Hashing | Notion

Ref: https://learn.cantrill.io/courses/2022818/lectures/45637122

YouTube: https://www.youtube.com/watch?v=ipljtD-ZdQ4

Hash Functions and Hashes

🔧 Hash function = algorithm that turns any input data (image, text…) into a hash or digest
- Examples of hashing algorithms: MD5, SHA-2 (256)…
- 🔧 Hash = fixed length representation (e.g. string) of the input data
- Hashing is used by many apps and tools (e.g. SSL certificates, Bitcoin…)
- Example: hashing an image with MD5

‼️ Important!! Memorize them!
1. Sensitivity → Any change (big or small) in input data will be reflected as a different hash value
2. 1-way → Can NOT retrieve the original data from its hash value
  - 💡 Getting a hash is fast & trivial, deriving original data however should not be possible except with brute force (try hashing all images in the world until you get the hash? Good luck!).
3. Predictability → Same hash function with same input data will ALWAYS give the same hash value
Hashing algorithm bad problems (ideally never happen):
1. Hash vulnerabilities (allow deriving input data from hash)
2. Hash collisions (two different inputs generate the exact same hash)

❗ Servers should NOT store passwords!
- If data leaks, passwords exposed, clients vulnerable!
- Even if passwords are encrypted, that's still risky! Bad actors could eventually decrypt!
Servers can INSTEAD store HASHES of passwords! → Much safer!
- To log in, client sends a hash of their password, server only verifies that hashes match
- If server data is leaked, bad actors only get hashes, which are much less useful!

Cross-location hashes can verify data integrity of e.g. files
- Customer downloads file, then hashes it
- Customer can check that their hash is the same as file's hash on the other location
- ❗ If hashes don't match, either file or hash has been altered!
Cross-location hashes should be identity verified, i.e. verify they're from author indeed!
- Normally hashes are digitally signed by authors to prove their identity