Do you agree with me? Hopefully this answers questions about Hashcat and other stuff mentioned in the comments :)

I think a lot of people confuse hashing and encryption

If it was possible to get the original data, hash would be the best file compressor of all times 😅

I think you should also mention that if the hashes matches it doesnt mean that you got the original input. Hash collisions are inevitable if you allow hashing of bigger data than the size of the hash. (pigeon hole principle)

For added hash security, you could salt the hash. Unsalted hashes has rainbow tables available which lets you query a hash (in etc an SQL table) to obtain first available password for that hash. Salting a hash means you append etc the account id or registration date to the password before hashing it, making it much more resistant to rainbow tables.

Good explanation. Thank you! This is also the reason why the EU Privacy Policy doesnt allow web services to store passwords anymore, but their hashes.

Good explanation! However, an important point was left out: two different input values ​​can produce the same hash. This means that the password may be found, or a random value that results in the same hash.

People are still confusing Hashing with Encryption. Hashing for data integrity and Encryption for data confidentiality, keep that in mind.

Very well explained. The only caveat not mentioned is that just because the hashes are the same, doesn't neccesarily mean that the input data is the same, as multiple pieces of data may share the same hash (these are called collisions) but, its incredibly unlikely, especially from the context of brute forcing. Edit: Wow, this blew up! Lots of good discussion and points below too!

People really think they discovered the cheat code to storage space.

I kept asking myself about this and you just come outta nowhere solve my question :D

Seriously good information always on this channel. Flipper used to a dolphin for me until I watched this channel.

Your explanation was very clear the first time. They didn't just understand.

The issue is when passwords have been leaked so more common phrases and their hashes are already on a list which can make it easier for hackers to get into an account. This is also why the salt and pepper concept exists where you add another random string to the password that gets stored separately but always stays the same to make the hash unrecognisable. Pepper is just adding another random character each time which means it tries 30-ish combinations on every login to further jumble the hash.

Quickest and best explanation I've ever seen. Thank you

Thanks for making a video clearing this up, I was one of those who said you were wrong (only because of the incomplete explanation), and now Im saying you are right :) Big fan

It's like cooking. You cannot reverse the process to know the ingredients but you can guess and guess until you get the correct recipe.

This clip was very informative and easy to understand. Well done and thank you!

I love how you explain things even though I know the subject

I’ve been a malware analyst and cybersecurity manager since 2009… Hashing is a one way function. The people arguing clearly know absolutely nothing about the subject.

We call this injection. If there existed a bijection (surjection and injection) between each hash and all possible inputs, it would be invertible and, therefore, crackable from only the outputs. If you reversed the SHA256 for a particular output, you would receive a field of inputs since its 'many-to-one'

If a hash was reverable it would defeat the point of a hash

That was a fantastic explanation. Hashing is a deterministic one way function. So if you have the same output than you can say you have the same input, that doesn't mean you can reverse the output.

Very clear explaination and without going into maths. 👌 You might can explain salting next.

It is also worth noting that it is possible to get the same hash with 2 different inputs; Getting the same hash doesn't always mean you have the same original data

No. Hash functions, in a broad computational sense, are defined by their ability to take input of arbitrary length and produce a fixed-size output. This characteristic is fundamental to various applications, such as indexing in data structures like hash tables. The crucial point to note here is that reversibility in the context of general hash functions is a matter of design and intent rather than an inherent impossibility!!! As long as the original input data is within the constraints of the hash function's output capacity, there exists the potential for these functions to be reversible, possibly through the function itself or other means. Contrastingly, !!CRYPTOGRAPHIC HASH!!!! functions are a specialized subset of hash functions with additional properties designed explicitly to enhance security. Among these properties is the principle of irreversibility-or more technically, pre-image resistance. This means that it should be computationally infeasible to reverse the hash function, i.e., to find the original input given the hash output. The design of cryptographic hashes aims to negate the possibility of reversibility, ensuring that even if the input data fits within the fixed output length, reversing the process to retrieve the original data should be impractical. You don't seem to grasp the distinction of those: not all hash functions are created with the same objectives, and thus, they vary in properties such as reversibility. So you are wrong. Hash functions can be reversed in some cases.

😂 David, you are the man! Some people watch a couple KZfaq videos on "hacking" and all of a sudden, they're pros lol. Take the time and research anything and everything you can, just like David. Keep it up man, love your videos

Good explanation. Please also include collision when you talk about this

Bruh if people could reverse hash and get the original message, we'd be in big trouble 😂

Yes and no - you will obviously get the same hash with the same input, but you can also get the same hash with other inputs. I'm sure you're aware, but for the uninitiated, these are called hash collisions (in hash tables, anyway) EDIT: I can't believe I'm arguing with toddlers on the internet, but here we go... To clear up the "confusion" regarding my comment, I'm not responding to the video's title like some sort of half-wit who reads a book title and thinks he's absorbed the content. (For clarity, that's definitely an insult directed at some of you commenters) Instead, I'm referring to the comment made in the video, and I quote "I'm checking if the hashes are the same which means I have the same original data as you" - That claim is BLATANTLY FALSE!!! WATCH IT AGAIN!!! What I was trying (and failing, apparently) to communicate is that YES - The same input will hash to the same value, but NO it does NOT guarantee you have the same input. Multiple values CAN RESULT IN THE SAME HASH - this is called a HASH COLLISION. To all of you arrogant children who want to puff out their chest attempting to appear intellectually superior - You should be embarrassed! You've proven that you rank somewhere between a soggy bowl of cereal and a seahorse. Congrats....

