Is it bad that I don’t know these off by heart? We’re talking about magic numbers today. In many cryptographic algorithms—hash functions, encryption suites, and so on— you have the seemingly random constants that appear because they’re necessary for various tasks and, um… The question is, where did they come from? Who thought up these numbers? And why are they important? There are a lot of cases where you want to start off with some noughts and ones jumbled up, in some sense before you then apply your encryption to do it further. That’s the idea. So in SHA-1, for example, we have, actually, some seemingly random magic numbers that are in there. INTERVIEWER: Are they things people know? You could look it up… Yep, you could look it up. It’s buried in the source code for any of these implementations and it’s in the specification. They’re not secret. That’s the idea. They’re not like a secret key. They’re just public knowledge. So, these numbers here are the initial internal state variables for SHA-1. And—I should add—in the wrong order by mistake. So, if you’re gonna implement SHA-1, don’t use my Computerphile video as your reference, please. These two are in the wrong order. But anyway… The internal state starts with these values and then it proceeds by taking in the message and jumbling itself up and then it outputs a hash. Now the very question is, who came up with these numbers? And do we trust them? Right? Is there any way that these numbers could be used to actually make the algorithm weaker? This is a concept of “nothing up my sleeve” numbers. So, think about a magician, if they’re about to pull something out of their sleeve, they just show you at the beginning there’s nothing in there as a kind of way of sort of going, “Look, there wasn’t anything in my sleeve originally, so it’s not a trick.” In the case of SHA-1, these numbers were produced by the NSA. Alright? But they’ve taken steps to try and demonstrate that they are actually just random nonsense or predictable numbers from life rather than very carefully-crafted mathematical numbers which allows us some kind of backdoor. So, for example, this one here is, you can see, is 0-1-2-3-4-5-6-7 Reversed. Right? This one—8-9-A-B-C-D-E-F. So you can see they’re just counting up and counting back down. So they’re basically counting. Now, this introduces some seemingly random noughts and ones to the initial state but what it doesn’t do is introduce strange numbers that we don’t trust, which is a very important thing in cryptography. The same is true of some other numbers used in SHA during the compression function which are these ones here. So these numbers are two to the thirty times by root two, root three, root five, and root ten. Why we chose them, in some ways, you know, we don’t know, but you can imagine that it would be quite hard to produce some kind of clever mathematical backdoor when you’re just using the square root of two, right? Because it’s just one number that everyone knows. You know? If you had picked these numbers at random, so they were in a sense is was unclear what their origin was, you maybe wouldn’t trust them as much. So this actually has precedent. So… The Data Encryption Standard was released many years ago now. Developed by IBM and, shall we say, adjusted slightly by the NSA. Now at the time, there were some constants used in certain internals inside DES which looked a bit suspicious. Certainly, it wasn’t so much that they were suspicious as that no one knew where they had come from. They’d just been defined by one of the developers and just left there. Now as it turns out, they actually were left there with a very good purpose. They actually made the algorithm stronger, because it was resistant to something called differential cryptanalysis. But at the time, when it seems random or contrived you can’t tell whether it’s because it’s made it stronger or weaker or it genuinely was random. So, in general, the cryptographic community is very suspicious of numbers that don’t have an obvious reason they’re there like, “I just counted from one to ten”. Right? Because, you can’t produce a mathematical backdoor based on counting, because it’s too contrived. If I was on stage— I don’t do magic, right? —but, if I was on stage and I said to you, “Let’s pick a number at random—I don’t know, 24” and did some trick with it, you’d think, well that’s great, but clearly 24 wasn’t random. You know, it’s that kind of principle. You want to have some way of demonstrating that it was a truly random number or indeed that in essence the the choice of your number is important, because everyone has to use the same one if it’s going to be a standard but in some ways, what exact number it was wasn’t important. That’s what you’re trying to demonstrate. So in the case of SHA, they’ve just done some counting they’ve just produced a simple mathematical formula that produces the numbers such that people maybe have a little bit more trust that it’s used. It’s quite common to use 3-1-4-1-5-9-2-6-5-8-9-7-9 Right? Because those are the initial digits of pi. But the point is that, if you use those numbers, then you can add some kind of, you know, initialisation vector for whatever algorithm your writing, but I can’t say, “Well, you’ve changed that number to put a backdoor in”, because that number’s pi. Right? I can’t change that number. You know, I don’t have that much power. So… But if I picked, let’s say, the the a millionth and second digit of pi and the one after that, and the one after that, you’d say, “Well, where did you get a million and two from?” You know, “Why have you chosen that part of pi?” So… The point is that I’ve got to have a due process and a clear reason for picking this number where I’ve tried to be very open and said, look it’s not about the number, I’ve just used it. Okay? That’s the idea. So I haven’t got anything up my sleeve. INTERVIEWER: How far can you go with pi? Well, I can do better than that, because that’s wrong! Yeah, it’s 3.14159265358979 So I’ve missed some out. Some people will have spotted that, and they’ll be they’ll be thinking worse of me. [LAUGHTER] Nevermind.

