When we talk about cryptography, we tend to only think about one part of the CIA of security. Now remember, CIA stands for confidentiality, integrity and availability. So when we talk about cryptography, we tend to concentrate on confidentiality, right? We're encrypting stuff. Well, that's not always the case. Well, I want to talk about right now something called hashing.
A hash provides integrity when it comes to the CIA of security. Now, we don't encrypt with a hash, we make things integrity of five, I'm going to stick to that word, because that's now a part of the Webster's dictionary. So let me explain how a hash works. The idea behind a hash is that it is an algorithm. That's why I got my algorithm machine here. And it doesn't encrypt.
What it will do is it will take a arbitrarily large amount of data. And you take that data and you run it through and it comes out in a fixed value every time so If I have a five letter input, it's going to come out. However, whatever size the hash is, if I have a 300 billion byte input, it's always still going to come out this size. Now, at first glance, you'd say, well, Mike, what am I going to do with that? Well, there's a couple of things about hashes that are cool. Number one, hashes are one way.
If I generate this and I create a hash, there is no way it is impossible to figure out what the actual original data was. The other thing that's cool about a hash is that it's deterministic. So look at this guy, he starts with one a six got it. So I take this document. And it doesn't have to be a document, it could be a image, it doesn't matter as long as it's ones and zeros. And if I could take all knowledge known to man from the beginning of mankind and put it into a big word document, and I could go to page 405,326,427,622.
And I could go in there and change one letter. one letter chain, so the uppercase C, I could change it to a lowercase C. And if I take that value, and I run it through a hash algorithm, it's going to come out with a completely different value. So hashes are a very good way to say, this is the data from which I got. So for example, if I'm downloading a big executable file, I can run a hash on it, and compare it to the hash value that's up on the website. And then that way, if that didn't come down, right or something, I could clearly and very explicitly know that this is the right value. So hashes are something we use all over the place within the world of cryptography.
So that's the basics of a hash. Now, for the security Plus, there are lots of hashes. hashes have been going around for a long, long time. And we have a lot of different versions of them. They all have different size outputs or what we call a message digest. They're all the same word.
And what I want to do right now is just take a minute and let Run through the different types of hashes that you're going to see on security Plus, there are a zillion types of hashes out there. But luckily for us, we can break down what you need to know for the security plus into three groups. First is called message digest version five, better known as MD five. Mt. Five is the grandpa of hashes. It's been around since the early 90s.
It was invented by Ron Rivest, of RSA fame. And it's been used for years and years and years and years. The important thing to remember about mt five is that it uses a 128 bit hash. Now, Mt. Five is a great one, but they found a little problem with and I'll explain that in just a moment. The second type of hash I want you to be aware of is the Secure Hash algorithm better known as Sha.
And this is a family of hashes that were developed by the National Institute of Standards here in the US, technically, they're still being developed. The earliest version of SRA that you're going to see on the security plus is called Sha dash Now Sha one has a 160 bit hash. Now here's the problem, both mt five and Sha one have the ability to generate what we call collisions. Let me explain that. A collision simply means when you take two different types of data and generate the same hash, if you can force a hash to make occasional collisions, it can often be figured out how the hash works. And that is a naughty naughty thing.
We don't like that. So neither mt five nor Sha one are used that commonly anymore. If you're talking about hashes that are being used today for websites and all kinds of stuff, we're talking about shot two. Now Sha two is not just one type of hash, shot two is broken down into different types based on the length of the hash. So we don't say shot to what we will say though, is Sha 256, or SHA 512. So you can see that these big long hashes are much more less prone.
In fact, no one's made a collision with them yet knock on wood. The last type of hash I want to talk about and it's mentioned on security plus, so let me bring it up is ripe MD. And that stands for race integrity primitives evaluation message, digest hoof. Now, this is not a real common hashing algorithm. It's nice because it's open standard, and everybody can check it out. But it's just not used that much.
Nothing really wrong with it. It's just that everybody like Sha two these days, but do be aware for the test that right BMD comes in 128 162 56 and 328 bit versions, and you will be tested on every one of these on the security plus. Yep, that is a lot of hashes you need to memorize my friends. Not only do you need to memorize the different names of each hash, but make sure you know the size of the hash because the security plus loves to hash on that. Sorry, okay, I'll keep my day job now. People will ask me, especially just been exposed to this what what do we do with hashes?
The easier answer is within the world of cryptography, you would be hard pressed to find a place where we don't use hashes. Some great examples. Example number one, password storage. Most operating systems never store your password. So you type in a password that it Edyta and you hit Enter, and the password is saved onto the hard drive only as its hash. So when you type in your password to log into something, it goes ahead and hashes it and compares it and says, Oh, you typed in the right password.
We use hashes on virtually every type of encryption and authentication known to man, we use hashes everywhere. So what I'm warning you right now is you only need to memorize the different types of hashes starting from here and going through the rest of this course. We're going to be seeing hashes over and over again.