Hashing and Digital Signatures - 1.4
Summary
Hashing converts data into a fixed-length, unique value to ensure integrity, while digital signatures use hashing and encryption to verify the authenticity, integrity, and non-repudiation of messages.
Notes:
Hashing
Hashing is a cryptographic process that converts data into a fixed-length string of characters, known as a hash value or digest. The output is unique to the input data.
Hashing is a one-way function, meaning that the original data cannot be derived from the hash value.
Hashing provides data integrity by allowing two parties to compare hash values. If the hash values match, it confirms that the data has not been altered in any way.
Salting
Salting involves adding a unique, random value to data before hashing, ensuring that even identical inputs produce different hash values. This makes it harder for attackers to use precomputed tables (e.g., rainbow tables) to break hashed data.
Salting is particularly useful for hashing passwords, as it significantly increases the difficulty of cracking hashed passwords, even if two users have the same password.
Hashing Algorithms
Hashing is performed using cryptographic hashing algorithms, such as SHA-256 (Secure Hash Algorithm - 256 bits). These algorithms generate a unique hash value for each distinct input and are resistant to collisions.
Modern hashing algorithms are designed to minimize collisions, which occur when two different inputs produce the same hash value. Collision resistance is crucial for ensuring data integrity.
Applications
Hashing is used for securely storing passwords in databases, verifying file integrity, creating digital signatures, protecting blockchain transactions, and other applications that require data integrity and tamper detection.
Digital Signature
A digital signature is a cryptographic mechanism that ensures the authenticity, integrity, and non-repudiation of a message or document. It combines hashing and encryption processes to achieve these security objectives.
How is a Digital Signature Created?
Step 1: Hashing the Data
First, the message or document that needs to be signed is passed through a hashing algorithm (such as SHA-256). This process generates a fixed-length hash value (a unique digital fingerprint) representing the contents of the message.
Note: Hashing is a one-way process, meaning that the original message cannot be reconstructed from the hash value.
Step 2: Encrypting the Hash with the Private Key
The sender encrypts this hash value using their private key. The encrypted hash value is the digital signature.
Private Key: The private key is a confidential part of an asymmetric key pair, known only to the sender.
Encrypting the hash ensures that the digital signature is unique to both the message and the sender, guaranteeing that only the sender, who possesses the private key, could have created the signature.
Step 3: Sending the Message and Digital Signature
The sender transmits both the original message and the digital signature to the recipient, who will use the sender's public key to verify the signature.
How is a Digital Signature Verified?
Step 1: Hashing the Received Message
The recipient hashes the received message using the same hashing algorithm to generate a hash value.
Step 2: Decrypting the Digital Signature
The recipient then decrypts the digital signature using the sender's public key. Since the digital signature was created by encrypting the original hash with the sender's private key, decrypting it with the corresponding public key should yield the original hash value.
Step 3: Comparing Hashes
The recipient compares the hash value they generated from the received message with the hash value obtained from decrypting the digital signature.
If the two hash values match, it confirms that the message has not been altered during transit (ensuring integrity) and that it was indeed sent by the legitimate sender who holds the private key (ensuring authenticity).
Summary
Private Key: Used by the sender to encrypt the hash value and create the digital signature. The private key is kept secure and never shared.
Public Key: Used by the recipient to decrypt the digital signature, thereby verifying the authenticity and integrity of the message.
Hashing: Ensures that even the smallest change in the message will produce a different hash, making tampering easily detectable.
Digital signatures ensure that the message is secure, authentic, and has not been altered during transmission.
Note: In practice, digital certificates issued by a trusted Certificate Authority (CA) are used to validate public keys and confirm the authenticity of the sender's identity.