How does hashing work: Examples and video walkthrough
We tend to focus on confidentiality when we talk about the CIA triad of cybersecurity. Learn how to use hashing to bring integrity into the mix in this episode of Cyber Work Applied.
What is password hashing?
What is password hashing? Infosec Skills author Mike Meyers explains how a hash works and demonstrates common use cases in this episode.
Cyber Work listeners get free cybersecurity training resources. Click below to get your free courses and other materials.
Hashing examples and walkthrough
Below is the edited transcript of Mike’s hashing examples and walkthrough.
What is password hashing?
(0:26-1:16) A hash provides integrity when it comes to the CIA of security. We don't encrypt with a hash. We make things "integritified." Let me explain how a hash works. The idea behind a hash is that it is an algorithm. That's why I got my algorithm machine here, and it doesn't encrypt.
What it will do is take an arbitrarily large amount of data. You take that data, run it through, and it comes out in a fixed value every time. If I have a five-letter input, it will come out whatever size the hash is. If I have a 300 billion byte input, it's always still going to come out this size.
Learn Applied Cryptography
How does hashing work?
(1:17-2:49) At first glance, you'd say, "Well, Mike, what am I going to do with that?" There are a couple of things about hashes that are cool. Number one, hashes are one way. If I generate this and I create a hash, it is impossible to figure out what the actual original data was.
The other cool thing about a hash is that it's deterministic. So, look at this value, starting with "1A6." I take this document, and it doesn't have to be a document — it could be an image. It doesn't matter as long as it's ones and zeros.
If I could take all knowledge known to man from the beginning of mankind and put it into a big word document. I could go to page 405,326,427,622, and I could change one letter — change this uppercase "C" to a lowercase "c" — and if I take that value, and I run it through a hash algorithm, it's going to come out with a completely different value.
So hashes are a very good way to say, "This is the data from which I got." For example, if I'm downloading a big executable file, I can run a hash on it and compare it to the hash value on the website. That way if it didn't come down right or something, I could clearly and very explicitly know that this is the right value.
Hashes are something we use all over the place within the world of cryptography. That's the basics of a hash.
Hashing use cases and examples
(2:50-3:44) People will ask me, especially if you've just been exposed to this, what do we do with hashes? The easier answer is, within the world of cryptography, you would be hard-pressed to find a place where we don't use hashes.
Some great examples: number one is password storage. Most operating systems never store your password. You type in a password, and you hit enter, and the password is saved onto the hard drive only as its hash. When you type in your password to log into something, it goes ahead and hashes it and compares it and says, oh, you typed in the right password.
We use hashes on virtually every type of encryption and authentication known to man. We use hashes everywhere. What I'm warning you right now is you only need to memorize the different types of hashes starting from here, and going through the rest of this course, we're going to be seeing hashes over and over again.
Learn Applied Cryptography
More cybersecurity training resources
Want more free resources? Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders.
Cyber Work listeners also get other free cybersecurity training resources. Check out the latest free courses and resources to keep learning!