WEBVTT 00:00.540 --> 00:06.660 Hashes are powerful powerful tools in fact they're so powerful that they're used in very very unique 00:06.660 --> 00:13.490 place known as a hash based Message Authentication Code that are known as an H mag. 00:13.620 --> 00:18.600 Now to understand why an H Mac exists let's consider a scenario. 00:18.600 --> 00:19.920 I've got two computers. 00:19.920 --> 00:25.440 Now these computers have already gone through an encryption process and they're doing symmetric encryption 00:25.440 --> 00:27.960 back and forth so they're sharing the same key. 00:27.960 --> 00:33.540 The problem we have is that it is potentially possible that a bad guy could get in the middle of this 00:33.810 --> 00:39.870 and mess up our communication in essence if we got Alice Allison Bob sending data back and forth they 00:39.870 --> 00:43.140 have the same key because they've gone through some authentication process. 00:43.170 --> 00:46.590 How do we know that they're still the same people they claim to be. 00:46.800 --> 00:49.510 And that's where Macs come into play. 00:49.650 --> 00:56.040 The idea of an H Mac is to take one individual packet and then add some information to the end of that 00:56.040 --> 00:56.660 packet. 00:56.790 --> 01:02.880 Now hashing is a trivial thing and if we were to take that one packet and hash it when it gets to the 01:02.880 --> 01:08.700 other person of course they would be able to say How ever that message was when it left that we got 01:08.700 --> 01:13.360 it in the same way by comparing hashes but an H Mac does something a little bit different. 01:13.440 --> 01:20.730 What an H.M.S. going to do is generate a hash but not just a hash of that message whatever's in there 01:20.940 --> 01:22.830 but it will actually use the key. 01:22.830 --> 01:28.710 So if Alice wants to generate an H-back what she'll do is she'll take that packet. 01:28.800 --> 01:33.000 She'll then go ahead and incorporate the key and then generate a hash. 01:33.000 --> 01:39.270 Now there's a big difference here in terms of just taking a message adding the key to the end and making 01:39.270 --> 01:44.760 a hash like that may actually use a much more complicated bit of math to make all this happen. 01:44.940 --> 01:49.730 And they have to because if they simply took the hash and added the key that guys could crack that over 01:49.730 --> 01:58.560 time so H-back is complicated but powerful and also very very quick and it is a great way to have more 01:58.560 --> 02:03.750 confidence that that packet is coming from that person because the only way you're going to be able 02:03.810 --> 02:07.130 to run the hash is that if you also have that key. 02:07.170 --> 02:09.740 So that is a great aspect of H-back. 02:09.780 --> 02:13.030 In fact I've got some H-back that we can actually do online. 02:13.050 --> 02:15.170 Let me show you an example right here. 02:15.240 --> 02:20.430 So to give you an example this is a wonderful little website called Free formatted dot com. 02:20.640 --> 02:22.620 Thanks guys for letting me be part of this. 02:22.700 --> 02:30.720 Anyway this is their Mac generator slash tester tool so what we can do here is we can type in some value 02:30.720 --> 02:31.880 whatever we want to type in here. 02:31.890 --> 02:39.210 This could be whatever is in our particular message but now we need to add some kind of secret key because 02:39.340 --> 02:41.250 Macs don't work by themselves. 02:41.370 --> 02:47.640 So we'll type in some kind of secret key and then we can generate a hash based on Mac protocols from 02:47.640 --> 02:50.110 a whole bunch of different ways to do this. 02:50.130 --> 02:55.150 So we're going to stick with something pretty common let's just do it old school empty five and can 02:55.380 --> 03:03.180 compute this and you can see that I have now generated an H Mac Value based on that message and that 03:03.180 --> 03:03.890 key. 03:04.110 --> 03:08.700 So that's really the power of Mac more than anything else. 03:08.820 --> 03:17.940 If I use Macs I have some way to be able to say the only way that I could get this message in the form 03:17.940 --> 03:21.920 that it is is if somebody else has my key. 03:21.990 --> 03:36.730 It's not a perfect tool but it gets us a lot closer to good security.