In short, you can't reverse it, but you can check that it hasn't changed. You "can" however use a Rainbow Table and check hashes with your own hashes to "reverse" it and get the data. But that would mean that you ALREADY have it, hence there being NO WAY to reverse it and why it's a one way function.

This is the best explanation of hashing I have ever seen

A small correction is that two pieces of data may have the same hash. Even if you get a matching hash, you may not have the same original data. This is known as a birthday attack and is a problem with some older hash types like md5

As far as I understand, if your data can be represented by the same (or fewer) number of bits as your hash, only then are you guaranteed to match data when two hashes match. If you have 257 bits of data, there exists at least two unique data values that would result in a hash collision.

One of the best short descriptions of hashing

Beautifully explained. This man simplified what is known as a clash for you guys

Actually, comparing hashes does not mean the original inputs are the same, rather that they are very very likely to be the same. There's a chance of 1 / 10^97 with SHA-256 of what's called a hash collision, where the same 2 inputs give the same hash value

The hash function has no inverse because it relies on the modular function that in mathematics has no inverse.

LEGEND, goes deeper explains and informs

I love it when people without even a single IT cert to their name will go online and tell people they're wrong without actually understanding it themselves

This makes so much sense, as soon as you give the example of hashing a book or an iso, it becomes quite clear that a 256bit hash would not be able to give us a book, otherwise why the hell would we not just hash the entire internet and back it up as a tiny little 256bit hash, meaning we could store tons of info in a text file.

Hash tables yeah, that's why there's usually "salt" included before the hashing.

That’s one heck of a compression algorithm

You explained this so well for someone like me, thanks

and that bit at the end is why we add "salt" in a unique way and also store the "salt"

I always wondered how hashing works, and when I learned about this in a python course I took some time ago, my mind was blown.

Cool thing about hashing is you can still search for the hash of a specific thing and still find it but still maintain confidentiality/privacy. Providing you are searching in a system that requires all hashes are unique.

That’s why alongside hashes, we need to also create and add salt on the back, for example. All code breaks, this way is just harder to break it.

I think it'd be really funny making a video compilation of every time you predicted something in this series and then showing it actually happen 😂 Like it's happened an insane amount of times now haha

The way I heard it explained is if you multiply two prime numbers, that's relatively easy to do. You can't then look at the resulting number and know which numbers were multiplied together to reach it.

Wow, explained calmly and competently to what seems to me like trolls.

Simple explanation! Thank you!

tbf you just explained exactly what hashing is used for, and ironically people kind of understand but vehemently defend their minor misunderstanding. oh humanity, always the entertainer.

You're right. We use a hashing function in our work for a particular PCI-DSS scenario, I once asked if we could reverse hash to find out what the customer was doing wrong in creating it and it's not possible to do.

Well explained with the book hashing!

As a Hash i can confirm this man is Hashing correctly

Learned this in digital forensics. Easy peezy

True, even many different things can generate same hash code, though It's really rare in a good hash function.

A powerful tool I would love for society to use more. For example sharing medical data between hospitals are sometimes not possible due to the security risk but if people would drive around to hospitals and making sure that the hashes get rotated and distributed in a safe manner I think it would make things smoother and safer.

If hashed worked the way these guys thought, it would be the greatest compression algorithm ever!

A professor in one of my CS classes explained it pretty simply. The space of all combinations of 256 bit strings is large but every string regardless of length outputs a 256 string and the list of every possible string is larger than that. That means there is overlap. This it's equivalent to saying x² = y. If I give you that X = 2, then Y must = 4. But if I say that Y = 4, you don't know if X = 2 or -2. Two different inputs can have the same output.

With older encryption schemes, you would sometimes see the same data produce the same hash, but I'm not sure as the specifics that help prevent that today. I seem to remember Windows NT 4 passwords were pretty easy to reverse hash, but all you would need is a matching password data, not necessarily the same hash. I imagine that is still possible with current hash algorithms, but it may take a fair bit longer to engineer a match.

People love to disagree. I doubt if most of them know the security properties of a hash function. You are doing an excellent job. Keep going 💪🎉

This was a good explanation with an example I never thought of. The only thing I think you missed was that two different hashed values can have the same hash as output[COLLISONS]. So a person could guess an incorrect password that just so happened to have a hash that is the same output as your correct password. The probability of that happening is extremely small, but definitely possible.

Thanks for the explanation of a very basic authentication process....

