It'll take you an hour to explain? Great! Who else wants a 1h computerphile special with Tom Scott? :D

3:41 That's an… interesting rocket.

Just realized the opening title card says "" and the end title says ""....

I love this guy. he's like the James Grime of programming. he's just so animated and passionate about what he's talking about, all the time, it's really cool.

Someone clearly had a bit of fun drawing that cocket... er I mean rocket.

Damn.... someone who truly breaks things down to the best way ones can understand. Thank You tons! 9yrs later LOL.

1:37 It's not always bad to have a very very fast hashing algorithm, it's actually very good to have a fast hashing algorithm when using it for the file checking stuff explained earlier. The only time you don't want a fast hashing algorithm is when it deals with security, mainly hashing passwords.

The download verification hash is usually to verify that the download was received without being corrupted during transmission, not really for security.

"if you have 50 pigeons into 25 pigeon holes, you have to stuff 2 of the pigeons into 1 of the holes"

Sometimes webistes deny a password reset since the new password is "too similar" to the old one. How do they know this is all they have is a hash?

My wife loves Numberphile but often doesn't really understand all the content in a video. She really particularly likes James Grime. Now I know how she feels! I don't understand much of what Tom Scott says, but he's just so utterly watchable and engaging!

Very clear, no bullshit introduction to skip. Right to the core. Thanks a lot.

That moon rocket looks very similar to.. uhh..

I would love to see a whole series about computer science, or security, by Tom Scott.

Including a hash with a file to be downloaded is a common practice when the file itself is hosted on various mirrors rather than on the main site. In this case, being able to retrieve the hash from the trusted site, and compare it to the binaries from the potentially untrusted mirrors allows one to be reasonably confident that the mirror didn't send you a modified version of the file.

The hash for file downloads is usually used by open source projects, where the executable may be mirrored by countless universities which the software author doesn't have control over. In such a case, it certainly is *not* trivial to compromise both locations.

Watching this video 9 years after it was uploaded, he was right SHA-1 is broken now but still incredible helpful to get a high level view over that topic!

Tom Scott is the only reason I subscribe to this channel. He has so much enthusiasm that makes me want to know more about the subject he's explaining.

These videos with Tom Scott are my favorite on computerphile. You should do more with him!

I bet most people here won't mind longer videos if stuff gets explained!

You can use hashes when you're distributing a file through various mirrors - you have some confidence that the version on your site is clean, but to ensure that the version on others' sites match your own, you use the hash to verify.

Such a passionate guy. Kind of a shame this video was mostly an intro to the next episode but i'll definitely be watching out for it!

Awesome video Tom! In a previous job i use to test slot game software and for verification of the program we use to use multiple algorithms like MD5, SHA-1 and SHA-2 to ensure what we approved in the lab is what gets used in the fields.

You are by far the best of the computerphiles. The sorting guy is good too, but wavey-hair is superb.

I love seeing Videos with Tom, he is just awesome and the topics are interesting.

The first audio book I ever listened to, is still to come.

1:34 Isn't that the first 6 digits of pi?

LoL who made the rocket, I respect it..

Tom is such a great teacher, I hope that's his job in real life because the world needs more teachers like him

3:51 how is the rocket appearing behind the moon? The rest of the moon is still there

10 years later and he still looks the same

Watching this in 9 years and what he said about SHA-1 is so funny.

Thank you Tom and Computerphile!

The point of publishing hash codes for downloads is still useful for the common case where the download comes from a 3rd party (mirror or torrent), and also to ensure integrity (no transmission errors in the downloaded file or storage media).

SHA1 officially broken by Google today lol

In a few years sha-3 will be the standart. Yeah, still waiting.

I love this channel! How did I not find it sooner?

Okay it's been a while since I last had to code passwords into a database but back then md5 was still perfectly acceptable. It's good to know this is no longer the case and web scripting languages have adapted to provide the extra layer of security. So in PHP where I used to use md5() for passwords I shall now use password_hash() Thanks :)

Uhm,... Nice spaceship design lol.

Tom Scott for the win with my cyber security assignment

I love these videos, and I love this guy, Great explanations.

You explained it significantly better than my lecturer did

Here's a fabulous idea that will extend the life of MD5 and make security much, much harder to circumvent: Use TWO OR MORE hash algorithms and test against multiple signatures. It may be trivial to break one hashing algorithm, but the likelihood of being able to change a file in such a way that multiple hash algorithms still match is infinitesimal, and may even be zero.

