Data Integrity - How Hashing is used to ensure data isn't modified - HMAC - Cryptography
ฝัง
- เผยแพร่เมื่อ 7 ต.ค. 2024
- Data Integrity seeks to assure that data has not been modified in transit between a sender and receiver. This assurance is provided using a Hashing Algorithm... but not simply by itself, that leaves you open to an attacker modifying your message and re-calculating the digest. Instead, something else must be done in addition to Hashing.
In this video, we discuss that "something else". This will have us introduce the concept of a Message Authentication Code (MAC), and the most common implementation of a MAC known as the HMAC (Hash Based Message Authentication Code).
This lesson is a free sample lesson from the the most effective TLS and SSL training course ever created. No instructor rambling on about pointless stories. No slides with massive walls of text. No time wasting. Only simple, effective, and precise explanations. Complimented with practical illustrations and visuals.
🔐 More details about the course:
classes.pracne...
🏢 Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =)
💬 Join Practical Networking Discord
/ discord
🖧 Want to learn how how data moves through a network?
• Networking Fundamentals
Since you've made it to the bottom of the Description, here's a $100 off coupon code you can use on the full course =)
YT100
📣📣 *October Birthday Month Sale* 🎂🎂
✨🎇 *Promotion Price: $59* (Regular Price $297)
🎁🎁 Coupon Code: OctBDAY2024y
👉 More free lessons: th-cam.com/play/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY.html
The Best Teacher I've ever seen in my lifetime!💯😍
Thank you =)
Agree
this video basically explained to me what my entire 3h lecture was tryna say but failed horribly. TH-cam is crazy for educational videos like these!! thank you so much
I’m binging your vids this weekend. Your explanation of how ports work and why they exist was so clear and easy to grasp that I’ve been completely sucked down this rabbit hole of your videos. You’d be amazing at explaining how the Bitcoin network works.
Glad you've been enjoying the content, Eönwe =). Bitcoin (and related concepts) are on my list to talk through at some point. At the moment I'm trying to market my TLS course: classes.pracnet.net/courses/practical-tls
Thanks for the kind words =)
Thanks for these. These are Gold. I am seeing networking now with much a solid path to troubleshoot and know what really is happening!!!
Thank you for taking the time to explain this. I've almost given up understanding the concept. Most websites I read it got me more confused than I was. It's clearer now
If you are following the entire series, remember that he mentioned that Integrity and Authentication provide Non-repudiation as a byproduct. However, that principle does not work in this scenario. Why? Because in HMAC, the use of the same secret key eliminates non-repudiation. In order to achieve non-repudiation, the sender and receiver must use asymmetric keys (a different pair of keys for encryption and decryption).
💯
I was thinking of this very hard while working on my simple secure communication protocol project. Thank God I understand now
Hey man, I just want to thank you for uploading these videos, they have been of incredible help. There are a few videos out on TH-cam but honestly, yours are the only ones I can learn from, I'm an audiovisual learner so again Thank you!
Thanks for the kind words, Sergio. Glad you're getting so much from this content =). Cheers !
That's soo nice, great way to understand how important it's the data integrity in the modern world. Thank's to you I am beginning to get more into networking
Glad to hear it, Ili. Networking is a great skill to have.
Another great one. Teaching with passion and conviction. I am your believer. Thank you.
Thanks again, Azza =)
Awesome explanation👍 You're the best in making things simple. I can never stop watching your videos.
Thank you again, Ajay =). Cheers!
greatly explained 🙏
This is the definition of crystal clear, and an encouraging way to ultimately F with bahd guyz
Love it =). Glad you enjoyed it!
Thanks for explaning how hash works, hugs from Brazil!
You're welcome. Cheers!
Thank you. You have the best explanations on the subject. 🙏👍
Great video, thx for help, i am preparing for certification and yours video help me a lot.
Glad to hear it, happy to help! Good luck with the certification!
Thx for the best explanation I’ve seen in months. Helped me a lot. 🙂
Finally, know how it works from this video
WOhoo! =)
Thank you for providing this information, it is very helpful and well explained.
You're very welcome, Adelina. Glad you enjoyed it =)
I'm enjoying to see these videos,
Thanks a lot Ed,
Cheers, Hosein ! Glad you enjoyed them.
Yes thanks for this video
Pretty neat stuff. Thanks for sharing the videos.
Excellent and really useful. Really good content as usual.. Thank you so much !!!
You're very welcome, Nageswaro!
Thank you very much. Very understandable.
You are welcome!
Thanks just looking for this explanation
Happy to help
Great video as always. Thank you a lot🙏🏻❤️🌷
You're welcome!
Yes, I enjoyed it!!
This explains the "Key direction" parameter when an additional HMAC authentication is enabled during OpenVPN configuration.
Yep! Exactly. Can't do an HMAC without a Secret Key. If you aren't manually providing the key, then one has to be produced from an Asymmetric Encryption algorithm (which I'm releasing a video about next week!)
excellent!
Thank you !
