Posts

Showing posts from August, 2018

Threats to Information Security and What the Hash you could do about it

Image
http://www.mfbzone.com/img/my%20pages/information.png What are Hash Functions? A cryptographic hash functions is a mathematical formula that helps you convert a given value to another value that is of a fixed length and is irreversible. The result is much smaller than that of the original input to the function and are comparatively faster (unlike in using cipher techniques). A good hash function will never result give the same result for two distinct inputs; even if a bit is changed the whole hash value changes (avalanche effect). I mentioned that hash functions are faster compared to ciphers. But they shouldn't be able to compute too quickly either, which may result in the function being labeled as brittle. These attributes of hash functions allows them to be used in multitude of real-world use cases like, Integrity protection in messages and software  Hashing the certificate in HTTPS Digital signature Creating database indexes https://cdn.auth0.com/blog/hashi

What the Hash. A Simple Guide to Hashing

Image
What is Hashing Hashing, plainly put is using hardcore mathematics to increase security on some "message". Hashing is a procedure that takes a variable length value as input and spits out a fixed length hashed value as output, also known as a hash, digest or thumbprint depending on the scenario the hashing is used in. This procedure is irreversible in a more general sense, but we can use some special procedures to understand the input value (more on that later). And most importantly, no two different inputs can produce the same output. The image below gives you a quick look at what I just blabbered. Why Hashing Now let's look at a practical example. Imagine a user registration and login scenario.  User enters his/her new credentials and clicks register which posts this username and password to the server. Server grabs the password and sends it through a hash function ( SHA256 in this case) and gets the hashed password in return. Server then stores th