SHA 256 | SHA 256 Algorithm Explanation | How SHA 256 Algorithm Works | Cryptography | Simplilearn

00:08

we use our wi-fi every day for work and

00:10

we use the internet for entertainment

00:12

and communication

00:14

the dependency on technology is at an

00:16

all-time high thanks to the radical

00:18

developments and innovation in these

00:20

last two decades

00:22

a big portion of this belongs to

00:24

ensuring secure channels of

00:25

communication and data transmission

00:28

we have already covered videos on

00:30

cryptography encryption and other

00:32

algorithms such as the dsa rsa aes etc

00:38

today we will be covering the most

00:39

advanced hash functions known today

00:42

the secure hash algorithms family or sha

00:46

let's take a look at the topics to be

00:47

covered in today's video

00:50

we take a look at what is hashing and

00:52

its principles examples and applications

00:55

we learn about the origin of the sha

00:57

algorithm along with its methodology

01:01

there are some distinct characteristics

01:03

of the sha family that we cover as well

01:05

we take a look at the steps needed to

01:07

create hashed values using the sha

01:09

algorithm and then finally learn about

01:12

the prospective advantages for the same

01:15

let's first get acquainted with the

01:16

concept of hashing and its applications

01:19

hashing is the process of scrambling a

01:22

piece of information or data beyond

01:24

recognition

01:25

we can achieve this using hash functions

01:28

which are essentially algorithms that

01:30

perform mathematical operations on the

01:32

main plain text

01:33

the value generated after passing the

01:35

plain text information through the hash

01:37

function is called as the hash value

01:39

digest or in general just hash of the

01:42

original data

01:44

while this may sound similar to

01:45

encryption the major difference is that

01:48

hashes are made to be irreversible

01:50

no decryption key can convert a digest

01:53

back to its original plain text value

01:56

however a few hashing algorithms have

01:58

been broken down due to the increase in

02:00

computational complexity of the new

02:03

generation computers and processors

02:05

there are new algorithms that still

02:07

stand the test of time and are being

02:09

used among multiple areas for password

02:11

storage integrated verification etc

02:15

like we discussed earlier websites use

02:17

hashing to store user passwords so how

02:20

do they make use of these hashed

02:21

passwords

02:22

when a user signs up to a new account

02:25

the password is then run through the

02:26

hash function and the resulting digest

02:29

is stored on the servers

02:31

so the next time a user logs into the

02:33

account the same password he enters is

02:35

passed through the hash function again

02:38

if the digest matches with the one

02:40

stored on the server then he is allowed

02:42

to login to the account

02:44

this way no plain text password gets

02:46

stored preventing both the owner from

02:48

snooping on user data and protecting the

02:51

user privacy in the unfortunate event of

02:53

a data breach or a hack

02:55

we also use hashing when it comes to

02:57

verifying data integrity

03:00

when a user uploads a file onto the

03:02

internet he or she can pass the file

03:04

through a hash function and upload its

03:06

digest as well

03:08

when a new user downloads the file for

03:10

personal use they can again pass the

03:13

file through the same hash function

03:15

the digest values are then compared

03:17

within the newly generated value and the

03:20

value uploaded by the user

03:23

if the values match then the data

03:25

integrity is verified and the value was

03:28

not corrupted in transit

03:30

to generate these hash digests from a

03:32

standard input we use hash functions

03:35

such an example of a hash function is

03:37

the sha algorithm

03:39

let us learn more about it in our main

03:41

focus for the thing

03:44

the secure hash algorithm are a family

03:46

of cryptographic hash functions that are

03:49

published by the national institute of

03:51

standards and technology along with the

03:54

nsa

03:55

it was passed as a federal information

03:57

processing standard also known as fips

04:00

it has four different families of hash

04:02

functions

04:03

ssj0 is a 160 bit hash function

04:06

