Demystifying Hashing: The Unsung Hero of Secure Communication.

Hey everyone, In this first newsletter, let's dive into the fascinating world of hashing, an essential tool in our digital security arsenal.

What is Hashing?

Imagine a one-way street for data. That's essentially what hashing represents. It takes data of any length and transforms it into a unique, fixed-size code called a "hash." Think of it as a digital fingerprint for your message.

Why is it important?

Hashing offers several crucial benefits:

• Authentication: Ensures the message hasn't been tampered with during transmission. If any changes occur, the hash will differ, raising a red flag.
• Non-repudiation: Provides proof that a specific sender sent the message and can't deny it later (think of a digital receipt).
• Integrity: Guarantees the message's completeness, meaning no bits were lost or added in transit.

How does it work?

Different algorithms, like SHA-256 or MD5, perform the hashing magic. While the specifics differ, the core principle remains:

1. Input the message: Feed the data you want to secure into the hashing function.
2. Transformation: The algorithm processes the information through complex calculations, generating a fixed-length hash.
3. Verification: When the recipient receives the message and the accompanying hash, they re-hash the received data.
4. Comparison: If both hashes match, the message is deemed authentic and unaltered. Any discrepancy indicates tampering.

Hashing algorithms

Here are some of the mainstream algorithms which do Hashing in modern day world.

• SHA

Secure hashing algorithm SHA has been promoted by NIST. It has following variant: SHA1, SHA2, SHA3. The original SHA1 takes any number of input and produces the 160 bit of keys. It processes the message in 512 bits block so if the data is not there- it pads the data till it reaches the 512 bits. SHA1 has been breached and is now not used in as a standard. SHA-2 has been accepted as an alternate for now. It has 4 variants:

1. SHA256: It generates 256 bit of message digest using 512 bits of data.

2. SHA-224 Truncated version of SHA-256 and produces a data of 224 bits using 512 bit message size.

3. SHA-512 Generates 512 message digest using 1024 bit block size.

4. SHA 384 Truncated version of SHA 256 and produces 384 bit of data using 1024 bit block.

US Federal government has now used SHA-3 as a standard hashing algorithm.

• MD2

Message digest 2 is a version created by Ronald Rivest of RSA. It provides hashing for 8 bit processors. MD2 pads the message to a multiple of 16 bytes. It then computes the 16-byte checksum and generates as 128 bit digest. A check at the end is also appended.

• MD4

It is meant to be used on 32 bit processors. It first pads the message to ensure that the length of the message is 64 bit less than 512 bits. E.g. if a message is 400 bits- it pads it till the size reaches 448 bits. It then performs three round of encryption. The end size of the hash is 128 bits. This was broken too by showing it can create collision.

• MD5

The digest is 128 bits using 512 bits of message. The requirement is same- the message must be 64 bit less than 512 bits. It was shown later that there the two certificates with the different public key can generate a same MD5 hash. This is therefore now considered as insecure.

Hashing and Digital Signatures: A Powerful Partnership

Hashing plays a pivotal role in digital signatures, another crucial security element. Here's the simplified flow:

1. Alice creates a hash of the message using a secure algorithm like SHA-3.
2. She encrypts the hash with her private key, forming the digital signature.
3. Alice sends the signed message to Bob.
4. Bob decrypts the signature using Alice's public key, verifying it originated from her.
5. He re-hashes the message and compares it with Alice's hash to confirm no tampering occurred.

Remember: While hashing and digital signatures are powerful tools, they don't guarantee complete security against all threats. Encryption in transit remains essential for added protection.

Usually, digital signatures are not actually applied to the full data. Instead, the data (in the case the x.509 certificate) is hashed, and only the resulting hash is signed.

hash functions are a necessary part of the process of creating a digital signature.

Most signature algorithms are not designed to be able to securely and/or efficiently sign long messages directly, so the first step of each algorithm is usually to hash the message being signed, reducing it to a fixed length which the rest of the signature algorithm is able to effectively process.

Similarly, signature verification algorithms involve hashing the message being verified, then performing some set of operations on the signature to check whether it corresponds to that hash. Here it how it comes together in one picture:

Stay tuned for the next newsletter, where we'll delve deeper into some other cool topic of cloud, Security, AI and other general.