Hashing functions play a vital role in digital security — hashing functions do everything from providing tamper resistance for email communications to securing your software supply chainJust look back at your day so far and try to think how many times you have accessed a website, received an online message, or sent an email. Did you worry that someone could intercept your message and tamper with it? For most of us, the answer would be no. The major credit here goes to the use of hashing algorithms — a technological invention that plays a key role in taking cryptography where it is today. Show
Do you want to know the importance of hashing algorithms to the world of security? Just ask Yahoo. In 2016, it was discovered that the hackers breached and obtained data of 500 million users. Research from Venafi shows that “a surprising number” of Yahoo’s digital certificates used weak hashing algorithms (i.e., MD5), which could certainly result in data breaches and other security issues. But what is a hashing algorithm? How do companies use hashing functions and why is hashing important to data security? Let’s break it all down, starting with a quick hashing definition. Then we’ll move on to talking about some of the ways you can use hashing within your organization. What Is Hashing? A Hashing DefinitionIn cryptography, hashing is a process that allows you to take data of any size and apply a mathematical process to it that creates an output that’s a unique string of characters and numbers of the same length. Thus, no matter what size or length of the input data, you always get a hash output of the same length. More specifically, hashing takes input data (such as a password or a file) and pairs it with a hashing algorithm (i.e., a mathematical algorithm or hashing function) to create a unique output of a specific length. This output, called a hash value or a hash digest, represents the original data without making that original data known or available to access. This can be used for everything from data organization to file integrity verification. Because this process is virtually irreversible, it means that hashing is a one-way cryptographic function. Hashing Algorithms Create Outputs of Fixed LengthsLet’s see hashes of two different words on application of SHA-256 hashing algorithm:
As you can see, despite the obvious difference in the size (of the text!), you get the output of the same size. But what happens if you just make a tiny change to one of the words? Let’s these changes affect the hash values for the same word:
Input variation #1: DInosaur — 9e4a334d6d23566ddedbba353057fe8b1ff6d8999cc3eff2222beec170de1558 Input variation #2: DinosauR — a5ed440e539385d0fad5ae3debb994ccb0092f20375c05b16a7860a9bbb739fb Input variation #3: DinosAur — 05ca80d5308ce846f13eb4e9ee31deb7f5ea93eb347b87c83d5cfe573b6c2ac0 Do you see how the hashes are completely different for the same word? The only difference, as you can see, is that we’ve capitalized some of the letters. So, the conclusion here is that hashes cannot be the same for different inputs — they’re always unique. Where You Can Find Hashing In ActionBecause of this unique functionality, hashes are used in identifying or comparing files or databases. For example, when you create a password for a new email account, the email service provider saves the hash value of your password on its server. So, whenever you try to log in, it compares the hash value of the password you just entered to the hash value it has saved on its server. It grants you access if both pieces of data match. Hashing functions are often used in conjunction with digital signatures. Some of the uses of hashing we’ll talk about later include:
Why Hashing (and Hash Functions) MatterHash functions are important to data security because they allow users to verify the integrity of the files or online communications they receive. Hashing helps you protect your files against unauthorized changes and alterations so that your users can realize that they’ve been changed in some way. You can think of hashing as the digital equivalent of tamper-resistant product packaging; if anyone tries to mess with it, then the person who buys the package will recognize that it’s been altered. No matter the input or size, hashing makes sure that it’s packed in the same sized packaging, although no packaging is identical. What Makes a Strong Hash Algorithm (Hash Function)Hashing functions play a significant role in cryptography as they carry important characteristics that help in data authentication and keep sensitive data (like passwords) secure. These characteristics include the following: IrreversibilityHashing algorithms are one-way functions — you can’t figure out the original input data using the hash value. This means that you can easily convert an input into a hash, but you can’t derive the input from its hash value (so long as the hashing algorithm isn’t broken). This is important because hashes are used in many functionalities, such as storing passwords on public servers. Because it’s irreversible, bad guys can’t reverse engineer the password from the hash even if they get their hands on the password hash database. Now you