Fun

In iOS10.3.2 they stop using SHA-1 😛

WPF in C#, did that for my A-Level Computing haha :p

can we make a random backdoor number, and find unique aspects of it then show it's worthy of being a constant?

Good video =)

Those are not the first digits of PI…

Think the worse of you? In a world where Matt Parker keeps on giving us Parker squares? nah, you'll be fine.

3.141592653589793*

I'll just leave this here.

This may be a silly question, but why 0x67452801? To me, 0x12345678 would have been the 'less fishy' number to use.

messed up pi!

Why is it I feel this is the opposite… using these numbers may allow a backdoor?! 😛

Back in my 4-5th grade my brother buffed me with 50 digits of pi so I started remembering them. Now 20 years later I still can remember that.

Eek! The dark colours on this video are crushed. You can't see any details on Mike's shirt for example. I hope that it's a mistake and not something intentionally put in during the editing.

Dr Mike always entertaining

What is the constant number in the original code?

I spotted the mistake. What do I win?

I still don't really get it.

You should do a video on the fast inverse square root function

Can you do an episode on how keys are exchanged in end-to-end encryption?

4:26 RIP 3.5E-9

Couldn't a smart enough programmer realise a few different properties of seemingly innocent numbers, and choose the right combination of them that could give an edge later in cracking an encoded message?

But like.. why does the SHA algorithm require initial state in the first place. I'm not an expert but I feel like I could come up with a secure hashing algorithm without any hard coded seemingly arbitrary numbers.

How do you call the number of times pi has been written in the carribean divided by the time in wich this occured?pi-rate of the carribean!

"suspicious numbers" , that's funny but true enough with untrusting human nature being what it is. There's always a gimmick, right lol No doubt aided by the temporary nature of 'encryption looking back on the 70's, 80's, & 90's. Always interesting to watch complexity try to keep pace with processing power. Thanks for the video's

up my sleeves

the thumbnail is the best

Why not use all zeros?

Dude… you didn't get pi right >.> its 3.14159265358979…. you missed out the 35 in the middle.

I wonder why he didn't go into the Dual EC PRNG, where the constants were not Nothing-up-my-sleeve numbers and indeed were botched to make the algorithm weaker.

It would be interesting to see a video on how backdoors work!

I came to the comments to see everyone telling him off. Then he corrected himself.

I love the way he explaines things

I've always heard them called magic numbers, never "nothing-up-my-sleeve" numbers 😕

I've always heard them called magic numbers, never "nothing-up-my-sleeve" numbers 😕

Pi is wrong… 🙂

DJB hash function uses 5381 as initial value which 1st primth primth primth primth primth primth primth prime number. But it was chosen due to good avalanching was achieved with that vaule. That kind of constant has to do something with prime number (as like many other things in cryptography) & we may understand that all better when we get a good understanding of primes.

