Security 102: What is Hashing?

Welcome to our second blog post on basic security! Last week we were discussing encryption, and it’s ability to convert information between its’ encrypted and unencrypted states, using a ‘key’ to perform the conversion. This week, we’ll take a look at hashing, the one-way bridge of the security world. Remember, most of this analogy comes courtesy of this StackOverflow answer.

Hashing

Hashing can be thought of like baking. In baking you combine your ingredients, place them in an oven, and end up with a tasty treat. When looking at a cake it is very difficult, if not impossible, to tell exactly what ingredients went into it or what quantity of each ingredient was used. In much the same way, with hashing you take your input (password), run it through a hashing algorithm, and end up with a hash.

The resulting hash is very different from the input, and again, like baking, you can’t simply run the cake (hash) through the oven (algorithm) and get back to your ingredients (input), which makes it very difficult, if not impossible, to determine the input.

The greatest advantage of hashing is that it is good for storing objects that can’t be stored in plain text. For example, when you log into an online account, the password you input is run through the same hashing algorithm that was used on the password the site has stored for your account. The two hashes are then compared, and if a match is found you are granted access. That way, the plain text version of your password is not made visible, and if some unpleasant person was to try and hack your password, they would come across a jumbled mess of characters instead.

Next week, I’ll take encryption and hashing a step further and apply these concepts to the real world.

———————————————————————————-

This post forms one part of our Security series. You can find links to the other editions here:

Security 101: What is Encryption?
Security 102: What is Hashing?
Security Interlude: The real-world difference between Hashing and Encryption
Security 103: Rainbow Tables
Security 104: Improper Password Storage
Security 105: Seasonings (or Salts and Peppers)
Security 106: The Importance of Key Stretching
Security 107: The Hashing Algorithm, and why Bcrypt is your best friend
Security 108: The Other Stuff

———————————————————————————-