This time we will discuss about cryptographic Hashes.
These are the functions which can take as input any data - like, a string, a message, a file - and give as the output a fixed length string of random-looking characters.
This acts as 'fingerprint' of the message or a file.
It is a one-way function, meaning, that the 'hash' cannot be used to derive back the original data (whic was 'hashed').
One more thing: Any small change in the input data, the hash algorithm gives a completely different hash.
1- File verification or Checking integrity of Messages: Since a hash of a specific file or message will always be same, and any small change or corruption in file or the message changes the resulting hash completely; this fact can be used to verify a file/message for integrity.
2- Password Storage: Whenever you enter your password (in plaintext) in any website or applicatino, it is firstly converted into a hash, and then stored in the database. The original plaintext is never stored in the database, ensuring more safety.
Other uses include 'hash tables' for faster searching in database, etc.
Popular Hash Functions:
1- MD5 or Message Digest 5: It produces hashes that are 128 bits (or 32-hex characters) in length.
2- SHA or Secure Hash Algorithm: It comes in many flavors: 160 bit, 256 bit, etc.
Since there are finite numbers of characters in the generated hash; and the hash function tries to 'digest' or 'hash' all the different files/messages differently; as a result, hash-collisions may occur. Meaning, two different data may have same hashes!! If such problem occurs, the hash function is deemed as unworthy for real applications.
Naturally, the longer the length of hash, the less chances of collisions. For instance, SHA-256 will have fewer hash collisions than SHA-160 or the 128-bit MD5.
This was the concept of one-way functions known as Cryptographic Hash functions, which can produce specific-length 'fingerprints' for data messages or files.
In the next and the last post of this series, we will look at some methods to 'crack' passwords (which are stored as hashes); and we will also get the implemented tool for 'Cracking MD5 Hashes using Wordlist'.
Bye till then.