Nothing quite like commenting on the immutability of pi right after writing the wrong digits. No worries tho, it was cute.

I have to say that when NSA makes an encryption algorithm – ok thats perfectly fine, they need it themselves for defending against Russian Bear…. but when they release the same algorithm they made to public consumption its starts to sound fishy and when people find out that there are inside constant literals used in hashing… im not convinced that these are not used as backdoors…

You should subtitle all your videos. For the non-English-speaking world, it's kind of hard to understand British English

LOL i spotted the pi error and spent the next few minutes thinking about what went wrong, then you told us at the end 😛

He got the digits of Pi wrong. should be 3 1 4 1 5 9 2 6 5 *3 *5 8 9 7 9

This guy rocks!

I would have brought up Dual_EC_DBRG and the alleged backdoor in that PRNG.

I did spot you got pi wrong but your correction at the end helped me remember the next four digits (8979) so props for that

Did you explain what these numbers do?

It would be nice to see how one of these back doors would work. Like, has anyone shown that if you pick special numbers for SHA that it allows back doors?

Super interesting. Thanks!

please make a video about how "estimated time remaining" for file transfers is almost always wrong.

At the time that DES was designed, differential cryptanalysis was not public knowledge. The fact that the designers chose magic numbers resistant to it suggests that they already had knowledge of differential cryptanalysis–or something similar–up their sleeve, as it were.

