Cryptographic hashing produces a one-way message, digest that is used for integrity and password storage.
Cryptographic hashing. This is not encryption or decryption. Hashing algorithms create a unique numeric hash value. That is like a summary or a digest of a message. The idea is that no two pieces of data can create the same hash value when running through the same hashing algorithm. Now it is possible for two different messages to get the same hash value as if a very small key is used or if a hacker is trying a collision attack. This is not really something to worry too much about, but do be aware that even hashes can be cracked. The most important thing to remember is that hashing is one way you cannot derive the plaintext from a hash value. Remember you can create a hash from a document. You cannot recreate the document from the hash, even if you have the key so instead of confidentiality, hashing is used for integrity. If we take a hash and then later take another hash. If those two hashes match, we know the data was safe. If data is changed, then taking the second hash will result in a different value, some uses for hashing our message, digests, which really is just a name for the hash value off. So digital signatures, which we will talk about next and message, authentication codes or ma is ma. C’S do not offer non-repudiation because they use a shared secret key, but they are less vulnerable to attacks where the hacker has access to the hashing algorithm and puts in their own plaintext to try to figure out the key. By what comes out, you may have seen hash values that go with files that you download from the internet, and you use the hash value to make sure that the file that you have downloaded has not been messed with, like malware, has not been added to it. Cryptographic, hashing is also used all the time for password storage, user passwords are hashed and then those hashes are what is stored in the database. This allows passwords to be stored securely, not in plaintext when a user enters their password. The entered value is hashed and then that hash value is checked against the stored hash. Therefore, many passwords cannot be retrieved only reset, because there is no overview of passwords anywhere. Really, no one knows it, but you.
A cryptographic hashing algorithm is a mathematical function that takes any sized blocks of data and returns fixed size bitstreams and we are not going to go into the math behind hashing. No matter what size of the input the digest is a fixed length. Even though we just have the word Fox for this input, we get the same 40, digit, hexadecimal or 160-bit message, digests that we do for any of the other inputs, no matter how long they are. Even with the tiniest change just one letter between over an hour, the resulting message digest is drastically different. It is not, as you might have expected, the same for most of the characters, with just a few numbers or one block being different. This is a good thing now, even when the letters are the same, except for two of them are in a different border. We still have completely different message digests. This is a desirable attribute of a good hashing algorithm.
We start with our message in plain text, we run it through the hashing function and we get the resulting message digest or hash value you take that hash value and encrypt it with the sender’s private key. That is one half of the asymmetric key pair remember the result is the digital signature. We take that digital signature and attach it to the message and then send the two off together to the recipient, now notice that the message itself is not encrypted in this example. So that means we do not have confidentiality. Encryption could be added to the message if we wanted to, but we did not have it for this example now on the recipient, send they receive the message and the digital signature. Now the recipient needs to perform two distinct functions on these two various parts. One function is to take that message: run it through the same hash function and get a resulting hash value. The other thing they need to do is to decrypt the digital signature using the sender’s public key now remember, the sender’s public key can only decrypt things that have been encrypted with the sender’s private key, and only the sender has that key. So, if this works, we now have verified that the sender is in fact whom we think it is. That’s authenticity and the sender cannot later say “Hey, that was not me that sent that message.” That’s non-repudiation, so the recipient has two hash values. They compare those two hashes if they are the same, we know the message has not changed during transmission. That’s data integrity.
When encryption is used to protect transmissions that pass over the Internet. That is called transport encryption transport encryption adds the benefits of cryptography, vatu, otherwise insecure protocols. This is for confidentiality and to prevent man-in-the-middle attacks. So, with transport encryption, a VPN is secured with IPSec. We have talked about this in other lessons. Also in web browsers, TLS and SSL can be applied to many different situations like the unsecured HTTP will become the secured HTTPS and for data transfer and remote management. Secure shell takes the place of the internet and SFTP takes the place of FTP. Remember I said that we can use symmetric and asymmetric together with impressive results, while TLS is an example of this hybrid TLS uses asymmetric encryption for the key exchange, but then symmetric encryption is used to protect all future communications again, the best of both worlds.