Woo, thanks for this video. I've been wanting to learn more about this, and I've had trouble getting through some articles on this topic.

That rocket looks abit sus eh

Really interesting stuff! Great explanation!

Been waiting for this one :) Great video Brady.

This guy is great, can't wait for the followup!

this guy is amazing! thanks computerphile!

Why wasn't I subscribed to this channel before? Love the way you explain.

Length of the hash is how you get security, not making a slow hash function. In other words, you should always try to make the hash as fast as possible, but have at least *some* fixed overhead. This means a reverse or "dictionary" attack is stuck at brute force -- if a security system relies on the failure of a brute force attack due to the slowness of the hash function, the system should be considered weak. The issue with MD5 and SHA0 is that they have mathematical weaknesses the reduce their security. In other words you can, in a sense, pre-match some of the hash bits before you start the dictionary attack, effectively reducing the length of the hash. The "rumors about SHA-1" are almost certainly to do with the relatedness of SHA0 and SHA-1. Probably the weakness discovered in SHA0 were generalized and expanded upon then applied to SHA-1. SHA256 is basically safe because it uses an overkilled sized hash space (256 bits). It means all collisions searches are suppose to take about 2^129 operations, which the sum total computing power of the earth has yet to even come close to doing. The idea is that even if SHA256 is significantly weakened (say, by 32 bits) there would still be enough space left over that it would still be basically impossible to break. Longer hashes are always a little more inconvenient than smaller ones. This is why SHA1 existed. It only output 160 bits, which assuming the SHA1 algorithm were no weakened in any way, requires 2^81 operations to break which is still too much in practical computing environments. The problem is that attacks which can reduce the number of bits by, say, 52 bits, would be sufficient to reduce the problem space to 2^54 which some super computers may be able to tackle given enough time. MD5, which only outputs 128 bits, was easily cracked when its output space was reduced below 100 bits, independently by a French team and a Chinese team in the early 2000s (the French team did not reduce the number of bits as much, but used much more computing power). Nowadays, it is easy to construct MD5 hash collisions using the Chinese team's approach. The remedies to this are to use updated algorithms such as Keccak (aka SHA3) or to use more bits (like 224, or higher like SHA256 does).

I thought they wrote the hash for 2 reasons, 1. To make sure the mirrors arent tweaked or 2. to avoid bit errors (where a 1 goes to 0 or vice versa) caused by physical factors. Doesn't happen too often now a days though.

Tom Scott, YOURE AWESOME!

My first experience with hashing was keying in programs on my Commodore 64 from magazines like Compute!'s Gazette, RUN, or Ahoy in the 1980s. They included a program that would start a wedge (a daemon, of sorts) to compute and display a checksum for each line of code entered. Each line of code printed in the magazines ended with a comment containing a checksum for that line. If the checksum appearing on the screen didn't match the one printed in the magazine, I'd know I entered the line of code incorrectly and I'd need to look for mistakes. That's how we did it back then, and WE LIKED IT! 😉

I've been seeing all the videos. hope you talk about salting hashing in the future tkx. really loving this videos.

good video, can't wait for the next one

Moree of Tom ! These are the best vids

Definitely should bring up BCrypt during password hashing. It's "work factor" is a design feature to help with the speed concern mentioned in this video.

About downloading files and using hashes to check what has been downloaded is not supposed to be a "security feature". It's meant to provide a simple check that the download itself went on without disruptions. In other words that one actually received the whole file as intended and that the file wasn't broken due to a poor connection.

Thanks so much for this video! Really enjoyed it and made me better at my job.

I remember with those download sites, there were some groups that actually did modify the file to make the CRC or later MD5 spell out something interesting in hex. Like the version number or the episode number of the series.

I would like to listen to that one hour avalanche effect explanation :)

3:41 actual moonlanding footage of 1969 (colorized)

This was a very nice video..My first comment on any video on youtube !

This guy is really good. More videos from him please.

3:45 I hope I'm not the only one who sees something completely different in this animation :D

I always thought it was odd to check the file integrity by trusting the hash from the same site that you downloaded the file from. I mean, if the site is compromised, why would I trust their "checksum"?

