Understanding Hash Functions

Maybe now you’ll finally understand the name of our blog

Hashing is simply the practice of using an algorithm to map data of any length to a fixed-length output. It’s useful in a number of ways and plays a role in several different types of encryption. We’ve designed this article to help explain what hashing is and how it interacts with the encryption process.

What is Hashing?

Hashing is mapping data of any length to a fixed-length output using an algorithm. Typically, the hashing algorithm most people know of is SHA-2 or SHA-256. That’s because it’s the current standard for SSL encryption.

The purpose of hashing is authentication. And to illustrate this, we’ll use an example.

Let’s say I’m sending you a message and you want to ensure that what you’re receiving is what I intended. Or to put it another way, you want to make sure that the message hasn’t been altered. To do this, I’m going to send you the message, then I’m going to send you a hash value and the algorithm I used to hash it. An algorithm is really just a set of steps or procedures. So I send you a message and the hash value. When you receive the message, you’re going to re-hash it to see what value it produces. If the values are the same, then the message hasn’t been tampered with.

Keep in mind, no two pieces of data can produce the same output. If they do, this is called a collision and the algorithm is deemed unsafe. Google did this in 2017 to prove that SHA-1 was unsafe. That’s why we now use SHA-2 (also known as SHA-256, for the length of its output – 256 characters long).

Hashing is essentially a one-way function. It’s technically possible, but at this point infeasible to reverse a hash.

How is Hashing Used?

You’ll oftentimes find hashing used in conjunction with Digital Signatures. For instance, say I want to perform a code signing. The actual code is far too large for my private key to sign, so instead I’ll first hash the data and then sign it.

When a user downloads the code, it’s going to verify the signature, then it’s going to run the same hash function against the code to see if it produces the same hash value. Provided it does, everything checks out and you’re good to go. If not, you know something has happened to the software and the download is aborted.

If you’re interested in learning more about hashing, or staying up-to-date on industry trends, subscribe to our blog Hashed Out.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 Troubleshooting a Name Mismatch in Web Browser

A Name Mismatch in the Web Browser occurs when the common name listed on an SSL certificate doesn’t match the name displayed in the URL bar. In order for an encrypted connection to commence, both the name on the certificate and the name in the URL...

 Explaining the Chain of Trust

A brief overview of PKI (Private Key Infrastructure) and why your certificate is trusted. One of the most common questions we field is in relation to the “Chain of Trust.” If you’ve ever had any questions about roots, intermediates or how SSL...

 Combining Multiple Intermediate Certificates

Due to the limitations on select browsers and mobile devices, Certificate Authorities often do not have their Intermediate Certificates deployed for various reasons such as size limitations. Without these Intermediate Certificates being either...

 SSL Frequently Asked Questions

Have Questions? We’ve Got Answers. Get all the help you need from our friendly SSL experts. Sales/Order Processing Why are we cheaper? We are a very important Symantec & Comodo Platinum Partner and we purchase SSL certificates in extremely...

 How to Create a .pem File for SSL Certificate Installations

.pem SSL Creation Guide SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file. This article contains multiple sets of...

Powered by WHMCompleteSolution