Wednesday, January 9, 2013
In my last post I have mentioned about working differences between hashing and encryption. Based on their working, today I am going to post when and where we should use this processes for security.
It should be used a hash function when we want to compare but can't store the plain value. Passwords should always be hashed . This is because we don't want recover the stored password rather we would compare betwwen stored and input data. We also use hashing to check for pirated files. It is also used to verify whether two files  are identical. This is helpful when we download a file from internet and can check successfully whether the downloaded file and file on server are same. Hash functions are also great for signing data. For example, if we are using HMAC, you sign a piece of data by taking a hash of the data concatenated with a known but not transmitted value (a secret value). So we send the plain-text and the HMAC hash. Then, the receiver simply hashes the submitted data with the known value and checks to see if it matches the transmitted HMAC. If it is the same, we know it wasn't tampered by a party without the secret value. This is commonly used in secure cookie systems by HTTP networks, as well as in message transmission of data over HTTP where we want some validity to the data.

The probability of a collision is astronomical for small input sizes. That's why it's recommended for passwords. For passwords up to 32 characters, MD5 has 4 times the output space. SHA-1 has about 6 times the output space. SHA-512 has about 16 times the output space. You must have seen that in many sites if you forgot your password then you are provided with a page to enter new password and old password is never recovered.
Encryption should be used whenever we need to get the input data back out. If we are storing credit card numbers, we need to get them back out at some point of time, but don't want to store the plain text. So instead, store the encrypted version and keep the key as safe as possible. This key is important as if someone gets this key then the value can be decrypted very easily.


Post a Comment

Total Pageviews

Subscribe via Email


Popular Posts