published in 1993 and it was closed down

04:09

later after an undisclosed significant

04:12

flaw

04:13

sha-1 is also a 160-bit hash function

04:16

which resembles the earlier md5

04:18

algorithm this was designed by the nsa

04:21

to be a part of the digital signature

04:22

algorithm

04:24

sga2 is a family of two similar hash

04:27

functions with different block sizes

04:29

known as the sha-256 and the sha-512

04:33

they differ in the word size

04:35

ssh-256 uses 32-bit words while sha-512

04:39

uses 64-bit words

04:42

sha-3 is a hash function properly known

04:44

as kcac it was chosen in 2012 after a

04:48

public competition among non-nsa

04:50

designers

04:51

it supports the same hash lengths as

04:53

hsj2 and its internal structure differs

04:56

significantly from the rest of the sha

04:58

family

04:59

as we have already iterated the process

05:01

is straightforward we pass a plain text

05:04

message to the sha hash function which

05:06

in turn performs certain mathematical

05:08

operations on the clear text to scramble

05:10

the data

05:11

the 160 bit digest received from this is

05:14

going to be radically different from the

05:15

plain text

05:17

the goal of any hash function is to

05:19

produce digests that appear to be random

05:22

to be considered cryptographically

05:23

secure the hash function should meet two

05:26

requirements

05:27

first that it is impossible for an

05:29

attacker to generate a message that

05:31

matches a specific hash value

05:33

and second it should be impossible for

05:36

an attacker to create two messages

05:38

producing the exactly same hash value

05:40

even a slight change in the plaintext

05:42

should trigger a drastic difference in

05:44

the two digest

05:46

this goes a long way in preventing hash

05:48

collisions which takes place when two

05:50

different plane tests have the same

05:51

digest

05:53

the sha family functions have some

05:55

characteristics that they need to follow

05:57

while generating the digest

05:59

let's go through a few of them

06:05

the length of the clear text should be

06:07

less than 2 to the power 64 bits in the

06:09

case of sha 1 and s h 256

06:12

this is essential to keep the plain text

06:15

compatible with the hash function and

06:17

the size needs to be in comparison area

06:19

to keep the digest as random as possible

06:24

the length of the hash digest should be

06:26

256 bits in the sha-256 algorithm 512

06:30

bits in the sha 512 algorithm and so on

06:34

bigger digest usually suggests

06:36

significantly more calculations at the

06:38

cost of speed and space

06:41

we typically go for the longest digest

06:42

to bolster security but there must be a

06:45

definite balance between the speed and

06:47

security of a hash function

06:53

by design all hash functions of the sha

06:56

512 she-256

06:58

are irreversible

07:00

you should neither get a plain text when

07:02

you have the digest beforehand

07:05

nor should the digest provide the

07:06

original value when you pass it through

07:08

the same hash function again

07:10

another case of protection is that when

07:12

the hash digest is passed into the sha

07:15

function for a second time we should get

07:17

a completely different digest from the

07:19

first instance

07:20

this is done to reduce the chance of

07:22

brute force attacks

07:25

to achieve this level of intricacy there

07:27

are a number of steps to be followed

07:29

before we receive the digest

07:31

let us take a look at the detailed

07:32

procedure as to how the sha algorithm

07:35

works

07:37

the first step is to make the plain text

07:39

compatible with the hash function

07:41

to do this we need to pad the bits in

07:43

the message

07:44

when you receive the input string you

07:46

have to make sure the size is 64 bit

07:49

short of a multiple of 512.

07:51

when it comes to padding the bits you

07:53

must add one first followed by the

07:55

remaining zeros to round out the extra

07:57

characters

07:59

this prepares our string to have a

08:00

length just 64 bits less than any

08:03

multiple of 512

08:06

here on out we can proceed to the next

08:08

step where we have to pad the length

08:09

bits

08:10

initially in the first step we appended

08:12

the message in such a way that the total

08:15

number of bits in the message was 64 bit

08:17

short from becoming a multiple of 512.