3.14159265358979323846264338327950288419716939937510582097494459230781640628620899862803482534211706798214808651328230664709384460955058223172535940812848111745028410270193852110555964462294895493038196442881097566593344612847564823378678316527120190914564856692346034861045432664821339360726024914127372458700660631558817488152092096282925409171536436789259036001133053054882046652138414695194151160943305727036575959195309218611738193261179310511854807446237996274956735188575272489122793818301194912983367336244065664308602139494639522473719070217986094370277053921717629317675238467481846766940513200056812714526356082778577134275778960917363717872146844090122495343014654958537105079227968925892354201995611212902196086403441815981362977477130996051870721134999999837297804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235378759375195778185778053217122680661300192787661119590921642019893809525720106548586327886593615338182796823030195203530185296899577362259941389124972177528347913151557485724245415069595082953311686172785588907509838175463746493931925506040092770167113900984882401285836160356370766010471018194295559619894676783744944825537977472684710404753464620804668425906949129331367702898915210475216205696602405803815019351125338243003558764024749647326391419927260426992279678235478163600934172164121992458631503028618297455570674983850549458858692699569092721079750930295532116534498720275596023648066549911988183479775356636980742654252786255181841757467289097777279380008164706001614524919217321721477235014144197356854816136115735255213347574184946843852332390739414333454776241686251898356948556209921922218427255025425688767179049460165346680498862723279178608578438382796797668145410095388378636095068006422512520511739298489608412848862694560424196528502221066118630674427862203919494504712371378696095636437191728746776465757396241389086583264599581339047802759009946576407895126946839835259570982582262052248940772671947826848260147699090264013639443745530506820349625245174939965143142980919065925093722169646151570985838741059788595977297549893016175392846813826868386894277415599185592524595395943104997252468084598727364469584865383673622262609912460805124388439045124413654976278079771569143599770012961608944169486855584840635342207222582848864815845602850601684273945226746767889525213852254995466672782398645659611635488623057745649803559363456817432411251507606947945109659609402522887971089314566913686722874894056010150330861792868092087476091782493858900971490967598526136554978189312978482168299894872265880485756401427047755513237964145152374623436454285844479526586782105114135473573952311342716610213596953623144295248493718711014576540359027993440374200731057853906219838744780847848968332144571386875194350643021845319104848100537061468067491927819119793995206141966342875444064374512371819217999839101591956181467514269123974894090718649423196156794520809514655022523160388193014209376213785595663893778708303906979207734672218256259966150142150306803844773454920260541466592520149744285073251866600213243408819071048633173464965145390579626856100550810665879699816357473638405257145910289706414011097120628043903975951567715770042033786993600723055876317635942187312514712053292819182618612586732157919841484882916447060957527069572209175671167229109816909152801735067127485832228718352093539657251210835791513698820914442100675103346711031412671113699086585163983150197016515116851714376576183515565088490998985998238734552833163550764791853589322618548963213293308985706420467525907091548141654985946163718027098199430992448895757128289059232332609729971208443357326548938239119325974636673058360414281388303203824903758985243744170291327656180937734440307074692112019130203303801976211011004492932151608424448596376698389522868478312355265821314495768572624334418930396864262434107732269780280731891544110104468232527162010526522721116603966655730925471105578537634668206531098965269186205647693125705863566201855810072936065987648611791045334885034611365768675324944166803962657978771855608455296541266540853061434443185867697514566140680070023787765913440171274947042056223053899456131407112700040785473326993908145466464588079727082668306343285878569830523580893306575740679545716377525420211495576158140025012622859413021647155097925923099079654737612551765675135751782966645477917450112996148903046399471329621073404375189573596145890193897131117904297828564750320319869151402870808599048010941214722131794764777262241425485454033215718530614228813758504306332175182979866223717215916077166925474873898665494945011465406284336639379003976926567214638530673609657120918076383271664162748888007869256029022847210403172118608204190004229661711963779213375751149595015660496318629472654736425230817703675159067350235072835405670403867435136222247715891504953098444893330963408780769325993978054193414473774418426312986080998886874132604721569516239658645730216315981931951673538129741677294786724229246543668009806769282382806899640048243540370141631496589794092432378969070697794223625082216889573837986230015937764716512289357860158816175578297352334460428151262720373431465319777741603199066554187639792933441952154134189948544473456738316249934191318148092777710386387734317720754565453220777092120190516609628049092636019759882816133231666365286193266863360627356763035447762803504507772355471058595487027908143562401451718062464362679456127531813407833033625423278394497538243720583531147711992606381334677687969597030983391307710987040859133746414428227726346594704745878477872019277152807317679077071572134447306057007334924369311383504931631284042512192565179806941135280131470130478164378851852909285452011658393419656213491434159562586586557055269049652098580338507224264829397285847831630577775606888764462482468579260395352773480304802900587607582510474709164396136267604492562742042083208566119062545433721315359584506877246029016187667952406163425225771954291629919306455377991403734043287526288896399587947572917464263574552540790914513571113694109119393251910760208252026187985318877058429725916778131496990090192116971737278476847268608490033770242429165130050051683233643503895170298939223345172201381280696501178440874519601212285993716231301711444846409038906449544400619869075485160263275052983491874078668088183385102283345085048608250393021332197155184306354550076682829493041377655279397517546139539846833936383047461199665385815384205685338621867252334028308711232827892125077126294632295639898989358211674562701021835646220134967151881909730381198004973407239610368540664319395097901906996395524530054505806855019567302292191393391856803449039820595510022635353619204199474553859381023439554495977837790237421617271117236434354394782218185286240851400666044332588856986705431547069657474585503323233421073015459405165537906866273337995851156257843229882737231989875714159578111963583300594087306812160287649628674460477464915995054973742562690104903778198683593814657412680492564879855614537234786733039046883834363465537949864192705638729317487233208376011230299113679386270894387993620162951541337142489283072201269014754668476535761647737946752004907571555278196536213239264061601363581559074220202031872776052772190055614842555187925303435139844253223415762336106425063904975008656271095359194658975141310348227693062474353632569160781547818115284366795706110861533150445212747392454494542368288606134084148637767009612071512491404302725386076482363414334623518975766452164137679690314950191085759844239198629164219399490723623464684411739403265918404437805133389452574239950829659122850855582157250310712570126683024029295252201187267675622041542051618416348475651699981161410100299607838690929160302884002691041407928862150784245167090870006992821206604183718065355672525325675328612910424877618258297651579598470356222629348600341587229805349896502262917487882027342092222453398562647669149055628425039127577102840279980663658254889264880254566101729670266407655904290994568150652653053718294127033693137851786090407086671149655834343476933857817113864558736781230145876871266034891390956200993936103102916161528813843790990423174733639480457593149314052976347574811935670911013775172100803155902485309066920376719220332290943346768514221447737939375170344366199104033751117354719185504644902636551281622882446257591633303910722538374218214088350865739177150968288747826569959957449066175834413752239709

Sorry, but nobody "knows" the squareroot of two!