get why companies (good ones) don’t store your passwords in plaintext. DeterminismThe output length of all hashing algorithms should be the same, regardless of the length of the input size. It comes in handy for allocating space for the digest in a data structure, file format, or network protocol field, as you know how much length it’ll require. It also helps to keep hackers from knowing how large the original input was because all outputs, regardless of how long or short the original input is, are fixed length and don’t vary. Collision ResistanceIn hashing, a collision is said to have occurred when hash values of two different inputs produce identical outputs. In such a case, cybercriminals can fool the computer into believing that they have the original input data, even if they don’t have it. This is known as a hash collision attack. Let’s say attackers have found out that the hash value of your password and another input share the same hash value. Now, they can use the hash value of the input – which is not the same thing as the input (password) itself – as the hash value of your password to log into your account even if they don’t have your password in the first place. Another concern is rainbow tables. Bad guys can create massive numbers of precomputed password-hash combination “chains” and then winnow the information down to storing just the first and last password-hash combination, creating what’s known as a rainbow table. This table enables them to quickly look up unsalted password hashes to figure out the original password inputs. This is why all hashing algorithms must be resistant to collisions. One way to mitigate collisions in password hashing and mitigate the risk of rainbow table attacks is to use salting. (We’ll speak about salting more in a minute.) Avalanche EffectAs we saw in the above-given example of the word ‘dinosaur,’ even the smallest change in the input results in a significant change in the hash value output. This ensures that no one can decipher the original text. This is known as the ‘avalanche effect’ because it’s similar to the concept of how the tiniest change or shift in the snow build-ups on a mountainside can trigger an avalanche. SpeedWhen a use enters the password of his/her account, they expect to log in in microseconds. This can only happen if the hashing function performs at extremely high speed in creating hashes. However, not all hashing functions are supposed to be quick. Some functionalities require hashing functions to be slow. This is seen in the calculation of a password hash. In this situation, you want the calculation to be slower to make it harder (i.e., more time consuming) for attackers to brute-force users’ passwords (if the password hash database gets stolen) or carry out rainbow table attacks. Types of Hashing AlgorithmsWhen it comes to types of hashing algorithms, the major ones are classified in their families. Let’s have a look at three of the most prevalent families of hashing algorithms.
Apart from these, some other popular hashing algorithms include BLAKE 3, RIPEMD-160, and WHIRLPOOL, etc. Hashing and Encryption Are NOT the SamePeople often get confused between hashing and encryption. We can’t blame them, seeing as how they seem quite similar when it comes to their functionalities. However, there’s a stark difference between the two of them:
Now that you know what a hashing function is and how hash functions are beneficial to businesses, let’s explore how they work. How Do Hashing Algorithms Work?As we touched on earlier, a hashing function takes a piece of data and runs it through a mathematical algorithm. The input data size doesn’t matter — whether you’re hashing a password or the entire Encyclopaedia Britannica, that hashing algorithm will generate a fixed-length output. This means that both inputs will result in outputs of equal length. In many algorithms, this is made possible by dividing the input data into several small blocks of the same size. If the size is less, then it’s compensated by adding a string of 0s and 1s, known as padding. In some methods of hashing, that original data input is broken up into smaller blocks of equal size. If there isn’t enough data in any of the blocks for it to be the same size, then padding (1s and 0s) can be used to fill it out. Here’s a slightly more advanced graphic that illustrates how hashing works when taking an input and dividing it into multiple smaller data blocks: Okay, having this foundational knowledge about hashing is good. But how does hashing play a role in your everyday data security? 4 Ways Your Company Can Use Hashing Algorithms to Secure DataSince its inception, hashing has been a revelation for modern-day computing. Not only has it had a transformative impact on security, but it also has found uses in many other functions. Let’s explore three use applications of hashing algorithms in the world of security. 1. Ensures Data Integrity in SSL/TLS HandshakeHashing plays a crucial role in SSL/TLS handshakes, which are used when it comes to data encryption and identity verification in websites. In the secure TLS protocol, the client creates a digital signature by creating one-way hash from a random value generated during the handshake. This data is encrypted by the private key of the SSL/TLS certificate and then verified through decryption. This helps to ensure the integrity of data that’s part of the handshake. 