This link has been bookmarked by 156 people . It was first bookmarked on 24 Jun 2006, by Eoin Lane.
-
10 Feb 18
-
07 Apr 14
-
01 Sep 13
-
06 Aug 13
-
22 Feb 13
-
11 Feb 13
-
A "hash" (also called a "digest", and informally a "checksum") is a kind of "signature" for a stream of data that represents the contents.
-
try changing just one character of a small test file. You'll find that even very small changes to the input yields sweeping changes in the value of the hash
-
Encryption transforms data from a cleartext to ciphertext and back
-
"Encryption" is a two-way operation
-
compile a stream of data into a small digest (a summarized form: think "Reader's Digest"), and it's strictly a one way operation
-
Verifying file integrity
-
Hashing passwords
-
It's a bad idea for computer systems to store passwords in cleartext
-
there is no way to find out for sure "what password produced this hash?"
-
salt. This is a random bit of text added to the cleartext passwords before running through the hash function
-
Digitally Signed Documents
-
one signs (encrypts with one's private key) the hash of the document, the result of which is a digital signature
-
different chunks of data produce the same hash value, this is known as a collision
-
nobody has found a collision yet
-
Exploiting weak collision resistance: If we are able to create two inputs that generate the same hash, digital signature become suspect
-
Exploiting weak preimage resistance: If we are able to "work backwards" from a hash and create some text that produces the same hash, we can use this to beat hashed passwords
-
Exploiting second weak preimage resistance: As with preimage resistance, we want to fool somebody into authenticating our data as genuine
-
So what's the big news?
-
Five hundred twelve bits of hash holds 1.34 x 10154 possible values, which is far, far more than the number of hydrogen atoms in the universe [ref]. This is likely to be safe from brute-force attacks for quite a while.
-
we are not crypto experts
-
-
16 Jul 12
Kiran KuppaA "hash" (also called a "digest", and informally a "checksum") is a kind of "signature" for a stream of data that represents the contents. The closest real-life analog we can think is "a tamper-evident seal on a software package": if you open the box (change the file), it's detected.
Let's first see some examples of hashes at work. -
27 Jun 12
-
14 Apr 12
-
06 Apr 12
-
Fig. 1: Encryption - a two-way operation
Hashes, on the other hand, compile a stream of data into a small digest (a summarized form: think "Reader's Digest"), and it's strictly a one way operation. All hashes of the same type - this example shows the "MD5" variety - have the same size no matter how big the inputs are:
-
Fig. 2: Hashing - a one-way operation
"Encryption" is an obvious target for attack (e.g., "try to read the encrypted text without the key"), but even the one-way nature of hashes admits of more subtle attacks. We'll cover them shortly, but first we must see for what purposes hashes are commonly used.
-
We'll note here that though hashes and digests are often informally called "checksums", they really aren't. True checksums, such as a Cyclic Redundancy Check are designed to catch data-transmission errors and not deliberate attempts at tampering with data. Aside of the small output space (usually 32 bits), they are not designed with the same properties in mind. We won't mention true checksums again.
-
How are hashes used?
-
Verifying file integrity
-
- if the website publishes the hash values of its download bundles, you can check it yourself. For instance, the ProFTPD project (an excellent open source FTP server) publishes their hashes:
-
Now it's just a matter of running the md5sum command on the file you downloaded and comparing it with the published values.
-
Important!
When considering hash values, close does not count!If the hashes being compared differ in any way, even by just a single bit, the data being digested is not the same! There is no equivalent of "roundoff error" or "almost" in cryptographic hashes.
-
Hashing passwords
-
"hashing is not encryption".
-
- A more secure way is to store a hash of the password, rather than the password itself. Since these hashes are not reversible, there is no way to find out for sure "what password produced this hash?" - and the so consequence of a compromise is much lower.
![[Password Hashing]](../images/password-hash-1.gif)
-
Note - in practice there is usually an additional wrinkle to hashed passwords: the introduction of what's known as a salt. This is a random bit of text added to the cleartext passwords before running through the hash function, and in the examples above, the salt is between the $ signs. This step improves the security of the stored hash, but we're not going to elaborate on this step in this document.
-
-
06 Mar 12
-
24 Feb 12
-
11 Oct 11
-
28 Dec 10
-
10 Sep 10
-
09 Sep 10
-
04 May 09
Rodrigo de OliveiraWith the recent news of weaknesses in some common security algorithms (MD4, MD5, SHA-0), many are wondering exactly what these things are: They form the underpinning of much of our electronic infrastructure, and in this Guide we'll try to give an overview
artigo criptografia explicação geek hash segurança from_delicious
-
20 Mar 09
-
11 Jan 09
-
18 Aug 08
-
02 Aug 08
-
10 Jul 08
-
28 May 08
-
11 Mar 08
-
07 Mar 08
-
28 Feb 08
-
07 Nov 07
-
24 Sep 07
-
18 Sep 07
-
10 Sep 07
-
27 Aug 07
-
16 Apr 07
-
11 Apr 07
-
23 Jan 07
-
25 Oct 06
-
24 Oct 06
-
16 Sep 06
-
23 Aug 06
-
07 Aug 06
-
27 Jul 06
-
24 Jun 06
-
07 Jun 06
-
07 Apr 06
-
23 Jan 06
-
07 Sep 05
linkmessHow do computer administrators keep all those passwords secret? hashes.
-
27 Aug 05
-
03 Aug 05
-
28 Jul 05
-
29 Jun 05
-
24 Jun 05
-
30 Apr 05
-
28 Apr 05
-
27 Apr 05
tanuki_workA readable explanation of cryptographic digests known as hashes. It's a bit too introductory to be useful with regard to password hashing, which is interested in being computationally expensive rather than simply collision resistant (what hashing for integrity needs, as discussed here). Also this is an old reference so consult something newer.
-
15 Apr 05
-
26 Mar 05
-
17 Mar 05
-
16 Mar 05
-
26 Feb 05
-
21 Feb 05
-
20 Feb 05
-
18 Feb 05
-
16 Feb 05
jeanjordaanA "hash" (also called a "digest", and informally a "checksum") is a kind of "signature" for a stream of data that represents the contents. The closest real-life analog we can think is "a tamper-evident seal on a software package": if you open the box (cha
-
10 Feb 05
-
31 Jan 05
Miska LahtiA "hash" (also called a "digest", and informally a "checksum") is a kind of "signature" for a stream of data that represents the contents.
-
12 Jan 05
-
03 Jan 05
-
02 Jan 05
-
03 Nov 04
-
07 Oct 04
-
06 Oct 04
-
05 Oct 04
-
04 Oct 04
-
02 Oct 04
-
27 Sep 04
-
25 Sep 04
-
29 Aug 04
-
28 Aug 04
-
27 Aug 04
-
25 Aug 04
-
Robert FeldtInteresting pedagogically, by mixing clear descriptions with visually enhancing diagrams and figures
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.