However, there's still the issue of "did they design a backdoor in the algorithm specifically to take advantage of this number that otherwise would seem innocuous?"

0:30 fervour?

He wrote pi wrong 😒😒

he's my fav computerphile guy

I thought there would be some mathematical definition or metric that says how a given number is "not up my sleeve" :/ Little disappointed tbh.

"Differencial cryptanalisys" come on, you can't just say that and not make a followup video about it!

at 04:29 – those where not the correct first digits of pi, they are: 314159265358

Actually its 314159265358979, what he

said was 314159265 8979

at 4:23

I knew Mike reminded me of someone,Toby Maguire ,ah!:D

I noticed the three missing, and I paused the video to check whether my intuition or your writing was wrong

Commenting here to get more attention, couldn't you have a better version of Asimov's Laws by making "increase the human population" the goal? The main problem I've found so far is if it thinks too short term and, say, makes humanity force grow outside their food production, leading to a cascading falure when the system collapses. This could be solved with a "sustainable population" requirement, but there could be other problems.

Are there any famous examples of a contrived number that WAS used to put a backdoor in encryption?

I think my favourite "Nothing Up My Sleeve" number is 0xF5B3669E

Don't worry… any and all approximations of π are wrong.

I am a big fan of the channel & I like the idea of it so much as it widens the vision of an IT student (let alone other people) by providing a wide variety of topics which are being talked about from early computation which was demonstrated by Charles Babage's Integrated Calculator to Deep Learning algorithms, also covering topics in between such as Hashing Algorithms & Computer Security.

Love to watch more vids & topics explanation on the channel generally & by Dr. Mike Pound particularly.

This guy looks like gabe from the office.

Some magic numbers are words, like 0xDEADBEEF.

but stage magicians

dopick the number! very often! they just use sleight of hand to hide that they have, and put on a show of the person supposedly picking their own.you want random numbers buy a gaxio.

So showing you the casual object doesn't mean one can't do magic with it…. but you were still held at a point where you might believe it's simple but not too simple to do the trick?

Dr. Mike is the best

I've spotted the mistake in pi and I think worse of you

4:31 where's the 35?

Are you trying to backdoor us? :O

Mike why you wearing makeup in this video???

Love me some Dr Pound!

I wouldn't trust NSA if they told me water was wet. We really need to find a more trustworthy authority for our cryptography needs.

nobody else noticed that he got the digits of pi wrong at 4:28 ? he missed out a 35

What if we use a md5 hash and then hash the hash with sha1?

I didn't understand where he was coming from about using numbers that are proven to be random nonsense until he used the magician picking the number '24' and then doing a trick with it.

“Adjusted by NSA”? Nah mate, cannot be a coincidence, 100% sure its for making it weaker😂😂

SAY WHAT !?

(unsubscribed)I can't roll my own encryption using Computerphile vids…..PI = 3.14159265358979…..

Do an episode about "OrpheanBeholderScryDoubt" 🙂

He loves to rip off people

You are wrong about the first digits of PI, you missed a 35. They are: 3.14159265 35 8979

Proof of the number.

I was shocked when u mentioned 26589 , in pi how and when pi was changed

Then realized u were carried away by topic , and messed up with the pi

"mathematical numbers"

So, just numbers then?

For example is I used sha256(random_string), or the first however many bits I need from it? It'd be pretty damn hard to chose the random string such that it hash comes up to be something useful.

I don't trust AES S-box values.