🔑

Understanding Cryptographic Hashes and Signatures

Feb 23, 2025

Lecture on Cryptographic Hashes and Digital Signatures

Introduction to Cryptographic Hashes

  • Cryptographic hash: Represents data as a short string of text.
    • Also known as a message digest or fingerprint.
  • Key Characteristics:
    • Not encryption: Cannot recreate original data from the hash.
    • Used to verify document integrity.
    • Integral to digital signatures for authentication, non-repudiation, and integrity.

Hashing Algorithms

  • SHA-256:

    • Produces 256-bit output, represented as 64 hexadecimal characters.
    • Demonstrates sensitivity to changes: Even a single character change results in a completely different hash.
    • Designed to avoid collisions (two different inputs producing the same hash).

  • MD5:

    • Known for collision issues: Different inputs can produce the same hash.
    • Example: Slightly different text inputs yielding the same hash.
    • No longer recommended due to collision vulnerabilities.

Practical Uses of Hashing

  • File Verification:

    • Ensures downloaded files match the original posted versions (e.g., Linux distributions).

  • Password Storage:

    • Passwords stored as hashes, usually salted, to prevent plaintext storage and potential decryption.
    • Salt: Random data added to passwords before hashing to increase security.

  • Rainbow Tables:

    • Precompiled inputs with associated hashes: Used for reverse engineering.
    • Salt disrupts rainbow tables by randomizing resulting hashes.

Digital Signatures

  • Purpose:

    • Ensure the integrity and authenticity of messages.
    • Provide non-repudiation: Verifies the origin of a message.

  • Creation Process:

    • Signer uses their private key to create a digital signature.
    • Recipient verifies with the sender's public key.

  • Email Example:

    • Sender: Alice sends a message to Bob, "You're hired, Bob."

      • Uses hashing algorithm to create a hash of the message.
      • Encrypts the hash with her private key to create a digital signature.
      • Sends the message and signature to Bob.

    • Recipient: Bob receives the message, verifies the signature.

      • Decrypts the digital signature using Alice's public key.
      • Compares the resulting hash to a newly calculated hash of the received message.
      • If hashes match, confirms the message's integrity and authenticity.

This process underlines the significant cryptographic work involved in digital signatures, despite the simplicity of user interfaces for sending signed communications.

Full transcript