Ethent

The Fraud Prevention Source




Home

 

Hash Function Authentication

An encryption function can be used to encrypt or scramble information (like a secret message) into meaningless information (the encrypted secret message) so that the information cannot be understood by unauthorized viewers. The same encryption function can also be used to decrypt or unscramble the meaningless information (the encrypted secret message) and return it to its original form (the secret message). See Ethent Views: "Shared Secret Key Authentication" for a more complete discussion of this procedure.

Hash functions are a special kind of encryption function. They are similar but different from other encryption functions - similar because they can encrypt or scramble information, but different because they cannot decrypt or unscramble information.

One-Way Functions

Hash functions cannot decrypt or unscramble, because they were designed or made that way and, therefore, they are called One-Way Functions.

A hash function has three key characteristics:

  • The output will always be the same size (for example 160 bits) regardless of the amount of information entered into the hash function.
  • The hash output cannot be used to generate or calculate the original information that was entered into the hash function.
  • The hash output will be unique for any input into the hash function.

Hash or one-way functions are used in many security systems. Here is an example of how a hash function can be used in a password security system:

A new user registers with a Web site:

  • User creates a password which is "dk54e9m0".
  • Web site calculates a hash of this password which is "afdaa102c4a6e761053787da01cbdd3fe0dcaffe".
  • Web site retains only the hash of the password in its database.

The user attempts to log into the Web site:

  • User enters password - "dk54e9m0".
  • Web site hashes the 'login password' to produce a 'hashed login password'.
  • Web site comapres the 'hashed login password' to the 'hashed password' in its database.
  • If equal user is allowed access; if not equal access is denied.

So in this example the Web site doesn't know the user's password and it cannot calculate the user's password from the 'hashed password' in its database, because the hash function is one-way and cannot decrypt the 'hashed password'. But as demonstrated the Web site can authenticate the user's password.

What's the point? Why bother with all the hashes?

Because if hackers compromise the password database the hackers will not find the users' passwords - only the users' 'hashed passwords'. Since the 'hashed passwords' were calculated with a hash function the hackers cannot calculate the users' passwords from the users' 'hashed passwords'.

Hash Functions and Encryption

In many cases it is desirable to add another level of security when using either a 'shared secret key' or 'public key' authentiation system and a hash function is ideal when additional security is desired. With either system the information to be encrypted is first hashed and then the encryption is performed on the hashed value and not on the original information.

See Ethent Views: "Shared Secret Key Authentication" and Ethent Views: "Public Key Authentication" for a discusion of shared secret, private and public encryption keys.

Here is an example using a 'public key' authentication system where only one individual has access to the 'private key' and the 'public key' is available to all.

An individaul prepares a 3 page will:

  • The individual computes a hash of the 3 page will.
  • The hash is encrypted with the individual's 'private key' - known only to the individual.
  • The 'encrypted will hash' is attached to the 3 page will.

The will can be authenticated by anyone with the individual's 'public key':

  • The 'public key' is used to decrypt the 'encrypted will hash'.
  • The 3 page will is hashed.
  • The hashed 3 page will is compared to the decrypted 'encrypted will hash'.
  • If equal the will is authenticated; if not equal the will has been altered or is a fraud.
In this example the will can be authenticated using the public key and the hash comparisons and no one can create an altered or counterfeit will that can be authenticated without access to the private key - known only to the individaul who created the will.

A hash value encrypted with a private key can be a "Digital Signature" if certain procedures are followed.

Ethent Views
1) Hash functions, because of they are one-way, can be used to add considerable security and confidentiality to an information database.

2) Hash functions can be used to add another layer of security before information is encrypted.


Privacy Statement  Terms of Use    Copyright © 2007 Ethent Inc. All rights reserved.