Hash algorithms are what we would call one-way encryption. The point of a hash algorithm is to take any length of information, a five character password, or a two gigabyte thumb drive, or a 10 terabyte file system, or storage, or whatever, run it through the same hash algorithm and get vastly different results. But the result that gets spit out is not the length of the password or the two terabyte file, it's a standard length depending on what algorithm we use, whether we use message digest five, or SHA-1, or SHA-2, or the modern SHA-3 standard. We produce a data of a set size from a message of any size, small, large, regardless, we consider this a fingerprint of that message. You can use this to validate that your operating system's core library files have not been tampered with by a virus, by doing a hash of an operating system that's working or an dispersed installation, you can later on run the same algorithm again and produce a signature or a fingerprint, and if the fingerprint matches the original, it hasn't been tampered with. Take a two terabyte file, change this one-bit and that two terabyte file, and you should get a vastly different hash algorithm, or a vastly different hash output. It enables people to detect a change in whatever you ran the hash on. Think of it as you're going to mail a lamp on eBay, you take a picture of it, email it to the recipient, and then you mail the lamp. When the lamp shows up exactly as the picture, everybody knows that the lamp has not been tampered with, or hasn't been touched or broken or swapped out in transit. That is basically it. Take your Seifert or your regular clear tax, run it through a hash algorithm and you end up with this short little hash. What happens to the message? Well, you just send the message along with it as well. The message is not encrypted or protected in that sense, it's run through an algorithm, just produce a hash, but the original message, the original email, the original file, still remains unencrypted in transit. This means that if Mallory, or eavesdropper, sees the message, they'll be able to read it, but they can't tamper with it, because if they tamper with it, they're not going to be able to reproduce the original hash that was sent with it. How do parties communicate with symmetric keys? Symmetric keys we just use to secure communication when we are entrusting, when the lines of communication are untrusted. Take your wireless, your wireless radio is broadcasted to your neighbors, people sit next to you, anybody can capture those frames, that's an insecure communication channel, and insecure medium that you are sending bits on. It's a good idea to encrypt it. With wire communication, we often don't encrypt because we trust the cable. Should we trust the cable? That's debatable, but we typically don't encrypt on that cable, so score one for wireless. Issues of overhead and need to be set up in advance. Another reason that you might not bother with encrypting everywhere is if it's just the hassle, like with guests users that are just going to surf the web anyway, you restrict their bandwidth, block him from insecure websites, and otherwise, let them look at Facebook, or whatever they want to do. In that sense we don't bother to encrypt, because the same key you're using to encrypt with WPA and WPA2, the good guys have it alongside the bad guys, and the bad guy is once they have the key, can pretty easily reverse engineer what everyone else is doing anyway. If you have a key to your house and you handed out to everybody on the street, whether you like them or not, why you lock in your door? That's the view. With employees, we trust the employee and we deliver with 802.1X authentication individual keys per user that are rotated on a regular basis. But with pre-shared keys, at least to WPA2, not really necessary if you just have desk traffic and to begin with. With WPA3 will look at OWE and simultaneous authentication equals, some fancy terms that we'd like to throw on WPA3. I'll explain what those are. They allow us to encrypt even if you are sitting right next to a bad guy, and they have the same pre-shared key, they're not going to be able to decrypt your traffic. In this video, we looked at hashing algorithms, and we looked at how parties communicate with symmetric keys. In the next video, we're going to look at Diffie-Hellman as a secure key exchange and some recommended algorithms going into the future to protect your networks against the threat of quantum computing and next generation hackers. That's it for this one, I'll see you in the next video.
