-
February 27th, 2005, 06:11 PM
#11
It's not an encrypted result. An encrypted result would be a cipher text (the plaintext encrypted). It's a form of integrity check, if you will. Basically, verifies that the information hasn't changed and if it has, then the input is suspect. It's just a mathematical result of some data being put through an algorithm.
-
February 28th, 2005, 04:45 AM
#12
if its the mathematic result of terms going through an algorithm...then is it not the encryption result?
whether is LM, MD5, or SHA1...they all come out as (theoretically) one way encryption, correct?
the hashes are the result of the encryption algorithm..and in order to check the password, or the integrity of the file...information is encrypted and compared to the hash...if they differ, then the file's changed, or the password's wrong.
if im wrong with what i said above, please explain how, because this is how it works AFAIK
A_T
Geek isn't just a four-letter word; it's a six-figure income.
-
February 28th, 2005, 05:08 AM
#13
Hi
encryption and hashing
This is now a discussion about definitions.
So let me give you some definitions (based on my taste):
(two-way) encryption: 3DES,CAST5,AESxxx (="two-way" cipher)
first way - encryption: generates from plaintext a ciphertext
second way - decryption: generates from ciphertext a plaintext
Note: there is only one ciphertext for a given plaintext, and for
a given ciphertext, there is only one plaintext. ("well-defined cipher").
(one-way) hash (misleadingly often called one-way encryption): MD5, SHA1, SecWare1
the only way - "hashing": generates a "ciphertext"=hash from a "plaintext"
Note: there can be several "plaintexts" for one "ciphertext"=hash ("collisions"),
but there is only one "ciphertext"=hash for a given "plaintext".
Another note: CISSP's learn ( ) that hashing does not encrypt the message.
It creates a "fingerprint" to enable the testing of integrity. (Hm, I have just
realised that I am paraphrasing MsMittens. Sorry about that).
a very simple example of "hashing": SecWare1
"plaintext": myverylongtesttext
SecWare1 hashing - scheme:
- translate every letter into its ascii value
- add all these values. result: 1453
- take the sum of the digits, until a number between 0 and 9 is reached:
1+4+5+3 = 13 -> 1+3 = 4
the SecWare1 hash of "myverylongtesttext" = 4
collision:
the SecWare1 hash of "L " = in ascii 76. Sum: -> 7+6 = 13 -> 1+3 = 4
ergo: "myverylongtesttext" and "L" give the same hash-value. If a password-
verification is based on this hash, you could login with either
"myverylongtesttext" or "L".
Conclusion: This hash is very bad, but actually is used in a slightly modified
version (ISBN numbers of books. Some of you might have noted that I have
cheated here. ISBN is not actually a "one-way" hash, I think, because an attacker
can modify the message as well as the hash. But here I should stop, as it
goes too far).
Cheers
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
February 28th, 2005, 03:11 PM
#14
Member
if the hashes are the results of the encryption algorithms, then how can we get the hashes of a password ???
-
February 28th, 2005, 05:10 PM
#15
to get the hash of a password, you pass it through the hashing algorithm. the result is the hash (usually unencryptable). when someone logs on to the system, whatever they type in is passed through the algorithm, and that result is compared with the original one.
A_T
Geek isn't just a four-letter word; it's a six-figure income.
-
March 1st, 2005, 04:35 PM
#16
Senior Member
When I think about hash I often see it like kind of CRC, or ParityCheck with much larger numbers and math operations. Ofcourse it is very very very simplified view.
Ikalo
------
Make your knowledge your deadliest weapon.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|