The process of applying mathematical operations to text to give a string of characters of fixed length as output is called Hashing and the production is called a Hash.
There are various sorts of algorithms that can use for hashing, and they are called Hashing Algorithms.
The most commonly used hashing algorithms are MD5 and SHA-2.
Let’s apply the hashing algorithm MD5 to four text strings.
Now, let’s break down the results:
1. Second input has extra https:// and a slash(/) at the end but looks at the hashes of the first and second input; they are different. They have nothing in common at all. It means even changing the input slightly, and the hash value gets significantly altered.
2. The third input has 26 characters, but if you compare the hash value of all the four contributions, you will see that hash values are equal in length. So it doesn’t matter if you apply a hashing algorithm to an alphabet or 100 words, the resulting hash will be of the same period (32 characters long in case of MD5).
3. The fourth input is the same as the first one, and so is their hash value. So two same text strings will give the equal hash value, and two different text strings can not have the same hash value.
Why We Need Hashing When We Have Encryption?
As we have learned earlier, encrypted data can be decrypted using the key. So if your key exposed to someone, your whole data is at stake. So Encryption is terrible for security, right? No. Encryption has its purpose and used when information needs to get decrypted too. Who wants to send a message if the receiver has no way to know what the message means? Yes, this is why decryption is essential.
But modern hash algorithms are impossible to decrypt. There is nothing like “Decrypting a hash,” we can’t decrypt it because the algorithms used are very complex. Take a peek at the Wikipedia note for MD5 to see how MD5 works.
But hey! It’s like locking your money and then throwing away the key. Who wants to do that?
You will get your answers soon, keep reading.
Let me introduce you to my friend’s computer which runs on Windows 7. My friend secured his computer by a password. Now if he tries to log in, windows will ask him to enter the password.
The password must be stored somewhere, in case of windows seven it’s stored in a file called SAM (Security Accounts Manager) file which located in C:\Windows\System32\config.
The password is stored in hashed form, hashed with a hashing algorithm named NTLM.
But hey I previously said that if a text gets hashed once it can not be decrypted. Well, that’s true, even Windows doesn’t know what the password is. Interesting, isn’t it?
Well, let’s see what happens when someone enters a password.
Step 1.Windows applies NTLM hashing algorithm to the text entered by the user
Step 2.Now windows have the hashed form of the input
Step 3.Windows compares this hash to the hash stored in the SAM file. If the hash matches the password entered by the user is correct, and he is allowed to access the computer.
If the hash is different, access denied.
It is why passwords were stored in hashed forms. Even if someone gets the hash of the password, there is no way to decrypt it.
Hashes are not fully secure. I said we couldn’t decrypt it, but we can crack it.
For more information visit Wikipedia and if you have any doubt feel free to comment down below.