That’s beautifully explained ❤

This is one of those pillow thoughts I get every now and again, it seems impossible but if you could encrypt data as a sort of hash and pull information out of a magic hat so to speak, I think it would be pretty dang cool. The only way I can think of accomplishing it would involve encrypting onto 'something' that exists irrespective of our universe, so not time space or matter or any of the fields we interact with. It would have to be something abstract like fate, or predetermination essentially unpacking what should be completely random information into exactly the encoded information.

Great explanation. Good to be reminded of the details.

The non-verbalized on-screen text, "assuming no collision", is the most important part. My initial reaction was "you were correct, right up until that last part" because I wasn't looking at the screen when I heard it, so I didn't see that non-verbalized note. I would say it's actually extremely helpful when people argue that they can reverse-engineer a hash because they immediately identify themselves as people whose "knowledge" and opinions can be completely disregarded because they are untethered from reality.

Will really confuse people if you start to introduce salting to the hash 🤣

Now that right there would be one serious compression algorithm... lol

Hashes are a good way to check for small errors between two supposedly identical pieces of data. Most notably when you download something.

what he explained in this video is a large part of how some core cryptocurrency functionality works. and tables with reverse lookups for hashes are called rainbow tables. they aren't practical for anything other than short or common strings or passwords, but they do exist

well explained. you were absolutely spot on

That's how you find out if someone knows anything about encryption theory. What's a hash? What's a digest? Who is Bob and Alice?

I think that the critiques were aimed at the fact that some older hashing algorithms are no longer considered cryptography secure. And some non cryptographic hashes can in some cases be used to find the original data.

Also important to mention hash overlapping with legacy hashing algorithms that can result in the same hash from 2 separate data sources

That is the sense of a rainbow table. which has a list of Billions of passwords with the hashes ordered by the hash. Most of the easy remembered passwords can be found in a very short time when you get access to the hash list of a server.

There's 2 things to keep in mind: * 1. There are so-called Rainbow Tables that can give *some sort of input* that results in that hash (not necessarily the same but). * 2. If all you store of the password is a hash, the password need not be the same, it just needs to *result in the same hash* This is why any hashing algo that has a rainbow table is pretty unsafe to use as a password hashing algo. You can complicate this by requiring "hashes of hashes", which can make a rainbow table attack take longer, but it is still possible to "reverse", if you know the settings. TBH, I'm not well versed enough to know how salting complicaties this, but it seems to work, so I simply consider it "magic" ;-)

And that's why "salting" short strings before hashing is adding a little extra of security.

I remember when an MMO I played some years ago had to make a database and security update. one of the consequences was that everyone had to change their passwords, because the new database allowed for higher minimum length passwords. In the announcement they also revealed that, while they don't have our plain passwords, they had found that about 35% of ALL account passwords were IDENTICAL, by comparing the hashes.

A way to kind of reverse a hash is to keep a table with the hashes as the key and a list of inputs that give that hash as the value. That way you input the hash value and get a list of some of the possible values. However there are infinite values it could be but 99% of them will be in just a few

You could use a hash db (rainbow table) to "restore" the hash. It works usually better with shorter strings, you won't be able to restore a full book as you said.

Hashing is usually meant for comparing passwords and reveal data tampering or losses in transit. People confuse it with encryption.

A lot of people say dehashing something is like unbaking a cake.

I think an algorithm can be used that links an input of any length to a variable-length output so that we can get back the input through the output. That's what I have read and understood so far.

The whole point of hashes to compare data without actually having to give up the data. Passwords, version checking, file validity, etc. If you could reverse them, then by giving the hash you'd be giving the data and that would subvert the entire point.

Can’t believe armchair CS enthusiasts are trying to debunk someone with some of the most comprehensive and informational networking content on this platform

When user accounts were mostly stored in LDAP, all passwords were hashed. So people made rainbow tables of commonly used passwords and their hashes.

This is exactly how you can authenticate a digital file, to ensure it has not been altered. We used this method to create receipts for digitally signed documents at my previous job.

Collisions (same hash shared by more than one value) are possible. Which is why stronger functions are pushed to default and standard when collisions become probable to happen within a given period. If you build a hash table of your files using the same CRC as used in data CD sector encoding you'll see a lot of collisions in your own set.

Dictionary lookup, this is why it's a good idea to apply salt. A secret string that makes the hash unique so dictionary attacks wont work.

He didint even say we are wrong, He just explained it. Truly good content 😅

ok hashing finally makes sense to me. that's why people say you can check the integrity of a file by checking if it's hash has changed

I feel like that guarantees that at least some hashes are the same for two completely different data.

I agree. I think people use the word encrypt too often (often incorrectly) so they think hashing and encryption are the same thing. They are not.

Thank you for explaining this.

Finally met a guy who likes hash more than me. 😂 your not wrong dude. Men need to be endured or educated. Your a great teacher. 👍 marcus aurelias would be proud of u.

This is probably the easiest way to explain hashing vs encryption as well.

That was the best explanation ever