2. Allows Users to Securely Store Their Passwords on Your SiteThanks to its irreversibility and collision resistance, hashing algorithms come quite handy when it comes to storing passwords on a server. Whenever a user submits his/her user ID and password, the former is stored in plaintext while the latter is stored in its ‘salted,’ hashed version in the server database. Whenever a user tries to log in, its user ID is searched in the database. If it matches, then the hash values of entered password and the stored password are also compared. If that also matches, the user is given access to the respective account. But what do we mean by salting? Here, the term ‘salting’ means that the website adds a random integer to the end of the password (like changing the password “TweetyBird” to “TweetyBird1”). This changes the entire hash of the password, thereby increasing the unpredictability of the hash to mitigate collisions and protect it against hash table lookups and rainbow table attacks. 3. Assures Data Integrity in Emails & Messaging AppsYour data is the most vulnerable when it’s being transmitted. A perpetrator might want to intercept and tamper with the data for their benefit. This is where hashing algorithm comes into play. Let’s say you’re sending a message to someone but want to ensure that the receiver receives the message in its original unaltered format. To do that, you can send both the message and its hash value to the recipient. On the other hand, the recipient can compare the hash value of the message with the hash value sent by you. Thus, ensuring that no modification is done while being transmitted. Such data integrity check is usually implemented in emails and messaging apps, although they run in the background within the email or chat clients, so users don’t see them happening. 4. Ensures File Integrity Assurance Through Code Signing Certificates & Digital SignaturesAnother major use of hashing algorithms comes in code signing certificates. Code signing certificates are used to provide unique identity through digital signature for various files such as applets, macros, plug-ins, codes, and other executable files before publishing on the internet. This combination of hashing and digital signatures helps you to provide identity assurance and data integrity assurance:
Here, a hashing algorithm is applied to the code/executable, which then results in creating a hash digest. That resulting hash value is then signed using the certificate’s private key, which results in creating the digital signature. A digital signature, code signing certificate, and hash function information form a signature block, which is placed in the software that an end-user receives. Thus, the end user’s computer first checks the authenticity of the certificate and then of the hash value using the hash function — providing two-layered authentication. Be sure to check out our resource on code signing best practices. What Users See When They Install Your Digitally Signed SoftwareWhen users download or try to install software applications, one of the two following warning messages typically appears. Here’s a side-by-side comparison of what users see when they try to install unsigned software versus digitally signed software: Code signing enables your verified organization’s name to display as the verified publisher in Windows User Access Control (UAC) pop-ups.1 All unsigned software and executables that are signed using standard code signing certificates trigger Windows Defender SmartScreen warnings. Here’s an example of an unsigned software application: But what if you don’t want Windows Defender SmartScreen warning to trigger? Certain types of code signing certificates (i.e., extended validation code signing certificates) can get rid of the SmartScreen messages altogether because Windows operating systems and browsers automatically trust them. This means that these warning messages will no longer display when users download and install your software. Which of the following are hashing algorithms?Hashing algorithms are just as abundant as encryption algorithms, but there are a few that are used more often than others. Some common hashing algorithms include MD5, SHA-1, SHA-2, NTLM, and LANMAN. MD5: This is the fifth version of the Message Digest algorithm. MD5 creates 128-bit outputs.
Which term refers to the ability to verify that information has not been altered?Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.
Which encryption uses the same key to encrypt and decrypt information?In symmetric encryption the same key is used for encryption and decryption. It is therefore critical that a secure method is considered to transfer the key between sender and recipient.
Which of the following refers to is the protocol designed to query databases to look up and identify the registrant of a domain name?WHOIS (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is also used for a wider range of other information.
|