Thank you
You're welcome
Very very good video.
excellent video
Thank you =)
beautiful thank you
You're welcome, Krislie.
man, thanks. really
Great explanation. I am interested in the Giveaway of this amazing course. Thanks..
Good luck! =)
Congratulations, you're a winner! Reach out to me on discord to claim free access to the course: pracnet.net/discord
@@PracticalNetworking Thank you so much for selecting me for the course.
Just awesome 😄 ❤️
Congratulations, you're a winner! Reach out to me on discord to claim free access to the course: pracnet.net/discord
@@PracticalNetworking please 🥺 cheak discord
@@pratikdhame Congrats again =). Hope you enjoy the course!
Hi thanks so much for this explanation!
Just one thing I’m struggling with, if hashing cannot be reversed, and we use hmac to send data securely, then how does the receive see the original text before hashing? Is two sets of the same data sent, one in plain text and the other hmac? Thanks so much
> Is two sets of the same data sent, one in plain text and the other hmac?
Yes! Exactly. Both the plain text message, and the HMAC digest are sent.
This provides *Integrity* but not *Confidentiality* -- see the other videos in this series to understand what I mean by that. Cheers =)
Why not just connect the message + its hash and encrypt it with a key. And then the recipient will decrypt it, cut off a certain number of bytes and compare them with the calculated hash from the juicy part of the file? So, even if an attacker intercepts the message, he will not be able to replace the hash because he can only calculate the hash from the encrypted message.
So are they different??The hashing algorithm and the HMAC???I mean we can use this or that ??Thanks alot.
Yes, they are different. You can do an HMAC with MD5, or with SHA1, or with SHA256, and so on. You can also do an HMAC, or a KMAC, or CMAC, etc...
The hashing algorithm is different & independent from the "method to combine hashing + secret key"
Is the key concatenated with the message or is the message encrypted with the same key? That is not clear.
For the sake of this video, we'll say the Key is concatenated with the video. But in reality, the HMAC operation is a little more complicated
In a real HMAC, the key is combined with the message multiple times. The real formula is listed in section 2 of RFC 2104: www.rfc-editor.org/rfc/rfc2104.html#section-2
Didn't got on how hmac will save the integrity of the message as key, message and digest all can be changed and receiver won't come to know.
The key is used to calculate the digest. The receiver is also using the key to calculate the digest.
An attacker in the middle can still change the message, but can not re-calculate a digest which the receiver will accept since the attacker can not combine the key with the modified message.
@@PracticalNetworking Thanks for quick reply, got it.
In layperson terms
The attacker can read the message
26,507 views Oct 4, 2021 Practical TLS - Free Lessons from my SSL Deep Dive training course
Data Integrity seeks to assure that data has not been modified in transit between a sender and receiver. This assurance is provided using a Hashing Algorithm... but not simply by itself, that leaves you open to an attacker modifying your message and re-calculating the digest. Instead, something else must be done in addition to Hashing.
In this video, we discuss that "something else". This will have us introduce the concept of a Message Authentication Code (MAC), and the most common implementation of a MAC known as the HMAC (Hash Based Message Authentication Code).
This lesson is a free sample lesson from the the most effective TLS and SSL training course ever created. No instructor rambling on about pointless stories. No slides with massive walls of text. No time wasting. Only simple, effective, and precise explanations. Complimented with practical illustrations and visuals.
🔐 More details about the course:
classes.pracnet.net/courses/p...
🏢 Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =)
💬 Join Practical Networking Discord
discord.com/invite/yrexngJ
🖧 Want to learn how how data moves through a network?
• Networking Fundam...
Since you've made it to the bottom of the Description, here's a $100 off coupon code you can use on the full course =)
YT100
Key moments
View all
Featured playlist
24 videos
Practical TLS - Free Lessons from my SSL Deep Dive training course
Practical Networking
Practical Networking
166K subscribers
Videos
About
11:42
Hashing, Hashing Algorithms, and Collisions - Cryptography - Practical TLS
by Practical Networking
33K views · 1 year ago
7:34
What is SSL & TLS ? What is HTTPS ? What is an SSL VPN? - Practical TLS
by Practical Networking
93K views · 2 years ago
5:15
How do SSL & TLS protect your Data? - Confidentiality, Integrity, Authentication - Practical TLS
by Practical Networking
38K views · 2 years ago
Practical TLS
Learn more about Practical TLS ty so much :)
Pinned by Practical Networking
@PracticalNetworking
1 year ago (edited)
📢 ANNOUNCEMENT: I'm adding 20+ new lessons to the Practical TLS course covering TLS 1.3.
💲 While creating the TLS 1.3 modules, I'm discounting my Practical TLS course to the lowest price I have ever offered until I finish.
📣 Coupon Code: PracticalTLS13 || Promotion Price: $49 (Regular Price $297)
👉 classes.pracnet.net/courses/practical-tls/buy?coupon=PracticalTLS13
The Course returns to full price as soon as I publish the final TLS 1.3 lesson. Don't wait too long. =)