Hashing and Digital Signatures Flashcards
Security+
What is a hash?
A hash represents data as a short string of text, acting as a message digest or fingerprint.
Why is a hash considered a one-way trip?
Because it is impossible to recover the original message from the hash digest.
How are hashes used for confidentiality?
Hashes are used to store passwords securely by creating a one-way representation that cannot be reversed.
What does a hash verify about a downloaded document?
It verifies that the downloaded document is the same as the original, ensuring integrity.
What is a digital signature?
A digital signature authenticates the source of a message, provides integrity, and ensures non-repudiation.
What do hash functions do?
Hash functions take an input of any size and create a fixed-size string known as a message digest or checksum.
Why should a hash be unique?
Different inputs should never create the same hash; if they do, it results in a collision.
What is a known issue with MD5?
MD5 has a collision problem and should not be used for important applications due to vulnerabilities.
How can hashes be used to verify downloaded files?
Hashes may be provided on the download site; by comparing the downloaded file’s hash with the posted hash value, you can verify its integrity.
How is password storage improved with hashing?
Instead of storing the password, a salted hash is stored, which adds randomness to the hash, enhancing security during the authentication process.
What is the purpose of adding salt to a password?
Salt is random data added to a password when hashing to make each hash unique, preventing the use of rainbow tables and slowing down brute force attacks.
What happens when the same password is hashed with different salts?
Each user gets a different random hash, resulting in the same password creating different hashes.
What does a digital signature prove about a message?
It proves that the message has not been changed (integrity), identifies the source (authentication), and ensures the signature is genuine (non-repudiation).
How is a digital signature created?
It is created by signing the message with a private key. The message itself does not need to be encrypted.
How is a digital signature verified?
It is verified using the public key; any alteration in the message will invalidate the signature.
