What should you know about Hashing & Encryption?

Β·

4 min read

In today's world, where information begins to be worth a lot, in a world where danger lurks at every step in the form of data leakage, hacking into systems and databases, encryption and hashing are standard. Although there are exceptions to the rule, where passwords are saved in databases as plain text. Can this be called data security? I do not think so!

Encryption and hashing allows us to ensure data security, secure communication and secure data in the event of possible leaks.

Thanks to these solutions, we care about our safety!

Encryption

It consists in replacing plain text, readable by a human, into secret text - a ciphertext. It is a form obtained by a series of transformations and substitutions that cannot be read or decrypted without knowing the encryption key. In other words, encryption is the process of keeping sensitive data such as usernames, passwords, credit cards, and banking details safe from hackers.

We divide encryption into 3 types:

  1. Symmetrical

    In symmetric encryption, we have one key with which we can encrypt and decrypt data. This key can be a number, a string, or a word. Both the user and the web server should have the same key to complete the encryption / decryption process.

    Advanced Encryption Standard

    AES is a type of symmetric ciphers that encodes 128-bits of data at a time. The key that is used to decrypt the data can be of different sizes like 128-bit, 192-bit, or 256-bit.

  2. Asymmetrical

    In this type of encryption, we have two keys, one for encryption and one for decryption. The public key is used to encrypt the data and the private key is used for decryption. In this way, the information provided by the browser and the server remains safe.

    Rivest-Shamir-Adleman

    RSA algorithm works by factorizing the multiple of two large prime numbers. RSA is a weak algorithm because of the different vulnerabilities that have been exploited by hackers many times. This algorithm works slower when a large amount of information requires to be encrypted or decrypted.

  3. Hybrid

    As the name suggests, this is an encryption technique that uses the effectiveness of both asymmetric and symmetric cryptography to minimize their disadvantages.

Where do we use encryption?

The purpose of encryption is to keep messages secret and securely transmitted or stored. Encryption should guarantee confidentiality, integrity and availability (only to authorized recipients who have the key).

Hashing

It is enumerated using a unique fixed-length string hash function for any text. An important feature of hashing is the fact that it is an irreversible process, i.e. based on a specific hash, we are not able to determine what the content of the input text was.

Hash algorithms:

  • Message-Digest Algorithm 5 (MD5)

As a successor to MD4, it covered a lot of security threats but failed to provide full data security services. Though widely used, the main issues being raised with the use of MD5 are its vulnerability and collisions.

  • Secure Hash Algorithm (SHA)

In 2005, security vulnerabilities in SHA-1 were identified, which proved to be too weak and vulnerable to attacks that SHA-2 is resistant to, so in 2015 certification authorities replaced products based on SHA-1 with products using the SHA- algorithm. 2.

We currently have SHA-3. It can be used for digital signatures.

πŸ‘‡πŸ‘‡πŸ‘‡ You can check SHA256 in action here πŸ‘‡πŸ‘‡πŸ‘‡.

sha256algorithm.com

Salted hash

To mitigate the damage that a hash table or dictionary attack can do, we salt passwords. In line with the OWASP guidelines, a salt is a value generated by a cryptographically secure function that is added to the input of the hash function to create unique hashes for each input, whether or not the input is unique. The salt makes the hash function look nondeterministic, which is good because we don't want to expose duplicate passwords through our hashing.

Thanks to this, the same passwords have different hashes!

Where do we use hashing?

Hashing is used to create a unique identifier, thanks to which it will be possible to determine whether a specific content, e.g. a file or a string of characters, is identical to the original. This function is used, inter alia, in to store passwords. When we register in a system, our password is hashed and its hash is stored in the database.

You can use hashing in cryptographic applications like a digital signature.

I hope you liked the post. If so, leave something behind! I will be pleased for each comment!

Β