HomeОбразованиеRelated VideosMore From: Computerphile

Hashing Algorithms and Security - Computerphile

12626 ratings | 765283 views
Audible free book: http://www.audible.com/computerphile Hashing Algorithms are used to ensure file authenticity, but how secure are they and why do they keep changing? Tom Scott hashes it out. More from Tom Scott: http://www.youtube.com/user/enyay and https://twitter.com/tomscott http://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Pigeon Sound Effects courtesy of http://www.freesfx.co.uk/ Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: http://bit.ly/bradychannels
Html code for embedding videos on your blog
Text Comments (365)
Tan Vorn (2 months ago)
So is it possible for two or more different document to generate the same hash?
Calder Johnson (2 months ago)
Hello I am from future, yes sha1 is broken.
Sparrow (2 months ago)
4:20 I'm still using MD to this day. oh wait.
RadekG G (3 months ago)
1:58 - it should be different? it's just nice to have, hence the pigeon stuff. "Should" is not a word you can use in a definition.
Zachary Perkins (3 months ago)
But what if you you 2 hashes? so i send a file, and it generates a 2 hashes using 2 different algorithms? Surely that lowers the chances of hash collisions astronomically.
Jen Wilson (4 months ago)
Thanks so much for this video! Really enjoyed it and made me better at my job.
Riley Griffin (5 months ago)
Theres someone outside your window at 2:08 o.o
Bogomil Gospodinov (8 months ago)
nobody uses md5 without a salt to store password in a db, so a lot of that is exaggerated
killwize (10 months ago)
Google broke SHA-1 and told everyone on Feb 23, 2017.
Mike Suarez (10 months ago)
Permission to go to a banana
Big Nasty (10 months ago)
James talked about it on Numberphile video number 1 on 11.11.11.
Its_me_Bonniee (11 months ago)
Awesome!! Very clear, thanks! :)
xev790 (11 months ago)
all your hashes are belong to us
Nice Trade (1 year ago)
interesting now we have Blockchain :^)
Robin Östringer (1 year ago)
3:41 actual moonlanding footage of 1969 (colorized)
Juan Contreras (1 year ago)
hash codes on websites offering a download are also used to make sure the download went well and nothing got corrupted (or involuntarily changed by a machine error or noise)
Ajai .A (1 year ago)
Thank you!
David (1 year ago)
I know this is super old but I always thought it was funny that Kali offered the hash for the exact same reason that you mentioned.
Uniform Health (1 year ago)
how vulnerable is bitcoin vs lite coin to hash collisions
Fun Monkey (1 year ago)
Almost there guys! Almost got that golden play button! 😀
Mehdi Bounya (1 year ago)
6:46 I think the hash is not used to verify that the file wasn't manipulated, but just to verify that the file is not damaged.
Matthew N (1 year ago)
I reckon they should make a video explaining the difference between checksums and hashes.
Thành Bùi (1 year ago)
Does anyone know What important requirement must a hash function fulfill?
Jiany Star Massa vich (1 year ago)
Awesome vid
Gradyn Wursten (1 year ago)
SHA1 has been broken, sha256 is the standard
Gaurav Raj Ghimire (1 year ago)
4 years after this video was made... sha1 has been broken
Gummans Gubbe (1 year ago)
And as people is getting poorer and poorer and governments are getting richer we will have this already?
Sakata Samig (1 year ago)
Wish computerphile was my computing teacher.
Michael Murphy (1 year ago)
I thought the verification hash offered by those websites was just to check that you got a complete successful download.
Akshay Aradhya (1 year ago)
What does a fingerprint have to do with hashing ?
Ashton Pinch (1 year ago)
RIP SHA1. 1995-2017
Yasser Alshalaan (2 years ago)
SHA1 officially broken by Google today lol
bbsonjohn (2 years ago)
SHA1 is broken - February 23, 2017
Hany Heggy (2 years ago)
it is very useful
May (2 years ago)
🍌
May (2 years ago)
the moon shaped like a banana 3:45
Ryan0911 (2 years ago)
1:34 Isn't that the first 6 digits of pi?
Christopher Butler (2 years ago)
Just realized the opening title card says "<computerphile>" and the end title says "</computerphile>"....
Dilip Tien (2 years ago)
3:51 how is the rocket appearing behind the moon? The rest of the moon is still there
tan8_197 (2 years ago)
The moon shaped like a banana
Divya Kk (2 years ago)
This was a very nice video..My first comment on any video on youtube !
H32 (2 years ago)
THANKS SO SO MUCH!!!!!!!!!!!!!!
Hacking (2 years ago)
if hacker stole hashing algorithm from server what will happen do he is capable to get passwords
invalidusername (2 years ago)
It's still fine to use md5 for hashing passwords as long as you salt them
Michael Bellerue (2 years ago)
7:06 Heeeey look at that! Someone gets it! And 3 years before the Linux Mint fiasco. Well done.
