Hashing and Digital Signatures 6.1 Flashcards
Hashes
Represents data as a short string of text. It is known as a message digest. Once data has been hashed, it is impossible to recover the original message from the digest. This is used to store passwords for confidentiality. The stored hash is compared with the input of the user. We also can use them to verify that a downloaded document is the same as the original. It is also used as a digital signature for authentication, non-repudiation, and integrity. A fundamental characteristic of hashing algorithms is that two different messages will not have the exact same hash. This would be called a hash collision.
Collision
Hashing can be used for any type of message. I can be a graphics file, a disk image, or a sentence. Hashes create a fixed size string which is our message digest. The hash should be unique, different inputs should not create the same has. If they do, its called a collision.
Hashing Practical Use
Verify a downloaded file. Hashes may be provided on the download site. If you compare the hash of the downloaded file with the posted hash value, then you know your file is identical to what was posted. It’s common to use hashes when storing passwords. If you combine the password with a bit of salt, hash it.
Digital Signatures
You can combine a hash with an asymmetric encryption to create a digital signature. The digital signature is proof that a message sent, was not changed. Digital signatures also provide authentication. Additionally they provide non-repudiation so that we know that the message was not faked by someone else. You can also sign a file to prove that it was from you because nobody else can sign it with your signature. A message can also be verified that the file was unchanged because only your key will work with it.