08:21

now we add the length of bits in such a

08:23

way that the total number of bits in the

08:25

message is a perfect multiple of 512

08:28

that means 64 bits plus the length of

08:31

the original message becomes a multiple

08:33

of 512. this becomes a final string that

08:36

needs to be hashed

08:40

in the next step we have to initialize

08:42

this chaining variables

08:44

the entire plain text message can now be

08:46

broken down into blocks of 512 bits each

08:50

unlike other hash algorithms like md5

08:53

which use 4 registers or buffers sha

08:56

family use 5 buffers of 32 bits each

08:59

they are named a b c d and e these

09:03

registers go through multiple rounds of

09:05

operation but the first iteration has

09:07

fixed hexadecimal values as can be seen

09:10

in the screen

09:12

moving on we have to process each of the

09:14

512-bit blocks by breaking each of them

09:17

into 16 sub-blocks of 32 bits each

09:20

each of them goes through four rounds of

09:22

operation that use the entire register

09:25

and have the 512-bit block along with

09:27

the constant array out of those four

09:30

rounds each round has 20 iterations so

09:33

in general we have 80 rounds sum total

09:37

the constant value of k is an array of

09:39

80 elements

09:41

of those 80 16 elements are being used

09:44

each round so that comes out to 80

09:46

rounds for each of those elements

09:49

the value of t differs by the number of

09:51

rounds as can be seen in the table below

09:56

a single formula is necessary to

09:58

calculate the output of each round and

10:00

iteration

10:01

the formula can be b c d e register is

10:04

equal to e plus a non-linear process b

10:08

along with a circular shift of a plus wt

10:11

plus kt

10:13

in this formula abcd is the register

10:15

value of the chaining variables as we

10:17

discussed before

10:19

p is the logical process which has a

10:21

different formula for each round

10:24

s5 is a circular shift by 5 bits

10:27

and wt is a 32-bit string derived from

10:30

the existing sub-block

10:32

this can be calculated depending on the

10:34

iteration at hand

10:36

kt signifies a single element of the 80

10:39

character element array which changes

10:42

depending on the particular round at

10:44

hand

10:44

for the values of wt the first 16 values

10:48

are the same as that of the sub blocks

10:50

so there is no extra calculation needed

10:53

for the next 64 elements the value of wt

10:56

can be calculated as shown in the

10:58

formula here to better understand this

11:01

let's take a look at how each of this

11:03

goes in a sequential process we have our

11:05

initial register using the 5 words of 32

11:07

bits each in the first step we put the

11:10

values of a b c and d to the subsequent

11:14

register as the output

11:17

next we use a non-linear process p that

11:20

changes depending on the round and uses

11:22

the values of b c and d as input

11:26

whatever output is generated from the

11:28

non-linear process it is added with the

11:30

value of the e register

11:33

next the value of a is circular shifted

11:36

by 5 bits and is added with the output

11:38

generated in the previous step

11:41

the next step is adding the value of wt

11:44

and the constant element of kt the

11:46

current output is then stored in the

11:48

register a similarly this iteration is

11:51

repeated every round and for each sub

11:54

block in the process once all the

11:56

registers are complete and all the sub

11:58

blocks are joined together to form the

12:00

single ciphertext message we will have

12:02

our hashed output regarding the

12:04

non-linear process p that uses the

12:06

values of b c and d as input the formula

12:10

changes every round to maintain a

12:12

complexity of the program that can

12:14

withstand brute force attacks

12:17

depending on the round the values are

12:19

passed through a logical operation which

12:21

is then added with the values of wt kt

12:24

and so on

12:25

now that we understand how to get our

12:27

hash digest from the plain text let us

12:29

learn about the advantages we obtain

12:31

when using the sha hash algorithm

12:34

instead of relying on data in a plain

12:36

text format

12:38

digital signatures follow asymmetric

12:40

encryption methodology to verify the

12:42

authenticity of a document or a file

12:45

hash algorithms like ssh 256 and the

12:48

industry standard sha 512 go a long way

12:52

in ensuring the verification of

12:53

signatures

12:56

passwords need not be stored in a plain

12:58

text format which makes them accessible

13:00

to hackers and other malicious actors

13:03

when using digest the database security

13:06

also gets a boost since the size of all

13:08

hash values will be the same

13:10

in the event of a hack or a breach the

13:13

malicious actor will only receive the

13:15

hash values with no way to regenerate

13:17

the plain text

13:18

in this case the plain text would be

13:20

user credentials

13:22

since the hash functions are

13:23

irreversible by design it has become a

13:26

compulsion when storing passwords on the

13:28

servers

13:30

the ssl handshake is a crucial segment

13:32

of the web browsing sessions and it's

13:34

done using sha functions

13:36

it consists of your web browsers and the

13:38

web servers agreeing on encryption keys

13:41

and hashing authentication to prepare a

13:43

secure connection

13:45

it relies on a combination of symmetric

13:47

and asymmetric algorithms which ensure

13:49

the confidentiality of the data

13:51

transmitted between a web server and a

13:53

web client like the browsers

13:57

you can monitor file corruption by

13:59

comparing hash values before and after

14:01

transit

14:02

once the hashes match file integrity

14:05

checks are valid and data corruption is

14:07

avoided

14:08

hash functions will always give the same

14:10

output for the same input irrespective

14:12

of the iteration parameters

14:14

it also helps in ensuring that the data

14:17

hasn't been tampered with on route to

14:19

the receiver of the message hope you

14:21

learned something interesting today if

14:23

you have any queries regarding the topic

14:25

feel free to ask us in the comments

14:26

section and we will get back to you as

14:28

soon as possible subscribe to our

14:30

channel for more amazing content like

14:32

this and thank you for watching

14:38

hi there if you like this video

14:39

subscribe to the simply learn youtube

14:41

channel and click here to watch similar

14:44

videos turn it up and get certified

14:46

click here