08:58,270 --> 00:09:05,580
And whoever has the private key associated to the public, you only can decrypt that information.

103
00:09:05,830 --> 00:09:13,180
But again, as we discuss, encryption is not suitable for password management, then what is suitable?

104
00:09:13,540 --> 00:09:14,850
Let's look at the hasheem.

105
00:09:15,340 --> 00:09:21,220
Like we discussed, even in the encoding and encryption, the reverse is possible.

106
00:09:21,490 --> 00:09:28,690
Like someone knows the key are encoding algorithm that can easily reverse to my genetic text that I

107
00:09:28,690 --> 00:09:31,330
have stored in the database are sent over.

108
00:09:31,990 --> 00:09:40,630
But caching is a powerful algorithm and a mechanism and a process where it hashes whatever input that

109
00:09:40,630 --> 00:09:47,040
you give, it will hashes using a hashing function and it is not reversible.

110
00:09:47,080 --> 00:09:55,180
That means once you generated a hash out of a string and you have a hash inside your database and stored

111
00:09:55,180 --> 00:10:00,080
it, no one can reverse it and see the original text.

112
00:10:00,100 --> 00:10:01,390
That's the beauty of hash.

113
00:10:02,110 --> 00:10:05,710
But you can see how that a switch can be compared.

114
00:10:06,130 --> 00:10:11,950
Think of a scenario very first time the user entered his password by whilst at that time I generate

115
00:10:11,950 --> 00:10:15,100
a hash password and vegetables.

116
00:10:15,370 --> 00:10:22,330
No, even Tomizawa Observer can see that encrypted hashing text inside the database.

117
00:10:22,340 --> 00:10:28,930
It's useless for him because he can't reverse it to see the original text next time the user is trying

118
00:10:28,930 --> 00:10:34,580
to login into the Web application using the password associated to him.

119
00:10:34,990 --> 00:10:36,640
So now he entered the same password.

120
00:10:36,640 --> 00:10:37,660
One, two, three, four, five.

121
00:10:38,290 --> 00:10:46,270
So now my application will try to generate a hash out of it and it will try to compare the hash that

122
00:10:46,270 --> 00:10:52,540
was stored in their database and the hash that we have in our hand based upon what user entering the

123
00:10:52,540 --> 00:10:52,900
browser.

124
00:10:53,290 --> 00:10:59,230
If both hashes matches, then that means the password is simple.

125
00:10:59,890 --> 00:11:06,010
There is a very good chance is the hash of the board what we stored in the database and what we received

126
00:11:06,010 --> 00:11:06,940
from the user.

127
00:11:07,330 --> 00:11:09,910
But the same text can look different.

128
00:11:10,120 --> 00:11:16,510
But their hash value, which used to be the hashing mechanism, will be same that way.

129
00:11:16,750 --> 00:11:24,070
When they try to compare the hash of the same text, they will always return the both hash or matches,

130
00:11:24,400 --> 00:11:27,930
which indicates that these are from the same text again.

131
00:11:28,330 --> 00:11:33,330
So that means hash and can be leveraged for our password management.

132
00:11:33,910 --> 00:11:40,540
And one of the other approaches that you can always see for caching in the Web is in most of the website.

133
00:11:40,540 --> 00:11:47,230
When you try to download the files or software terms, they'll give you a checksum associated to that

134
00:11:47,230 --> 00:11:47,540
file.

135
00:11:48,310 --> 00:11:55,300
That means this is a hash based upon the content that we have on the file and who are downloaded and

136
00:11:55,720 --> 00:12:01,690
make sure after download it in the process of downloading from the network, No.

137
00:12:01,690 --> 00:12:08,540
One, change the data and it we can always rely on the hashing function to generate the hash and compare

138
00:12:08,540 --> 00:12:11,710
with the what it has that I provided on the website.

139
00:12:12,010 --> 00:12:18,940
So that will tell you, OK, there is no change of data and what additional and what I learned or saying.

140
00:12:19,750 --> 00:12:26,950
So now it's very clear encoding and encryption to they have scenarios where we can leverage them, but

141
00:12:26,950 --> 00:12:30,210
they are clearly losers in terms of password management.

142
00:12:30,670 --> 00:12:34,980
The clear winner here during password management is harshing.

143
00:12:35,170 --> 00:12:42,100
The reason is there is no way for users to reverse it and see the original text.

144
00:12:42,730 --> 00:12:44,500
I hope you are understanding this.

145
00:12:44,980 --> 00:12:50,100
Let's try to understand in the next video with the hashing out big security works.

146
00:12:50,110 --> 00:12:50,890
Thank you by.