Harish Bisht (3 years ago)
Permission to go to moon :))))))
hal (3 years ago)
"if you have 50 pigeons into 25 pigeon holes, you have to stuff 2 of the pigeons into 1 of the holes"
Timur Sultanov (3 years ago)
Well I always thought that hash was there on those download sites for protection against network glitches rather than hacker attacks...
Mars (3 years ago)
Very clear, no bullshit introduction to skip. Right to the core. Thanks a lot.
Skippy the Magnificent (3 years ago)
3:51 I like how the Moon is banana-shaped...
Riad Ahmed (3 years ago)
DNA
jony4real (3 years ago)
7:55 Like if you remember the time when everyone used cassette tapes!
Kahr Kunne (3 years ago)
Giving the hash for a file is not intended to look "safe", at least I've never seen a site like that. Mostly when it's used it's to verify that your file didn't corrupt while downloading, which could be problematic if it's, say, a bootable disk file.
Jaime Dantas (3 years ago)
Excellent video!
Brak (3 years ago)
uh ssh1 has been broken wait 2013 oh lol.
LauritzT (3 years ago)
SHA1*. SSH is a secure shell.
redesigned (3 years ago)
When using hashes for file or packet verification, wouldn't using multiple hash types on the same file/packet and comparing all the hash types applied provide much greater reliability? The chances of multiple hash types having overlapping collisions is infinitesimally small with just 2 hash types let alone more. Thanks for the great videos!
Jacob H (3 years ago)
Since when is the moon shaped like a banana?
Justin Garofolo (3 years ago)
if my md5 key is like a randomly generated string of 3000 characters and numbers, will that highly decrease the chance of something else hash collision it?
Yoshis Vids (3 years ago)
Damn Tom, I'm amazed from your knowledge in every video of yours I watch here and on your personal channel, would love if you could recommend some good books/ resources other then this and your personal channel.
Skrapion (3 years ago)
The hash for file downloads is usually used by open source projects, where the executable may be mirrored by countless universities which the software author doesn't have control over. In such a case, it certainly is *not* trivial to compromise both locations.
Dave Lillethun (3 years ago)
+Skrapion However, executable hashes are easily manipulated because you can always pad the file with some extra bits that affect the hash but are never actually executed. So if you have a weak hash like MD5 then it's relatively easy (-ish) to make a malicious executable file with the same hash. Of course if you have a good, secure hash like SHA-2 (so far!) then they only way to figure out what bits to use for padding is to try it, check the hash, and keep trying until something matches - i.e., brute force. This takes an impractical amount of time to do, though, as long as they hashing algorithm isn't *too* fast (as Tom mentioned). Of course this is a different argument. You're talking about whether you can trust the posted hash value to be correct or forged (which would be a problem no matter how secure your hash algorithm is). I'm talking about if the posted hash value is correct, but the hash algorithm itself is weak... The only thing I'd say to your point is, how many people actually cross-check the posted hash against an independently run mirror/fork? If you do, then I'm sure you're in the minority. ;)
urbex2007 (3 years ago)
How do you verify the hash of a file on Windows?  It's not very easy is it? GCHQ in the UK routinely intercept people downloading files and send ones that have been tampered with.  They did this in 2013 to people using the Tor Project site.  When people requested the Tor Browser Bundle they sent their own modified version hoping to monitor people using that network.  It was only ever picked up by McAfee as it did something to trigger it.  They do it on other sites like BoingBoing and target people using LiveLeak.  Nothing is safe any more now we are all spied on!
xenontesla122 (3 years ago)
3:41 That's an… interesting rocket.
Rakesh P Gopal (3 years ago)
The software or file download that has the hash along with it is actually secure. Provided they sign the hash. That is they run RSA on the hash using the Private key of the company. So, nobody can change the hash. If they should change the hash, they need the private key of the company.
Rakesh P Gopal (3 years ago)
+Indhu Bharathi Agreed. Using HTTPS is a simpler idea, given that it's popular and has many easily available implementations.
Indu Bharathi (3 years ago)
Or share the hash on a company owned HTTPS server while file download could be provided using plain http mirrors. If the file format supports signing, that is better. Like signing an exe.
Eric Taylor (3 years ago)
4:10 Could this be used for, say instead of changing the name of the next lunar astronaut, which MAY get you on the fast track but probably won't. (after all they are bound to notice you are grossly unqualified for such a mission) but instead manipulate  troop moment orders in Pakistan. If I could get 6 or seven armor battalions to suddenly be ordered to the India- Pakistan border, well that's bound to get India to respond, which could begin a chain of events that ends in nuclear war. Even if it is discovered that it was fake orders that started it, it might go out of control before it could be stopped.
