This series “Digital security” is from my notes prepared for certifications.
Encryption deals with the process of substituting plaintext with ciphertext.
The reverse of encryption seeks to generate the plaintext from the ciphertext.
If it was enough to validate the equality or just to identify a common message between two parties, encryption is not necessary.
A hash algorithm performs a mathematical operation on the entire data(plaintext) to generate an output(digest) that is much smaller than the input.
In many cases, the output size is only a tiny fraction compared to the original data. Unlike encryption, hashing is irreversible.
A hash/digest is a fingerprint of the original message.
If some data was commonly known/shared to two parties, then they only need to agree on a common hashing algorithm to check if both had the same data.
Well known hash algorithms:
MD5(Message Digest Algorithm) was the most common hash algorithm,
SHA(Secure Hash Algorithm)-1, SHA-3 produce 160 bit digest.
SHA-2 has 6 variants of varying digest size:
- SHA-224 : 224 bit digest
- SHA-256: 256 bit digest
- SHA-384: 384 bit digest
- SHA-512: 512 bit digest
- SHA-512/224: 512 bit digest truncated to 224 bits.
- SHA-512/256: 512 bit digest truncated to 256 bits.
DSA (Digital Signature Algorithm) is used exclusively for the purpose of signatures and certificates.
MD5 and SHA-1 have been compromised and are not preferred in security/signature applications. They’re still used to verify data integrity in non-trivial use cases.
Passwords are stored only as a digest of the original password. This prevents any user from reverse engineering the digest.
.
kskspeaking 