Excellent video!

This video was mentioned in a later video so I went looking for this one, but couldn't find it. Now it just appear in my What To Watch list. Weird. Good video. I would like to see something more in-depth, perhaps by numberphile.

This explains that lecture I was sitting in on when I visited Cornell.

Great description of hashing.

very nicely explained ...thanks alot

wow, amazing video. Great guy!

This is really the kind of video I would love more from on Computerphile. :P (Maybe going a bit more into detail... just slightly but not as superficial as some of the other videos on this channel. - That's also why I like Tom Scott btw :p) Also those "nostalgia" videos about the times, where most of us probably didn't even exist yet or knew what a computer is about are pretty neat. (Forgot the name of this nice older professor) Just some feedback - That's all. Bye and thanks for your content, Brady

Damn Tom, I'm amazed from your knowledge in every video of yours I watch here and on your personal channel, would love if you could recommend some good books/ resources other then this and your personal channel.

SHA1 is broken - February 23, 2017

Really cool video!

Yeah man love to see a video on hashing

hash codes on websites offering a download are also used to make sure the download went well and nothing got corrupted (or involuntarily changed by a machine error or noise)

Great video!!!

The moon shaped like a banana

If I make a hash algorithm in PHP or JS, how do I hide that algorithm securely from users? I could make a kind of secure hash algorithm, but that is useless if everyone can just read the instructions

I'm very much looking forward to the next video, as I greatly disagree about password storing using hashes. Obviously not unsalted and not only one iteration of hashing, but still.

So, here's a analogy that I thought of, it's like the file is an engine and the hash is a photo of that engine: the hash won't work as an engine and you can't figure out how that engine works, But you will be able to see that the engine is the same as the one that is in the photo (probably).

Almost there guys! Almost got that golden play button! 😀

@Tom Scott - Actually MD5 HAS been broken with text documents. It's been done with carefully constructed PDFs that say different things and have the same hash. AFAIK it's based on some APPEND attacks on MD5 and the ability of PDFs to overlay stuff.

8:05 Red has won three times and yellow has won two times.

Love this guy.

I was disappointed in not learning, at least in some general way, how a hash is generated.

Who is this Tom Scott and why is he so knowledgeable about this lightboxes and the language they speak?

/computerphile ! Finally! YES!!

I was hoping for exactly the details he said would take hours to explain. But then again maybe the mathematics of hashing would fit Numberphile better. Here's to hoping James will tackle this!

Just wanted to say that CyanogenMod (and many other Android-flashables) use md5 for their downloads. It works very well for me and has nothing to do with security. Sometimes, I get a file, download it onto my pc, then try to transfer it to my phone. Then when I flash the file, it doesn't work. Some transfer process I used changed the file along the way. I really don't know why. Maybe it's because many of them are .zip's, and perhaps they want to use a different method of compression or something. When the hash code is shared next to the download, I can verify the file's fidelity by the time it reaches my phone.

Awesome vid

Isn't the last point about verifying file downloads a little off? The point isn't that the file downloaded is verified to be the same file as the one put on that site. The point is that a file downloaded from 3rd parties (mirror sites etc) is checked to be the same file as a central master copy that the author has certified.

I forget which game it was, but gaining access to it's protected memory region required generating hash collisions until it overflowed. Once you got access it was just function call to reset the stored hash with your injected code factored in.

Awesome!! Very clear, thanks! :)

actually, the idea of putting the hash file along side the original file is a very good idea, if you are aware of what you are doing. 1- people with such level of security use multiple servers and mirrors, and you should really really get the two files (the hash and the document or program) from different sources/paths. that is internet security 101. 2- mostly the hash is used against man in the middle, hashes does little good if your server is compromised (that is not its intended use). using hashes assumes the source is trusted and the channel is not. hash could be very useful for example if you are getting the file from a ptp network and you'd like to verify that you got the actual file, not a different one. and passwords should be encrypted in the database, specifically encrypted with algorithms that have decryption algorithms with key or salt and such. hashing the password in database (with any algorithm, secure or not) forces you to use non secure authentication methods that exposes the password at the client side.

This guy is awesome

Brady, Sean and Co I can't help but feel deep sorrow with this google+ crap and your many, many different channels. I do hope you guys can make more videos soon but I can understand it will take you guys a while to reorganize. God speed guys.