In the previous posting, we talked about why do we need hash and today we will talk about when do we need the hash. Hash is not an encryption method; rather it creates a unique string consists of random-looking characters. Each data’s hash value will be completely different and irrelevant to other data unless you are hashing identically same data.
For better understanding, let’s say each alphabet character has two-digit numbers assigned; a=01, b=02, c=03, so on and so on. Then we will have a table like this;
Since each character has been assigned a different number, if we use the assigned number instead of the alphabet character itself to display any word in a dictionary, the outcome will be unique. For instance, using the table above, the word “bee” can be displayed as “020505”. Well, an actual hash algorithm adds a more complicated calculation to produce a hash value to make the value unique and irreversible, but you get the idea. Actual hash values for the word ‘bee’ are;
MD5 : 9DFD70FDF15A3CB1EA00D7799AC6651B SHA-1 : 917EE46DB0CDA4C4739BB176B3CF68880F7DBA95 SHA-256 : 62CB81B5904A262FFAEED02ABEF36BFC540B09F964B8B0B636662F77FFCE6714
This characteristic of hash gives us a variety of uses in many areas of information technology and information security. Digital forensic professionals use the hash to verify the integrity of the evidence; meaning that make sure the evidence doesn’t get compromised while it is analyzed, transported during the investigation – not even one bit. Another case of using hashing is to deliver a user’s password securely.
Hashing in action
Authentication activities occur many times during our use of the internet and sadly network traffic is sniffable(see this posting for details). Although the passwords are staying encrypted during the transmission, it would be a good idea if the password never travels in the first place, like Kerberos, thus no chance of getting snatched by a bad user.
Enforcing users not to use the same password for a certain period of time when they change the password is a good example of the use of hash(see this article for ‘Enforce Password History‘ for more information). When a security policy dictates users to change their password every 60 days for security purposes, users usually treat this type of policy as an annoying routine and tend to use the same password because it’s easier for them to remember. Enforcing password history function keeps a list of passwords the user used to have and when the user changes his/her password, it compares the new password with the list and if the password had been used in not too long ago, then it prevents the user to use that password again.
At this point, you might say “…Wait, isn’t keeping one password risky enough? What do you mean by ‘a list of passwords the user used to have‘?” Well, the actual meaning of the term ‘Password History’ is more like ‘Hash values of the previous passwords’. Let’s see the diagram below.
The SERVER keeps records of the hash values of password the user used to use but not the actual passwords. So this way, the system still enforces its users not to use the same password they have had repeatedly without risking saving all previous passwords. This mechanism has been applied to various services and you probably already have experienced this part of the use of hash.
Another example where the hash is heavily used is Digital Forensic. Like all other investigation cases, in digital forensic world, keeping the evidence from contamination is vital. If the evidence can’t be proved that it hasn’t been compromised, then the evidence will have no use in the court of law. Therefore the digital forensic investigators will hash the digital evidence(e.g., HDD) when they first obtained, then hash it again when they are done analyzing evidence. If those two hash values match, it’s safe to say the digital evidence was not compromised during the analyzing process.
Although the hash algorithms are being used for many different services, this posting only talked about a couple of examples. I hope this posting gets you interested in the hash and motivates you to learn more about it :D. Like all other things out there, the hash is not 100% perfect. in our next posting, we will talk that part of the hash. Till then, cheers.