Hashing, Salting, Encoding and Encrypting
One of the most asked questions when you say you are a cybersecurity engineer is that whats the difference between hashing, encoding and encryption.
Many great blogs are available out there to answer that question. I try to make things simple so a layman gets it right.
Hashing
Hashing is a one way function where the given string is converted to fit in to a fixed length string using hashing algorithms. Simply put its a set of rules that convert the text in to a fixed length text. Hashing is basically used to check the authenticity of data. Assume you have a file that should be downloaded from a website. First you hash the file and digitally sign it. Now you hash the signed file too and encrypt(will talk about this later).
The browser that downloads the file at the client end will get these two hash values from the file. Now it employes the same hashing mechanism and generates its own set of hashes. If these two hashes match the ones with the file downloaded, then the browser knows that the file has not been modified in the network and can be trusted.
Before going to the common hashing algorithms, one word of caution - There have been multiple instances of Collision in the history of cryptography. Collision is a situation where two different files generate the same unique hash values. This makes the algorithm useless. It is expected that the algorithm always and always generates one unique value for a given entity and no other entity can have this unique value. Algorithms namely MD4 and MD5 which generate collisions and have been rendered useless for this reason.
Common hashing algorithms -
MD5 - message digest algorithm is a widely used hash function that generates a 128-bit hash value. It can be used as checksum to verify data integrity but only against unintentional corruption of data.
SHA - Security hashing algorithm(SHA) is known for SSL/TLS cipher suites. SHA2 generates 256-bit hash value. SHA1 which also has collision vulnerabilities have been deprecated and SHA2 is now mandatory for SSL/TLS connections.
RIPEMD - Its an umbrella of hashing algorithms with lengths of 128, 160, 256 and 320 bit hash values. The 256 and 320 algorithms do not add any further security but help curtail the collision. RIPEMD is mostly used in bitcoin and cryptocurrencies.
WHIRLPOOL - Generates 512-bit hash values which are represented as 128-bit hexadecimal numbers.
Salting
It is a way used to has the passwords. Assume you have a password like "LetBeIt@123". You add some unique values(say 3 and 4) at the end of it or sprinkle in between the characters. So it becomes "Let3Be4It@123". The hash value of original and salted strings are going to be different. Its a way we can add security to the password and evade the attacker at guessing the actual password in a brute force attack.
Encoding
Encoding simply means transforming data from one form to another so that anybody and everybody can read it. So it makes use of publicly available mechanisms to transform data. Here the idea is not to keep the data secure or safe but to make sure the other party has all the capabilities to consume the transmitted data. Examples of encoding are - Reducing the size of files like audio and video files, HTTP transmission of special characters etc.
Encryption
The idea behind encryption is to transform data that can only be read by parties that it is destines for. It makes use of secrete keys. So when the listener has the secret key, only he can decrypt the data and consume. Its a two way function meaning to say one can encrypt at the origin and decrypt at the destination.
Historically the encryption has worked with private key cryptography where if the private key is lost, it is impossible to decrypt the data. So modern day encryption works on Public key cryptography. One public key is used to encrypt and the private key is used to decrypt. A simple example of this one is in SSL handshake to create a session at the server from the client side.
Most common encryption algorithms
AES - Advances Encryption Standard. It puts plaintext through a number of transformation rounds determined by key size, each round consisting of several processing steps. Its the most common algorithm with SSL/TLS
RSA - Rivest-Shamir-Adlemen(creators of RSA). It uses factorization of prime numbers to encipher plaintext.
ECC - Elliptic Curve Cryptography which relies on algebraic structure of elliptical curves over finite fields.
Many great blogs are available out there to answer that question. I try to make things simple so a layman gets it right.
Hashing
Hashing is a one way function where the given string is converted to fit in to a fixed length string using hashing algorithms. Simply put its a set of rules that convert the text in to a fixed length text. Hashing is basically used to check the authenticity of data. Assume you have a file that should be downloaded from a website. First you hash the file and digitally sign it. Now you hash the signed file too and encrypt(will talk about this later).
The browser that downloads the file at the client end will get these two hash values from the file. Now it employes the same hashing mechanism and generates its own set of hashes. If these two hashes match the ones with the file downloaded, then the browser knows that the file has not been modified in the network and can be trusted.
Before going to the common hashing algorithms, one word of caution - There have been multiple instances of Collision in the history of cryptography. Collision is a situation where two different files generate the same unique hash values. This makes the algorithm useless. It is expected that the algorithm always and always generates one unique value for a given entity and no other entity can have this unique value. Algorithms namely MD4 and MD5 which generate collisions and have been rendered useless for this reason.
Common hashing algorithms -
MD5 - message digest algorithm is a widely used hash function that generates a 128-bit hash value. It can be used as checksum to verify data integrity but only against unintentional corruption of data.
SHA - Security hashing algorithm(SHA) is known for SSL/TLS cipher suites. SHA2 generates 256-bit hash value. SHA1 which also has collision vulnerabilities have been deprecated and SHA2 is now mandatory for SSL/TLS connections.
RIPEMD - Its an umbrella of hashing algorithms with lengths of 128, 160, 256 and 320 bit hash values. The 256 and 320 algorithms do not add any further security but help curtail the collision. RIPEMD is mostly used in bitcoin and cryptocurrencies.
WHIRLPOOL - Generates 512-bit hash values which are represented as 128-bit hexadecimal numbers.
Salting
It is a way used to has the passwords. Assume you have a password like "LetBeIt@123". You add some unique values(say 3 and 4) at the end of it or sprinkle in between the characters. So it becomes "Let3Be4It@123". The hash value of original and salted strings are going to be different. Its a way we can add security to the password and evade the attacker at guessing the actual password in a brute force attack.
Encoding
Encoding simply means transforming data from one form to another so that anybody and everybody can read it. So it makes use of publicly available mechanisms to transform data. Here the idea is not to keep the data secure or safe but to make sure the other party has all the capabilities to consume the transmitted data. Examples of encoding are - Reducing the size of files like audio and video files, HTTP transmission of special characters etc.
Encryption
The idea behind encryption is to transform data that can only be read by parties that it is destines for. It makes use of secrete keys. So when the listener has the secret key, only he can decrypt the data and consume. Its a two way function meaning to say one can encrypt at the origin and decrypt at the destination.
Historically the encryption has worked with private key cryptography where if the private key is lost, it is impossible to decrypt the data. So modern day encryption works on Public key cryptography. One public key is used to encrypt and the private key is used to decrypt. A simple example of this one is in SSL handshake to create a session at the server from the client side.
Most common encryption algorithms
AES - Advances Encryption Standard. It puts plaintext through a number of transformation rounds determined by key size, each round consisting of several processing steps. Its the most common algorithm with SSL/TLS
RSA - Rivest-Shamir-Adlemen(creators of RSA). It uses factorization of prime numbers to encipher plaintext.
ECC - Elliptic Curve Cryptography which relies on algebraic structure of elliptical curves over finite fields.
Comments
Post a Comment