๐Ÿ”

Cryptographic Hashes Overview

Jul 23, 2025

Overview

This lecture explains cryptographic hashes, their uses in verifying data integrity, password security, and digital signatures, and highlights key algorithm differences and best practices.

Cryptographic Hash Basics

  • A cryptographic hash creates a short, unique string (message digest or fingerprint) representing data.
  • Hashes are not reversible; you cannot recreate original data from the hash.
  • Hash functions ensure data integrity, verifying that documents have not been altered.

Hashing Algorithms and Collisions

  • SHA-256 is a popular hash algorithm producing a 256-bit, 64-hex character output.
  • Even small input changes result in very different hashes; this prevents easy guessing.
  • A collision occurs when two different inputs produce the same hash, which is a security flaw.
  • MD5 is insecure due to collision vulnerabilities and should be avoided.

Practical Uses of Hashes

  • Hashes verify downloaded files by comparing computed and published hash values.
  • Hashing is used to securely store passwords, never storing them in plain text.
  • Passwords are stored as hashes, usually with an added random value called a salt.

Password Hashing and Salting

  • Salting adds random data to passwords before hashing, resulting in unique hashes even for identical passwords.
  • Salting prevents rainbow table attacks, which use precomputed hashes to reverse simple hashes quickly.
  • Brute-force attacks are slowed by salting, making password cracking much harder.

Digital Signatures

  • Digital signatures use hashes to authenticate the origin and integrity of digital messages.
  • Creating a digital signature involves hashing the message and encrypting the hash with the sender's private key.
  • Recipients verify signatures by decrypting them with the senderโ€™s public key and comparing hashes.
  • Digital signatures ensure authentication, integrity, and non-repudiation.

Key Terms & Definitions

  • Cryptographic Hash โ€” A function that converts data into a fixed-size string, unique to the input.
  • Message Digest โ€” Another term for the output of a hash function.
  • SHA-256 โ€” A secure hash algorithm producing a 256-bit output.
  • Collision โ€” When different inputs result in the same hash value.
  • MD5 โ€” An outdated hash algorithm vulnerable to collisions.
  • Salt โ€” Random data added to input before hashing to create unique hashes.
  • Rainbow Table โ€” A precomputed table mapping inputs to hashes for quick reversal.
  • Digital Signature โ€” An encrypted hash used to verify message origin and integrity.
  • Non-repudiation โ€” Assurance that a sender cannot deny their messageโ€™s authorship.

Action Items / Next Steps

  • Avoid using MD5 for hashing; prefer SHA-256 or stronger algorithms.
  • Use salting when storing password hashes for increased security.
  • Review digital signature processes in your email or file transfer applications.

Full transcript