Hashing and Digital Signatures - CompTIA Security+ SY0-701 - 1.4
Understanding Cryptographic Hashes
What is a Cryptographic Hash?
- A cryptographic hash represents data as a short string of text, often referred to as a message digest or fingerprint. It serves as a digital representation of data stored elsewhere.
- Unlike encryption, hashes cannot be reversed to recreate the original data; they provide integrity by verifying that downloaded documents match their originals.
Uses of Hashes
- Hashes are essential in creating digital signatures, which ensure authentication, non-repudiation, and integrity.
- The SHA256 hashing algorithm produces 256 bits of information represented as 64 hexadecimal characters.
Characteristics of Hashing
- Minor changes in input (e.g., punctuation) lead to significantly different output hashes, highlighting the sensitivity of hashing algorithms.
- Unique inputs should yield unique outputs; if two different inputs produce the same hash value, it results in a collision.
Collision Issues with MD5
- Collisions are rare but have occurred with certain algorithms like MD5, which was found to have issues in 1996.
- An example illustrates how similar strings can produce identical hashes using MD5, leading to its recommendation against use due to security vulnerabilities.
Practical Applications of Hashing
- Common uses include verifying file downloads against posted hashes on websites for integrity assurance.
- Password storage utilizes hashing instead of plain text or encryption; ideally storing passwords as salted hashes enhances security.
Enhancing Password Security with Salting
- Storing passwords as hashes prevents knowledge of actual passwords; during login, user input is hashed and compared with stored values.
- Salting adds random information during hashing to create unique outputs even for identical passwords across users.
Rainbow Tables and Brute Force Attacks
- Rainbow tables compile possible inputs and their corresponding hashes for quick password recovery but become ineffective when salting is applied.
- While rainbow tables can quickly reveal unsalted passwords, brute force attacks take significantly longer when salts are used.
Example: Password Hashing Process
Understanding Digital Signatures and Hashing
The Concept of Hashing
- If someone gains access to a hashed database, they may perceive multiple passwords due to the use of different salts, while in reality, there is only one password.
- Hashes are integral in creating digital signatures, which serve as a digital equivalent of traditional signatures.
Integrity and Authentication through Digital Signatures
- A digital signature ensures that the message received has not been altered during transmission, providing integrity.
- It also authenticates the source of the message, confirming who sent it.
Non-repudiation and Verification Process
- Digital signatures offer non-repudiation; senders cannot deny sending a message if it includes their signature.
- The signing process involves using a private key to create the digital signature, which can be verified with the corresponding public key.
Trustworthiness of Information
- If verification fails (public key does not match), it indicates that the document has been tampered with, leading to distrust in its content.
Practical Application: Sending a Message
- When Alice sends an email saying "You're hired, Bob," she opts to include a digital signature by checking a box in her email client.
- The email client hashes the plaintext message and encrypts this hash with Alice's private key to create the digital signature.
Receiving and Verifying Messages
- Bob receives Alice's email containing both the plaintext message and her digital signature.
- To verify authenticity, Bob’s email client decrypts Alice's digital signature using her public key.
Final Verification Steps