Security 1: Encryption/ Decryption vs Hashing

The information technology sector is one of the world’s fastest-growing industries. At the same time, cybercrimes are also spreading around the world. Therefore the information security is more critical than before. So, this article explores data transfer and password hiding techniques.

When we consider information security, there are three main security goals.

  • Confidentiality
  • Integrity
  • Availability

The encryption/decryption and hashing can achieve the confidentiality of the information. Let’s try to understand these two mechanisms.

Data Encryption/Decryption

Plain Text — Orginal Message

Cipher Text — Encrypted Message

Algorithm — Encryption/Decryption Mechanism

Encryption is the method that hides the information’s true meaning by converting information into secret code. That means a plain text which is intelligible data is converted to ciphertext(encrypted data) using a key. The art or science of secret writing (encrypting and decrypting) is called cryptography.

Why do we need encryption?

  • Protect the information in transmission
  • Protect stored information

Some historical examples can describe the importance of data encryption. It was used by militaries and governments to protect sensitive information.

Some historical examples,

  • Julius Caesar has used an algorithm called ‘Caesar Cipher’ to send messages to his soldiers. The mechanism was that each plaintext letter is replaced by another letter.
  • ENIGMA algorithm was used by the German army in the second world war.

Encryption Methodologies

Confusion — The interceptor should not be able to predict what changing one character in the plaintext will to the changing. The main technique behind it is substitution.

A → B , P → Q , L → M , E → F

APPLE → BQQMF

Diffusion — The characteristics of distributing the information from a single plaintext letter over the entire ciphertext. The main technique behind it is Transposition (Permutation).

APPLE → PALEP

Good cipher uses both Confusion and Diffusion methods.

Types of algorithms

There are two types of algorithms when considering the key.

  1. Symmetric key algorithms (Secret key cryptography)
  2. Asymmetric key algorithms (Public-key cryptography)

Symmetric key algorithms

This algorithm uses a single private key shared between users. Symmetric key encryption is much quicker than asymmetric key encryption. When both users use the same key, they need to share the key. Therefore, it is not secure than asymmetric key encryption.

Symmetric key algorithms

Asymmetric key algorithms

This algorithm uses two different but logically linked keys. All users have pairs of keys, called ‘public key’ and ‘private key’. All users exchange their public keys with others. But the private key is kept very secure. Once the document is encrypted by someone’s public key, it can only be decrypted by the same person's private key. For example, the sender uses the receiver’s public key to encrypt the document and send it to the receiver. Then receiver has his private key to decrypt it.

This process is a little complex. Therefore, it is slower than the Symmetric-key algorithm. (Ex:- Rivest Shamir Adleman, Diffie Hellman Algorithm)

Asymmetric key algorithms

This is more secure than symmetric key algorithms. Because they don't need to exchange their key with the message. Some applications use symmetric key algorithms for share documents. But they use an asymmetric algorithm to exchange their keys. This system is more protective and fast.

Mostly encryption is used to transfer files, documents, messages, etc. Because information must be secure from the interceptor.

Hashing

Hashing algorithms are functions that generate a fixed-length result (the hash, hash value, or digest) from a given input. The hash value is a summary of the original data. (Ex:- MD5, MD6, SHA1, SHA256)

Properties of Hash function and the hash(digest)

  • The digest is not reversible (one-way function)
  • The digest size is fixed and it depends on the algorithm, not the input size.
  • The function can be applied to any sized message
  • Easy to compute for any message
  • Strong collision resistance

Usages of Hashing

  • Store passwords — achieve confidentiality
  • Verify a file after downloading — achieve integrity
  • Digital signature — achieve integrity

Password Hashing

Nowadays user password is very secure information. Therefore user password is not stored as plain text in the database. The best way to store passwords is hashing. Because it can’t be converted to plain text. If encryption is used, there is a way to decrypt it.

hash("password") = 2cf24dba5fb0a30e26e23b2ac5b9e29e1b161e5c1fa7425e7

But the security threads were not over. Hackers found a way to overcome it. It’s called the ‘Dictionary attack’.

Dictionary attack — is a password guessing technique by using well-known words or phrases. In simple words, hackers have some common passwords and the digest of the password. Then they can compare the given digest with this list of digests and find the corresponding password.

Dictionary attack

There are some websites to reverse hashed value using any particular hashing algorithm.

Example:- http://reverse-hash-lookup.online-domain-tools.com/

Password Hash Salting

To overcome the dictionary attack, security engineers take a step forward with a salting mechanism. Even the user chooses a common password, some characters are added to the password. That’s called salting. Those characters are unique and auto-generated. The hashing algorithms have used the password with salt.

Hashing algorithm,

Digest = Hash (Password + Salt)

Varify algorithm,

is_varified = Verify(Entered Password, digest from DB)

Since the algorithm uses unique salt, the password is protected from dictionary attacks.

Verify documents by Hashing

Hashing is used to ensure a document is correct and completed. As we know, the documents are sent as data packets. Therefore, some data packets can be lost. The sender generates a hash before sending the document and sends it with the document. Then the receiver can generate a hash after receiving it. If the two hash values are equal, they can ensure the document is completely received.

As you see, there are various types of usages in encryption and hashing. I hope you learn something new. If I missed any points, let me know your suggestion in the comment section.

Reference

BSc. (Hons) in Engineering, Associate Software Engineer at Virtusa