Eric Taylor (3 years ago)
+moog500 I'm talking about making a deliberate hash collision, so that the order seems genuine but it isn't.
moog500 (3 years ago)
+Eric Taylor what are you even saying mate
Ambrus Sümegi (3 years ago)
Writing hashes next to download buttons has never been intended to ensure that the software isn't maliciously altered. It's for people with crappy connections who want to make sure everything got through as intended.
andu alem (3 years ago)
wow good explanation but i have this Q one of my boy ask me the  *. How i can Write a program that integers 1 to 20 to a binary search tree. Assume the root node is created with       value 10. **  Assume the data structure: StructNode{ Int value; Node*next;         };       Node *head=NULL;  Assume also that there is a value 10 in the linked list.Write a code that deletes a node with this value.Consider all the following cases: a. The node is at the head b. The node is at the middle c. The node is at the end Show less
Seth Mitchell (3 years ago)
Can you just use multiple quick-cycle hashes, or is that just a really stupid, poorly thought out idea some runon-sentence-using, highly-allergic teenager types out on a poorly-constructed desktop computer in their bedroom at an hour far beyond his or her bedtime while under the influence of one of many mind-altering substances that exist in the world today?
Kim (3 years ago)
If I make a hash algorithm in PHP or JS, how do I hide that algorithm securely from users? I could make a kind of secure hash algorithm, but that is useless if everyone can just read the instructions
123sendodo (3 years ago)
Just watched "Youtube doesn't know your password" on Tom's Channel... Now it's the same guy talking about similar stuff on another channel... I'm confused.
Kim (3 years ago)
+123sendodo He was a special guest at Computerphile
Przemek Kołowski (4 years ago)
I thought hashes for files on websites (like Microsoft Windows ISO images) are used for you to verify that your download did not corrupt the file.
Liam Coleman (4 years ago)
would a root hash be too slow
Numberphile: BOARING Computerphile: OMG DIS IZ DA BEST THING EVA
Surfurplex (4 years ago)
Sometimes webistes deny a password reset since the new password is "too similar" to the old one. How do they know this is all they have is a hash?
Ryan Crosby (3 years ago)
If it's the same password, they can tell because the previous password hash will be the same as the current hash. If it's "too similar", it is possible that they have stored other information about the password (eg length), although most likely they have just stored it in a form that is convertible to plain text which is really quite bad.
mincrmatt12 (4 years ago)
well, then run!
Djane Rey Mabelin (4 years ago)
do a video about rainbow tables
Green Brain Seaside (4 years ago)
How about lastpass, how secure is their method of storage & managing passwords
Anders (4 years ago)
Question... Suppose my system stored both the MD5 and SHA1 hashes of an input X.  Individually, MD5 and SHA1 are broken.  But is it possible to construct a separate input Y which matches both the md5 and sha1 hashes of input X?
John Undefined (4 years ago)
It depends on what you're trying to guard against.  If all you are worried about is that a few bits may be garbled in transmission, then a simple, fast algorithm will work great.  If you are worried that an attacker might deliberately modify your file en route, *then* collision resistance becomes imperative.
Cestarian Inhabitant (4 years ago)
Where's that next video about how hashing should be used?
amihart (4 years ago)
I was always told that hashing passwords was the safest way to do it, because you never actually store the original password in the server, so it can't be stolen.
foobargorch (4 years ago)
Huh? in that video he's talking about what's wrong with naive password storage schemes. in this video he mentioned he would make a followup video and provided oversimplified advice about not doing it yourself, which is what the OP was asking about. No need to be so condescending, you could actually try and read the conversation first, and instead of namedropping a bunch of algorithms realize that the meat of the discussion is about the cryptographic protocol around it, and that that is precisely what he's talking about in the other video and what Amelia was asking about. Seeing your other comments on this subject I would think twice about dispensing advice, I'll give you the benefit of the doubt and assume you're just trolling, but you really seem to have no clue.
Jake Sylvestre (4 years ago)
+foobargorch Yeah hes not talking about password storage
Jake Sylvestre (4 years ago)
+bedo1100 md5 is no longer safe for passwords. Use SHA
PsyKzz (4 years ago)
Pretty much yes, the problem we have today is hackers have 'hashed' every combination you can think of, so they already know all the combinations. Websites can combat this with what is called a salt. Simple they add a word in a fixed position to every password to increase strength. Example 'password1' => j5k32b5k, with the salt it would be 'facebook:password1' => jkb43g5. This was just an example. Salts like passwords can be completely unique. ( A good rule of thumb. Make your passwords a combination of words, like 'batteryhorsestaple' its easy to remember hard to guess and will take hackers years. 
Jake Sylvestre (4 years ago)
Yeah but use salts preferably bcrypt
McGeias (4 years ago)
Uhm,... Nice spaceship design lol.
