Encryption & Hashing: Simple Definitions Tally up all the sensitive information sitting on your server right now. Add in all the data you pass back and forth with customers, clients, and contractors. How do you keep everything safe?
Some people use the terms encryption and hashing simultaneously. While it's true that they're both used to safeguard information, they do so in very different ways.
Consider these basic definitions:
Encryption scrambles data that can be decoded with a key. The intent is to pass the information to another party, and the recipient will use keys to decipher the data. Hashing also scrambles data, but the intent is to prove its authenticity. Administrators can run a check on hashed data to determine the contents haven't been touched or altered while in storage. No deciphering key exists. Both methods involve shielding something sensitive from prying eyes. But clearly, they have different goals and core functions.
Common Hashing Algorithms All hashing algorithms work in a similar manner. Users input sensitive data, and the system churns through and renders that information ineligible. But not all systems are created equal.
Hashing algorithms include:
MD-5. MD5 is simple, quick, and free to use. It's among the most widely used hash algorithms available, but it's also ripe for hacking. Some experts encourage all companies to pick another method to protect data, but they say about a quarter of all major content systems continue to stick with MD5.
Secure Hash Algorithms (SHA). The National Institute of Standards and Technology published the first SHA algorithm in 1993. Each new release is followed by a number, such as SHA-0 and SHA-1. In general, the higher the number, the more secure the algorithm.
Tiger. This algorithm was published in 1995, and it's made for use on 64-bit platforms. It randomizes data in 24 rounds, and it's considered remarkably secure.
Some companies offer further hash strengthening with a technique called salting. Companies that do this:
Add something. This involves adding a string of unique, random characters to the data they must protect.
Hash the whole string. The original data with the salt addition moves through the algorithm.
Store securely. Companies place the salt value on the site, along with the hashed data.
Repeat. Companies can salt data more than once to offer deeper protection.
Salting is most effective, experts say, when companies use a different salt string for each data point. A password salt, for example, won't be as helpful if each password has the same set of random characters attached. As soon as a hacker figures out that code, all passwords are vulnerable.
for that, read a little more about this technology, on order:
Here's an "addition": Many hackers have database with all "MD5" hashes to make it easy to compare a stolen password with their database of MD5 Hashes. So, it will be very easy for him to check which are the most common passwords used throughout the internet.
To give you an idea, there are Databases containing many entire dictionaries from various countries, where hackers have already produced all the "MD5 hash" for them.
For example, the English dictionary is widely used to compare all known words of the mentioned language. Of course, many other countries also have their entire dictionaries in "MD5 hash" format.
So, see that with today's supercomputers, including those you can rent in the clouds, they can produce millions of MD5 hashes per second...
The higher the degree, the greater the respect given to the humblest!