Lets Hash

What is hashing? Benefits & How to do it

FAISAL AL-ASWER - MCS141028
Faculty of Computing, UTM
Johor, Malaysia

What is Hash?
A hash value (or simply hash), also called a
message digest, is a number generated from a
string of text
How it looks like:
AAF4C61DDCC5E8A2DABEDE0F3B482CD9AEA9434D

What is Hashing?
It is the process to produce a hash value for a
text or a file using a hashing algorithm such as
MD5 or SHA1
MD5: Message Digest algorithm 5
SHA: Secure Hash Algorithm

Example of Hashing
Hashing the word : Hello, hello and helloo
SHA-1 for Hello:
F7FF9E8B7BB2E09B70935A5D785E0CC5D9D0ABF0

(160 bits)

SHA-1 for hello:

AAF4C61DDCC5E8A2DABEDE0F3B482CD9AEA9434D

(160 bits)

SHA-1 for helloo:

E97F3492F74C6B2568F049630AF27490531A2D16

(160 bits)

What Hashing is used for

Hashing plays an important role in:
- Information integrity
- Digital Signature (Authentication & Integrity)
- Password Records
- etc..

Integrity, how?

Lets Practice
A useful website called OnlineMD5
www.onlinemd5.com
This website is used to generate hashes and
also check the similarity of the hashes
- Available algorithms: MD5, SHA-1 and SHA256

Digital Signature
Purpose: Authentication of the origin of the message +
Integrity of message + Non-Repudiation
We encrypt the hash value instead of the file because we
do not need the purpose of confidentiality
Digital Signature is done through hashing + Asymmetric
Cryptography (private key to sign, public key to verify)

Digital Signature

Password Record
To prevent attacks on plaintext passwords
server, passwords usually hashed first, then the
server only keeps the hash.
Next time login the software or website will
generate the hash of the user password and
compare it with the stored hash, if equal then
access granted, otherwise reject access!

Password Record: Example 1

Mohammed is a new user to the
system, he creates the password
go123@max
go123@max hashed using SHA1:
AD079F1AB7FA81418300A7A74B
2F510EA3D98FDE
Then the hash above saved in the
server, not go123@max

Once Mohammed wants to login,

he will type in go123@max
The software or website will create
the hash of this password which is
AD079F1AB7FA81418300A7A74B
2F510EA3D98FDE
If the hash equals the one saved on
the server then the user is granted
to access!

Password Record: Example 2

If Mohammed forget or mistype his password, or someone else trying to
guess the password, for example, Mohammed types in go12@max
The system will generate the hash of go12@max as follows
5D6C3C954B8739020575BA33CA7EAB33ED558AD9
Which then when comparing with the actual saved hash on the server:
AD079F1AB7FA81418300A7A74B2F510EA3D98FDE
They are totally different therefore access is denied!

Conclusion
Hash is just a value, e.g. 32D14E221
Hash generated from input such as text or file
Many hash algorithms exist, MD5, SHA-1, SHA512, etc
Hash or message digest used for integrity, digital
signature and password record
Signing and Verifying must generate same hash
value otherwise integrity is compromised

Shukran Jazeelan :)
Thank you very much
B846144AC39CD99FEA5FF144BD23ACBF0309C09F

Any Questions?