The hash has become a powerful method of verification and security. In this video, you’ll learn about hashing, message digests, and the MD5 and SHA hash types.
<< Previous: User AuthenticationNext: Physical Security Controls >>
Hashing is a way to take a group of data, really, of any size and represent it as something called a message digest. Just a small string of text. We can take an entire book, create a hash from that book, and present you with one single line of text that would represent the information that was in that book. This is not an encryption of that data, it’s simply a way to represent all of that data as a string of text. And we call that a message digest.
This is a one-way trip. If we create a hash from a group of information, we’re not able to undo that hash and somehow retrieve the original information. This is perfect for storing passwords then. We can take a piece of information like a password, hash it, and there would be no way to determine what the original password was once we created the hash. We can also use this for digital signatures.
I can create a hash from a book, but if any letter is changed inside of that book and I create the hash again, those two hashes will be very different. And by using this in a digital signature form, I can be assured that nothing has changed with that original piece of information. What’s interesting about the cryptographic algorithms that are used to create these hashes is there can only be one hash for a piece of information. That means we should never see a duplicate hash appear for different kinds of information. We would call that a collision.
Different things have different hashes. The only way to get exactly the same hash is if we were trying to examine exactly the same piece of information. That’s one very significant characteristic of a hash is that it’s always exactly the same size. So if I was to take a hash that is ‘my name is Professor Messer.’ the SHA256 hash is listed here. You can see those 64 characters in the hash.
If I take this same information and simply change the period to an exclamation mark and perform the same hashing algorithm to it again, I get a very different SHA256 hash. You can see that everything about this hash is very different than the original. Let’s put them side by side and you can see just how different these two hashes are. All I did was change one character in the hash, but you can see this you can’t discern that either of these is even close to being exactly the same information. And that the only difference would be the punctuation mark on the end.
Another popular hashing algorithm is MD5, this stands for message digest algorithm 5. It was designed by Ronald Rivest, his name is literally the R in RSA. It was first published in April of 1992. It replaced the MD4 algorithm before it, and it provided with 128-bits of a hash value. In 1996, however, vulnerabilities were found with MD5 where there were collisions identified– this is a good example of this– where we have two individual pieces of information and the red marks are the things that are different between them.
And even with all of those differences, the MD5 hash turned out to be exactly the same between them. And in December of 2008, researchers were able to create a certificate authority certificate that looked absolutely legitimate if you compared it based on the MD5 hashes. This is something that caused a lot of people to decide that MD5 would not be appropriate for use for our certificates, and instead some other kind of hashing algorithm would be a better choice. A popular hashing algorithm used today is the secure hash algorithm or SHA. This was developed by the United States National Security Agency, the NSA, and it is a very widely used standard for US government work.
One of the original SHA standards is SHA-1. It was a 160-bit digest, it was widely used in the US government. But in 2005, a number of collision attacks were found, and a new version of SHA was created called SHA-2. Today this is the preferred version of SHA that you might use. It’s a 512-bit digest and you’ll find that most people are no longer using SHA-1, and if they are using some type of secure hash algorithm, they’re opting to use SHA-2.