Kuekenschublade (4 years ago)
Why can I see through the moon? o.O
Dreamcast Mods (4 years ago)
Ha, we used MD5 Hash on my last project. That entire company is broken though. 
trdi (4 years ago)
I wonder if he had watched Gattaca to come up with that Moon permission example.
JJ ceo (4 years ago)
I love this channel! How did I not find it sooner?
sisibu (4 years ago)
Why wasn't I subscribed to this channel before? Love the way you explain. 
Lynchy Craft (4 years ago)
OMFG at 1.55 look at the windows some one there!!!
christian luciani (4 years ago)
Good video but that he seems to misunderstand that last bit regarding websites providing checksums. They're not providing a checksum as a guarantee that the file is what it claims to be; instead, it's for verifying that the file was downloaded correctly, as downloading 100mb+ files in the browser is quite unreliable.
kiwiguy46 (4 years ago)
Re: MD5 I recently got taught how to change my Admin password for WordPress in phpMyAdmin  and when I paste in the new password I select MD5 to encrypt it. Is that a waste of time? Should I choose a different option than MD5 in the drop down list?
Achraf Almouloudi (4 years ago)
Please let me explain something: Download websites doesn't use MD5 hash verification to guarantee that the file hasn't been changed by a hacker from their server, they know that if a hacker could've did that, then why he couldn't change the hash as well! The hash is only used to check whether there wasn't any network error while downloading the file that flipped or deleted some bits from the file, essentially corrupting it. This is especially important and widely used when downloading OS images (those things are large, take time to download, thus are vulnerable to network corruption) or when downloading files using the Torrent protocol, which downloads the file as chunks then the client glues them together again, so it's a check whether the network or the client didn't miss any piece of the file.
Michael Blake (4 years ago)
Is he actually using IE?
Rogue Packets (4 years ago)
You know, I've been thinking: Why haven't we switched to gallium phosphide for our CPU and GPU yet? I'm well aware that the material is inappropriate for FET's at the moment, that it is expensive, but I don't get why we can't just switch back to BJT's in order to accommodate the new material- surely TTL is adequate for the modern integrated circuit! PS: I just looked at the pertinent Wikipedia pages more closely, and it turns out they're experimenting with aluminium oxide for this stuff.
D. Schreiber (4 years ago)
I was disappointed in not learning, at least in some general way, how a hash is generated.
riskinhos (4 years ago)
I've been seeing all the videos. hope you talk about salting hashing in the future tkx. really loving this videos.
Leigh Shryock (4 years ago)
You can use hashes when you're distributing a file through various mirrors - you have some confidence that the version on your site is clean, but to ensure that the version on others' sites match your own, you use the hash to verify.
The_Catman (4 years ago)
You seem to be mistaken in the purpose of providing md5 hashes with file downloads to ensure authenticity, it's not to prove that the file you downloaded hasn't been maliciously tampered with as you've suggested. They exist only to verify that the file you downloaded was not corrupted in the download process, which can happen sometimes.
Jared xywyyw (4 years ago)
Does this mean that Bitcoin will become obsolete when computers become fast enough to make SHA256 obsolete
Ashley Meah (5 years ago)
How do people crack MD5? They encypt a, and store the resulls. They then encrypt b and store the results. Now they have programs/ servers whatever to run this and post the results to a websites database. Then the rest is just a search, When you enter the md5 string to decypt the just compare it with what else is in the database. Some algorithms where made to be decypted to get the original data, MD5 was not. There is no way to get the databack unless you do above as far as i am aware.  Speed isnt as much as an issue as you think, When i was a newb i used to just reencypt the encyption a certain amount of times. Stupid idea, but does work kinda. For each encyption adds more chance that the hash will not be in the database. If one of those hashes are not there they can not keep decypting it to get the original password. Way it works, when you register for a website with a password, They encypt your password and then store the encyption, no the password itself. When you login it encypts it agian and compares them to make sure it matches. This way, if someone did get access to the database they only know the hash, not there original password. Each website should be using different hashes and such so if they did use the same password on every site, you might not know from just looking at the hashses.
Daniel Watson (5 years ago)
1:35 pi!
Whoa - neo (5 years ago)
I thought they wrote the hash for 2 reasons, 1. To make sure the mirrors arent tweaked or 2. to avoid bit errors (where a 1 goes to 0 or vice versa) caused by physical factors. Doesn't happen too often now a days though.
Valenminbari (5 years ago)
There's one thing this guy surprisingly didn't think of. What if someone has changed the hash of the file in the website and the file on the website itself in say the past week. If someone checked the cache of the website on google from a month ago they'd be able to see that in theory they're supposed to be the same file and since they have different hashes they now know that something malicious has occurred.

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.