In this article we will talk about What is Hashing?, and in previous article we already discussed about Improve Availability of a Network.
Users need to know that their data remains unchanged while at rest or in transit. Hashing is a tool that ensures data integrity by taking binary data (the message) and producing a fixed-length representation called the hash value or message digest.
The hash tool uses a cryptographic hashing function to verify and ensure data integrity. It can also verify authentication. Hash functions replace clear text password or encryption keys because hash functions are one-way functions. This means that if a password is hashed with a specific hashing algorithm, it will always result in the same hash digest. It is considered one-way because with hash functions, it is computationally infeasible for two different sets of data to come up with the same hash digest or output.
Every time the data is changed or altered, the hash value also changes. Because of this, cryptographic hash values are often called digital fingerprints. They can detect duplicate data files, file version changes, and similar applications. These values guard against an accidental or intentional change to the data and accidental data corruption. Hashing is also very efficient. A large file or the content of an entire disk drive results in a hash value with the same size.
Hashing is a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse. Grinding coffee is a good analogy of a one-way function. It is easy to grind coffee beans, but it is almost impossible to put all of the tiny pieces back together to rebuild the original beans.
A cryptographic hash function has the following properties:
- The input can be any length.
- The output has a fixed length.
- The hash function is one way and is not reversible.
- Two different input values will almost never result in the same hash values.
Hash functions are helpful to ensure that a user or communication error does not change the data accidentally. For instance, a sender may want to make sure that no one alters a message on its way to the recipient. The sending device inputs the message into a hashing algorithm and computes its fixed-length digest or fingerprint.
Simple Hash Algorithm (8-bit Checksum)
The 8-bit checksum is one of the first hashing algorithms, and it is the simplest form of a hash function. An 8-bit checksum calculates the hash by converting the message into binary numbers and then organizing the string of binary numbers into 8-bit chucks. The algorithm adds up the 8-bit values. The final step is to convert the result using a process called 2’s complement. The 2’s complement converts a binary to its opposite value, and then it adds one. This means that a zero converts to a one, and a one converts to a zero. The final step is to add 1 resulting in an 8-bit hash value.
Click here to calculate the 8-bit hash for the message BOB.
1. Convert BOB to binary using the ASCII code.
2. Convert the binary numbers to hexadecimal.
3. Enter the hexadecimal numbers into the calculator (42 4F 42).
4. Click the Calculate button. The result is the hash value 2D.
There are many modern hashing algorithms widely used today. Two of the most popular are MD5 and SHA.
Message Digest 5 (MD5) Algorithm
Ron Rivest developed the MD5 hashing algorithm, and several Internet applications use it today. MD5 is a one-way function that makes it easy to compute a hash from the given input data but makes it very difficult to compute input data given only a hash value.
MD5 produces a 128-bit hash value. The Flame malware compromised the security of MD5 in 2012. The authors of the Flame malware used an MD5 collision to forge a Windows code-signing certificate. Click here to read an explanation of the Flame malware collision attack.
Secure Hash Algorithm (SHA)
The U.S. National Institute of Standards and Technology (NIST) developed SHA, the algorithm specified in the Secure Hash Standard (SHS). NIST published SHA-1 in 1994. SHA-2 replaced SHA-1 with four additional hash functions to make up the SHA family:
- SHA-224 (224 bit)
- SHA-256 (256 bit)
- SHA-384 (384 bit)
- SHA-512 (512 bit)
SHA-2 is a stronger algorithm, and it is replacing MD5. SHA-256, SHA-384, and SHA-512 are the next-generation algorithms.
Integrity ensures that data and information is complete and unaltered at the time of its acquisition. This is important to know when a user downloads a file from the Internet or a forensic examiner is looking for evidence on digital media.
To verify the integrity of all IOS images, Cisco provides MD5 and SHA checksums at Cisco’s Download Software website. The user can make a comparison of this MD5 digest against the MD5 digest of an IOS image installed on a device. The user can now feel confident that no one has tampered or modified the IOS image file.
The field of digital forensics uses hashing to verify all digital media that contain files. For example, the examiner creates a hash and a bit-for-bit copy of the media containing the files to produce a digital clone. The examiner compares the hash of the original media with the copy. If the two values match, the copies are identical. The fact that one set of bits is identical to the original set of bits establishes fixity. Fixity helps to answer several questions:
- Does the examiner have the files he expects?
- Is the data corrupted or changed?
- Can the examiner prove that the files are not corrupt?
Now the forensics expert can examine the copy for any digital evidence while leaving the original intact and untouched.