A Simple Guide to Encryption

Hash Functions
Hash functions are quite a different kind of encryption than either symmetric or asymmetric key encryption. The main difference is that hashes cannot be decrypted to reveal the original plaintext. Most importantly, they do not encrypt the data character-by-character. A hash function produces a fixed-length string called a digest. Every hash produced by a particular hash function is the same length, no matter the length of the plaintext.

Because the output of a hash is fixed-length, this type of encryption is very useful in particular circumstances. One of these applications is in encrypting passwords. When the length of the password is known, a brute force attack can be designed to try only combinations of letters of the desired length. When the length is hidden, the adversary must try all lengths as well as all combinations, exponentially increasing the time required for a successful brute force attack. In a password application, the hashed password (the fixed-length encrypted digest) is stored on the website, usually in a database or file. The next time a user needs to be authenticated, the user enters his password on the website. The website then hashes the password and compares it to the stored hash of the correct password. If the two hashes are equal, the user has entered the correct password.

Another application of hashes is in identifying identical files. It would take a very long time to compare exactly the contents of multiple files. It would, however, be very easy to compare a number of short strings of letters and numbers that represents the content of the file. This is precisely how file sharing programs like Kazaa group files with different filenames together. It also keeps two different files with the same filename from being identified as the same file. Hashing files is also a way of verifying that an executable is safe to install. Many websites that allow users to download free software include the hash of the software package file. The user can then hash the file after it has been downloaded. This ensures that the file was downloaded correctly and that the file was not replaced by a malicious program such as a worm or virus.




Back - Asymmetric Key Encryption Next - SSL under Apache or
Next - SSL in cPanel