Understanding Hash Functions

Maybe now you’ll finally understand the name of our blog

Hashing is simply the practice of using an algorithm to map data of any length to a fixed-length output. It’s useful in a number of ways and plays a role in several different types of encryption. We’ve designed this article to help explain what hashing is and how it interacts with the encryption process.

What is Hashing?

Hashing is mapping data of any length to a fixed-length output using an algorithm. Typically, the hashing algorithm most people know of is SHA-2 or SHA-256. That’s because it’s the current standard for SSL encryption.

The purpose of hashing is authentication. And to illustrate this, we’ll use an example.

Let’s say I’m sending you a message and you want to ensure that what you’re receiving is what I intended. Or to put it another way, you want to make sure that the message hasn’t been altered. To do this, I’m going to send you the message, then I’m going to send you a hash value and the algorithm I used to hash it. An algorithm is really just a set of steps or procedures. So I send you a message and the hash value. When you receive the message, you’re going to re-hash it to see what value it produces. If the values are the same, then the message hasn’t been tampered with.

Keep in mind, no two pieces of data can produce the same output. If they do, this is called a collision and the algorithm is deemed unsafe. Google did this in 2017 to prove that SHA-1 was unsafe. That’s why we now use SHA-2 (also known as SHA-256, for the length of its output – 256 characters long).

Hashing is essentially a one-way function. It’s technically possible, but at this point infeasible to reverse a hash.

How is Hashing Used?

You’ll oftentimes find hashing used in conjunction with Digital Signatures. For instance, say I want to perform a code signing. The actual code is far too large for my private key to sign, so instead I’ll first hash the data and then sign it.

When a user downloads the code, it’s going to verify the signature, then it’s going to run the same hash function against the code to see if it produces the same hash value. Provided it does, everything checks out and you’re good to go. If not, you know something has happened to the software and the download is aborted.

If you’re interested in learning more about hashing, or staying up-to-date on industry trends, subscribe to our blog Hashed Out.

  • 0 Users Found This Useful
     Was this answer helpful?

Related Articles

 What is the Difference Between SHA-2 and SHA-2-Full-Chain

While you’re generating your SSL/TLS Certificate you may see an option to select a from 2 different hashing algorithms. You’re given a choice between SHA-2 and FULL SHA-2. SHA-2 is also sometimes referred to as SHA-256. But what’s the difference,...

 How to Check a Certificate’s Expiration Date (Chrome)

Get certificate information on any website in just a few clicks. Checking your SSL certificate’s expiration date on Google Chrome is fairly easy. Depending on which version of Chrome you’re running, it can be done within just a few clicks. Here’s...

 Troubleshooting Insecure Content

One of the most common issues site owners run into when installing and SSL certificate and migrating to HTTPS is Insecure Content. This error is produced when content on a secure website is being loaded through a non-secure source. An example...

 Troubleshooting a Name Mismatch in Web Browser

A Name Mismatch in the Web Browser occurs when the common name listed on an SSL certificate doesn’t match the name displayed in the URL bar. In order for an encrypted connection to commence, both the name on the certificate and the name in the URL...

 Explaining the Chain of Trust

A brief overview of PKI (Private Key Infrastructure) and why your certificate is trusted. One of the most common questions we field is in relation to the “Chain of Trust.” If you’ve ever had any questions about roots, intermediates or how SSL...

Powered by WHMCompleteSolution