Ref: https://learn.cantrill.io/courses/2022818/lectures/45637122
YouTube: https://www.youtube.com/watch?v=ipljtD-ZdQ4
Hash Functions and Hashes
- 🔧 Hash function = algorithm that turns any input data (image, text…) into a hash or digest
- Examples of hashing algorithms: MD5, SHA-2 (256)…
- 🔧 Hash = fixed length representation (e.g. string) of the input data
- Hashing is used by many apps and tools (e.g. SSL certificates, Bitcoin…)
- Example: hashing an image with MD5
Hash Properties/Rules
- ‼️ Important!! Memorize them!
- Sensitivity → Any change (big or small) in input data will be reflected as a different hash value
- 1-way → Can NOT retrieve the original data from its hash value
- 💡 Getting a hash is fast & trivial, deriving original data however should not be possible except with brute force (try hashing all images in the world until you get the hash? Good luck!).
- Predictability → Same hash function with same input data will ALWAYS give the same hash value
- Hashing algorithm bad problems (ideally never happen):
- Hash vulnerabilities (allow deriving input data from hash)
- Hash collisions (two different inputs generate the exact same hash)
Some Hashing Use Cases
Hashing Passwords
- âť—Â Servers should NOT store passwords!
- If data leaks, passwords exposed, clients vulnerable!
- Even if passwords are encrypted, that's still risky! Bad actors could eventually decrypt!
- Servers can INSTEAD store HASHES of passwords! → Much safer!
- To log in, client sends a hash of their password, server only verifies that hashes match
- If server data is leaked, bad actors only get hashes, which are much less useful!
Verifying Data Integrity with Hashing
- Cross-location hashes can verify data integrity of e.g. files
- Customer downloads file, then hashes it
- Customer can check that their hash is the same as file's hash on the other location
- âť—Â If hashes don't match, either file or hash has been altered!
- Cross-location hashes should be identity verified, i.e. verify they're from author indeed!