How does hashing work

0 votes
I’m learning about data security and need clarification on how hashing algorithms work. How do they transform data into fixed-length hashes, and what are the main differences between algorithms like SHA-256 and MD5? Additionally, why is hashing effective for password storage but unsuitable for encryption?

Any basic examples or analogies to explain hashing would be helpful.
Nov 11 in Cyber Security & Ethical Hacking by Anupam
• 5,390 points
80 views

1 answer to this question.

0 votes

The technique of hashing converts any quantity of data into a hash, which is a fixed-length string of letters. It is frequently used in data security, particularly for safely storing passwords and confirming data integrity.

How Hashing Works

  • Input Transformation: A hashing algorithm accepts any length of input, such as a file, message, or password..
  • Fixed-Length Output: The output of hashing is always the same length, regardless of the size of the input. For instance, MD5 creates a 128-bit hash, whereas SHA-256 always creates a 256-bit hash.
  • Unique Mapping: Ideally, a single character change or other little input alteration will provide an entirely distinct hash. The avalanche effect is the name given to this characteristic.

If you hash the word "hello" with SHA-256, it might look something like:

2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

Change one letter (e.g., to "Hello") and the output hash is drastically different:

fcea920f7412b5da7be0cf42b8c93759c6f5b3d72e1a91d78f8a157d6b47b8a7

Key Differences Between SHA-256 and MD5

MD5: Once popular, this algorithm generates a 128-bit hash. Because MD5 is susceptible to collisions, which occur when two distinct inputs generate the same hash, it is currently regarded as insecure.

SHA-256: A 256-bit hash generated by the SHA-2 family, it is far more secure than MD5. It is one of the most often used hashing algorithms for security applications nowadays since it is made to be computationally demanding in order to thwart quick, brute-force attacks.

Why Hashing is Effective for Password Storage

Hashing is commonly used for storing passwords because:

  • One-Way Function: The hashing process is one-way. You cannot recover the original password once you have hashed it. This is important for security since it makes it difficult for someone to recover the original password, even if they manage to obtain the hash.
  • Consistency: By hashing the input and comparing it to the stored hash, you can confirm a user's password because the same input consistently yields the same hash.
  • Efficiency: If a slow hashing method is selected, such as bcrypt or Argon2 for passwords, hash functions are made to be quick to compute while maintaining security.

Why Hashing is Unsuitable for Encryption

  • Non-Reversible: Hashing is strictly one-way. Encryption, on the other hand, is designed to be reversible, allowing the original data to be recovered using a decryption key. Hashing does not store any information that allows the original data to be restored, which is why it’s effective for verification but not for accessing original data.
  • Fixed-Length Output: Hashing reduces data to a fixed length, regardless of the input size, while encryption preserves the structure and length of the original data, which is often necessary for message and data integrity in secure communications.

Example

Here’s how hashing might look in Python using the hashlib library:

import hashlib

# SHA-256 Hashing
password = "mypassword"
hashed_password = hashlib.sha256(password.encode()).hexdigest()

print(f"Original: {password}")
print(f"SHA-256 Hash: {hashed_password}")

Output:

Original: mypassword
SHA-256 Hash: 2c5dbd5f7da7e7c3d8c3c8d30545f6329f0b1270af0e785a3c8ef3be8e0d61d9
answered Nov 11 by CaLLmeDaDDY
• 6,540 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

Is it beneficial to double up or cycle encryption algorithms, and how does it work?

I’ve heard about techniques like layering or ...READ MORE

3 days ago in Cyber Security & Ethical Hacking by Anupam
• 5,390 points
10 views
0 votes
1 answer
0 votes
1 answer
+1 vote
1 answer

How much does a cyber security engineer make or earn?

Cybersecurity job market is fast-growing and the ...READ MORE

answered Jan 29, 2020 in Cyber Security & Ethical Hacking by Sirajul
• 59,230 points

edited Oct 7, 2021 by Sarfaraz 1,130 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
114 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
0 votes
1 answer

How does a CSRF token work?

Let's examine the creation, validation, and verification ...READ MORE

answered Nov 11 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
37 views
0 votes
1 answer

How does a hash function work?

I'd be happy to break down how ...READ MORE

answered Nov 15 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
32 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP