Scribd
Upload
75 views27 pages

Information Security 06 - Hashing and Digital Signatures

Hashing is a cryptographic technique used to ensure data integrity, authenticity, and non-repudiation by generating a fixed-size hash value from input data. It is a one-way function that is commonly used for password storage, data integrity verification, and digital forensics, with popular algorithms including SHA-256 and SHA-512. Digital signatures, which utilize public key cryptography, provide authenticity, integrity, and non-repudiation for digital documents, with various algorithms like RSA and ECDSA ensuring secure signing and verification processes.

Uploaded by

faiziikanwal47
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views27 pages

Information Security 06 - Hashing and Digital Signatures

Hashing is a cryptographic technique used to ensure data integrity, authenticity, and non-repudiation by generating a fixed-size hash value from input data. It is a one-way function that is commonly used for password storage, data integrity verification, and digital forensics, with popular algorithms including SHA-256 and SHA-512. Digital signatures, which utilize public key cryptography, provide authenticity, integrity, and non-repudiation for digital documents, with various algorithms like RSA and ECDSA ensuring secure signing and verification processes.

Uploaded by

faiziikanwal47
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Hashing

• Hashingis a cryptographic techniques used in


information security to ensure data integrity,
authenticity, and non-repudiation.

• Hashing is a process of taking input data and generating a fixed-


size string of characters, known as a hash value or digest.

• The hash function takes the input data and applies a


mathematical algorithm to produce the hash value, which is
unique to the input data. ArfanShahzad.c
Hashing cont…
• Hash functions are designed to be one-way,
meaning it is computationally infeasible to derive the
original input data from the hash value.

• Hashing is commonly used for various purposes, such as


password storage, data integrity, verification, and
digital forensics.

ArfanShahzad.c
Hashing cont…
• It allows for quick and efficient comparison of data
without revealing the original content.

• Key characteristics of hashing include:

ArfanShahzad.c
Hashing cont…
• 1- One-Way Function: Hash functions are designed to be
one-way, meaning it is computationally infeasible to
reverse-engineer the original input data from the hash
value.

• Given the same input, the hash function will always produce the
same hash value.

ArfanShahzad.c
Hashing cont…
• 2- Fixed Output Size: Hash functions
generate a fixed-length hash value, regardless
of the size of the input data.

• For example, the SHA-256 hash function produces a 256-bit


(32-byte) hash value.

ArfanShahzad.c
Hashing cont…
• 4- Collision Resistance: A good hash function should
have a low probability of producing the same hash
value for different input data.

• This property is known as collision resistance and ensures


that it is highly unlikely (uncommon) for two different inputs
to produce the same hash value.

ArfanShahzad.c
Hashing cont…
• 5- Wide Range of Applications: Hashing has numerous
applications/ usage in information security.

• Some common uses include password storage (storing


hashed passwords instead of plaintext), data integrity
checking, digital signatures, checksums, and data
fingerprinting.

ArfanShahzad.c
Hashing cont…
• Popular hash functions include MD5 (Message Digest 5),
SHA-1 (Secure Hash Algorithm 1), and SHA-256 (Secure
Hash Algorithm 256- bit).

• However, it's important to note that older hash functions like


MD5 and SHA-1 are considered weak and are not
recommended for security-critical applications due to known
vulnerabilities.
ArfanShahzad.c
Hashing cont…
• Popular hash functions include MD5 (Message Digest 5),
SHA-1 (Secure Hash Algorithm 1), and SHA-256 (Secure
Hash Algorithm 256- bit).

• However, it's important to note that older hash functions like


MD5 and SHA-1 are considered weak and are not
recommended for security-critical applications due to known
vulnerabilities.
ArfanShahzad.c
Hashing cont…
• There are severalpowerful hashingalgorithms used in
information security to ensure the integrity and security of
data.

• Here are some notable examples:

ArfanShahzad.c
Hashing cont…
• SHA-256 (Secure Hash Algorithm 256-bit): It is a
widely used cryptographic hash function that belongs to
the SHA-2 family (SHA- 224, SHA-256, SHA-384, SHA-512,
SHA-512/224, and SHA-512/256).

• It generates a 256-bit hash value and is known for its


resistance to cryptographic attacks.

ArfanShahzad.c
Hashing cont…
• SHA-512: SHA-512 is considered the strongest hashing
algorithm in terms of its cryptographic strength and
resistance to brute-force attacks, also belongs to SHA-2
family.

• It generates a 512-bit hash value, which provides a larger


output size compared to other algorithms in the SHA-2
family.
ArfanShahzad.c
Hashing cont…
• SHA-3(Secure Hash Algorithm 3): It is the
latest member of the Secure Hash Algorithm
family.

• It includes hash functions such as SHA-3-224, SHA-3-256,


SHA-3-384, and SHA-3-512.

• SHA-3 algorithms are designed to


provide better resistance against
ArfanShahzad.c
Hashing cont…
• Argon2: It is a memory-hard hashing algorithm that won the
Password Hashing Competition in 2015.

• It is designedto be resistant againstGPU-based attacks


and offers strong security for password hashing applications.

ArfanShahzad.c
Digital Signatures
• Digital signatures are cryptographic mechanisms used to
provide authenticity, integrity, and non-repudiation of
digital documents or messages.

• They ensure that the sender of the message is


verified, and any
alterations to the message can be detected.

• Here are some key points about digital signatures:


ArfanShahzad.c
Digital Signatures
cont...
• 1- Authentication: Digital signatures verify the identity of the
sender or signer of a digital document.

• They use public key cryptography to associate a unique


digital signature with the signer's identity.

• The recipient can use the correspondingpublic key to verify the


signature and confirm the authenticity of the sender.

ArfanShahzad.c
Digital Signatures
cont...
• 2- Integrity: Digital signatures ensure the integrity of the digital
document by detecting any modifications or tampering.

• The signatureis calculatedbased on the content of the document,


and even a small change in the document will result in a different
signature.

• This allows the recipient to verify that the document has not been
altered since it was signed.
ArfanShahzad.c
Digital Signatures
cont...
• 3- Non-Repudiation: Digital signatures provide non-
repudiation, meaning the signer (sender) cannot deny their
involvement in signing the document.

• The recipient (receiver) can prove the authenticity of the


signature and the document, preventing the signer from later
claiming that they did not sign it.

ArfanShahzad.c
Digital Signatures
cont...
• 4- Public Key Infrastructure (PKI): Digital signatures often
rely on a public key infrastructure, where a trusted third
party, known as a Certificate Authority (CA), issues
digital certificates that bind a person's identity to their public
key.

• This enables the recipient to verify the authenticity of the


signer's public key and establish trust in the digital signature.
ArfanShahzad.c
Digital Signatures
cont...
• 5- Application in Document Signing and
Authentication: Digital signatures have various
applications, including secure document signing,
authentication in online transactions, secure email
communication, and software distribution.

• They provide a means to establish trust and ensure the


integrity of digital information.
ArfanShahzad.c
Digital Signatures
cont...
• To create a digital signature, the sender uses their private
key to encrypt a hash value of the document.

• The recipient can then use the sender's public key to


decrypt the signature and compare it with a computed hash
value of the received document.

• If the two values match, the signature is considered valid.

ArfanShahzad.c
Digital Signatures
cont...
• Here are some of the top secure digital signature
algorithms:
well
• RSA (Rivest-Shamir-Adleman): RSA is a -
widely usedand established
• It offers strong security based on the difficulty of factoring
algorithm for digital signatures.
large numbers.

ArfanShahzad.c
Digital Signatures
cont...
• ECDSA (Elliptic Curve Digital Signature Algorithm): ECDSA
is a widely adopted digital signature algorithm that
uses elliptic curve cryptography.

• It offers strong security with shorter key lengths, making it


efficient for resource-constrained environments.

ArfanShahzad.c
Digital Signatures
cont...
• EdDSA (Edwards-curve Digital Signature Algorithm):
EdDSA is a modern digital signature algorithm that
provides strong security and efficient signing and
verification processes.

• It is based on elliptic curve cryptography and is gaining


popularity in various applications.

ArfanShahzad.c
Digital Signatures
cont...
• Schnorr Signature: Schnorr Signature is
a secure digital signature algorithm known for its
simplicity and efficiency.

• It offers strong security and has advantages in terms of


key aggregation and multisignature schemes.

ArfanShahzad.c
Digital Signatures
cont...
• DSA (Digital Signature Algorithm): DSA is a widely
used digital signature algorithm, particularly in the context of
the Digital Signature Standard (DSS).

• It provides strong security when implemented correctly.

ArfanShahzad.c
Digital Signatures
cont...
• Digital Signatures play a crucial role in ensuring the
integrity and authenticity of digital documents, providing a
reliable mechanism for verifying the identity of the sender
and detecting any modifications to the content.

ArfanShahzad.c

You might also like