The Birthday Paradox

Vsauce! Kevin here. I’ve got 23 babies. Which means there’s a 50% chance one of
them can hack one of the others and replace their DNA. Wait. Humans can’t hack each other. Yet. But computers can and luckily for us, it turns
out that the fine folks at BitDefender are big fans of Vsauce2. And I’ll get into the ways Bitdefender is
a great solution for protecting your devices, like… that open wifi connections aren’t
safe, but why exactly? And how can you get hacked for connecting
to public, unsecured wifi? But first, what do hacking and babies have
in common? Birthdays. Let me explain. Each one of these babies has a random birthday,
meaning that they each have the same chance of having been born on any 1 of the 365 days
in a year. So, what are the odds that two of them share
the same birthday? We’ll keep it simple: no twins, no leap
years, no patterns that suggested parents made their babies at non-random, specific
times. The odds aren’t 23 out of 365, which would
be about 6%. The odds are actually 50%. There’s a 50% chance that out of 23 random
people, 2 have the same exact birthday. Which seems impossible given that we’ve
got so few babies and so many possible birthdays. And if we have just 50 babies, the odds of
a birthday match jump up to 97%. At 75, it’s 99.97%, making it a virtual
certainty that when you get 75 babies together — or 75 things with birthdays, they don’t
have to be babies — two of them will share a birthday. The Birthday Paradox is a veridical paradox. It’s surprising and absurd-sounding, but
we have the math to prove it’s true. How is it possible that so few babies can
have such a high chance of sharing a birthday? And how is it that despite 365 possibilities,
we only need a sixth of that number to be pretty sure there’s a match? The easiest way to do this isn’t to — excuse
me, babies. Babies… aw, jeez. Awww, jeez. Babies… erasing babies! Alright, that’s not good. The easiest way to do this isn’t to calculate
the probability that two of any number of babies share the same birthday; it’s to
calculate the probability that they don’t. To do that, we assume that Baby #1 has been
born. So, the probability of this baby having a
birthday is 1, or 365/365. Then we multiply that by Baby #2’s probability
of not sharing that birthday: 364/365. We multiply that result by Baby #3’s probability
of not sharing a birthday with either Baby #1 or Baby #2, which is 363/365… and we
keep doing this for as many babies as we want to calculate the odds for. At Baby #23, we’re multiplying by 343/365. To simplify this calculation we can write
it as — 364! Factorial — we’ll start with 364 because 365 over 365 is just 1, over 342! Because 365 minus our 23 babies gives us 342,
times 365 days out of the year raised to the 22nd power which is our 23 babies minus baby
one again. — and the result of the whole equation gives
us .492703, or about 49.3%. Again, that’s the probability we don’t
have a birthday match with 23 babies, so we subtract this from 1 to find the chance that
we do, which is 0.507297, which is about 50.7%. The trick here is that every baby is being
evaluated against each other; I actually broke my pen trying to make all these evaluation
lines. it’s not whether Babies #2 through #23 share
a birthday just with Baby #1 — to have a 50% match with a single, pre-defined birthday,
like a 50% chance of finding a match with Baby #5’s specific birthday, we’d need
a pool of 253 babies — which sounds about right and isn’t particularly surprising. This is whether any two babies share any birthday
with one another. The high probability, 50%, with a low baby
count, 23, is surprising, but the math works. And if we keep extending the series and the
results show that with 100 babies — fewer than a third of the possible birthdays in
a given year — the chances of a match are 99.99997%, which means the chances of NOT
having a birthday overlap would be just .00003%, or 3 in 10 million. If we replace our birthday babies with online
passwords, we’ve got the basis for a type of hack known as the Birthday Attack. When you make a password for a website, that
password is crunched into a fixed-length hash value that stores and identifies the combination
of characters you input. So like, “12345” becomes, “827ccb0eea8a706c4c34a16891f84e7b.” Simple. When the MD5 message-digest algorithm was
a standard for encryption, its 128-bit, 32-hexadecimal hashes were vulnerable to a hack based on
my babies. The goal was to find and force a collision
— when two hashes have the same exact value regardless of what that value is. So like if Vsauce2.doc and Kevin.doc had the
same hash value I could change information in one and affect the other or I could eventually
use collisions like this to decode the encryption algorithm itself and learn how it works. And the best way to do that wasn’t a trial-and-error,
or “brute force” attempt to guess a specific match in the 3.4 × 10^38 possible outcomes
in a 128-bit hash. It was putting the Birthday Paradox to use. Hackers developed an algorithm based on the
math of the birthday paradox to more quickly cause hash collisions and ultimately crack
one of the most widely-used cryptographic algorithms of its time. So, probability surrounding birthdays helped
lead to the improvement of internet security. And right now online, as long as 70 people
are watching this video at the same time, there’s a 99.9% chance two of you blow out
birthday candles on the same day of the year. So… when were you born? And as always — thanks for watching. Okay now. Here’s how you can get hacked by connecting
to open wifi. Whenever you connect to a WIFI network, your
phone or laptop will remember it and then automatically connect to it when in range. Now, if you only connected to secured WIFI
networks, you’re fine. If, however, you connected to just one open
WIFI in your device’s history, an attacker will have an easy time hijacking your device. All WIFI enabled devices, when not connected,
constantly broadcast their known WIFI access point list. Basically, they keep shouting “is Starbucks
here?” “is McDonalds here?” is “the Airport here?” and so on. Attackers can listen for these broadcasts
and once they see their target asking for something that looks like an open WIFI they
just create a new one with that same name. All the devices that have that name in their
memory will then automatically connect to the attacker’s imposter wifi. And once you’re connected to their wifi,
the attackers are inside your device. So first of all, don’t do that to other
people. Don’t be an attacker. And second of all, stop cyber attacks before
they begin by protecting all of your privacy, data and devices with Bitdefender’s award-winning
2019 security suite. Which includes Bitdefender VPN to protect
you from those open wifi attacks. Trusted by over 500 million users and for
a limited time for new users in the U.S. and Canada, they’re offering your first six
months for free. Six months. Half a year of cybersecurity for free. So find the link below to get yours right
now. It’s free. Six months, for free. So. Uh, click that. Click that down there. And thank you, Bitdefender for supporting
Vsauce2. And my birthday babies.

About the author


  1. Hey I just recently passed 4 million subscribers and just wanted to thank each and every one of you!!! Now if you'll excuse me I have a cup of babies to finish drinking.

Leave a Reply

Your email address will not be published. Required fields are marked *