Data Integrity - How Hashing is used to ensure data isn't modified - HMAC - Cryptography

[Music] in the last video we talked about hashing and hashing algorithms and specifically we mentioned that a hashing algorithm is used to provide data integrity in this lesson i want to show you how that actually happens we're going to do that by simulating an example this blue user is going to have to send a message to this green user now recall that the concept of integrity or data integrity is detecting if a message was changed in transit that is the goal of data integrity and i'm going to show you how hashing is going to enable

that goal the way it works is when the sender has a message to send it's going to calculate a digest from that message it's going to put this message through a hashing algorithm something like md5 or sha-1 or such and such then it's going to send both the message and the digest to the other side the receiver is then going to independently calculate a digest from what was received and if these two digests are the same this tells us that the digest was not modified in transit that is a very high level and a simplistic

explanation of how hashing provides state integrity but there is a problem go ahead and pause the video and see if you can put together what you would do if you were an attacker in the middle and you were tasked with trying to modify this message before it got to the other side what would you do to get through this version of doing hashing to provide integrity go ahead pause the video right now see if you can put that together yourself hopefully you've come to realize that the problem with this implementation of hashing is that if

there is someone in the middle listening on the wire and that someone intercepted the message they could then change the message and recalculate the digest then send that along on the wire on the receiving side the receiver is calculating digest from the change message and comparing it to the modified digest so the receiver isn't going to know that it's accepting a modified message that's a problem that defeats integrity entirely so simply hashing the message is not enough we have to do something else that something else looks like this the way it works is before each

party can provide integrity on what they send to each other they must first establish a mutual secret key now this key is really just a string of ones and zeros it's sort of like some sort of password you could say and how they establish this mutual secret key in a secure way is a problem for another lesson for now just assume that they were able to establish secretly the same identical secret key now when the sender is going to send a message to the receiver the sender is going to combine the key with the message

to calculate the digest then the message plus the digest are going to be sent across the wire and the receiver who has the same key is going to again recalculate the digest on the key plus the message if these two digests are the same this actually proves two things the first is that the message was definitely not modified in transit that's the integrity property if the interceptor over here had intercepted that message and changed that message even if it had recalculated a digest since it didn't have this key it wouldn't be able to create a

digest with the morphed message that the receiver would accept the receiver is only going to accept a message if when combined with this key it produces the digest that is expected the second thing that is proved by doing integrity in this way is that the sender must have had the identical secret key this digest was created by combining this message with this key the only person that could have also created that digest must have had that key so by comparing these two digests this proves that the message was not modified in transit and that the

sender had the identical secret key this gives us authentication because we know the sender was the same person that i had established the mutual secret key with remember integrity and authentication are two of the three major purposes of ssl and here you see them both provided using this concept combining a message with a secret key this concept that we just discussed is known as a message authentication code it is the idea of combining both a message and a secret key when calculating the digest for the purpose of acquiring integrity and authentication for bulk data sent

across the wire now there's one thing we have to understand about max is that not only do both parties have to establish the same key they also have to agree upon a specific way of combining the message with the key to get the same digest for instance notice the sender here combine the key plus the message well what if our receiver had instead combined the message with the key that's going to produce a different digest and even though it is the correct message and the correct key since these digests are not the same the receiver

will never accept any messages so not only do both parties have to agree upon the same key they also have to agree upon the same way of combining the message with the key now the industry standard for how to implement a specific mac aka for how to combine a message with a key is called the hmac it's the hash based message authentication code and there's an rfc which specifies exactly how to combine the key with the message and that is how ssl tls provide data integrity now to recap these last few lessons a hashing algorithm

is an algorithm which takes as input a message and spits out as output a message digest whereas a mac or message authentication code is the concept of taking as input a message plus a secret key and producing a digest a specific implementation of hashing algorithms are the md5 protocol or the sha-1 protocol and a specific implementation of a message authentication code is the hmac or the hash based message notification code the key takeaway for these last few lessons is understanding the definition of a hashing algorithm a message authentication code and an hmac and that's it

for this lesson i hope you enjoyed this video i want to thank you for watching and we'll see you in the next one did you enjoy this lesson do you want to understand the rest of the ssl and tls ecosystem if so you'll want to check out my new course practical tls it's a comprehensive deep dive into the world of sl and tls designed to make you an sl expert regardless of where you are now this course is all you need to help you become the next ssl expert on your team or to help you

nail those job interview questions to learn more check out praknet.net tls or click the link in the description otherwise thank you for watching and we'll see you in the next video