*& from that of a*

**hash function**

**cipher encryption.**Almost everybody in the IT business, uses one of these function indirectly and via any of the following technologies an probably on a everyday basis;

VPNs

unix/window password

filesystem encryption

SSH/sFTP/SCP

SSL

etc......

I will try to explain this simple process & the difference with a "hash function vrs encryption "

A hash function takes data of any variable length, and produce computer generate hash based on a set

**algorithm**. This hash ( aka message digest ) is of a

**"fix"**length. Common hash types in the IT computer sectors are ;

*SHA1 20bytes**SHA2 (*224, 256, 384, or 512 bits)*MD5 16bytes*

*Tiger**RipeMD160**HAVAL*

*sh-3.2$ md5 -s A*

MD5 ("A") = 7fc56270e7a70fa81a5935b72eacbe29

sh-3.2$

MD5 ("A") = 7fc56270e7a70fa81a5935b72eacbe29

sh-3.2$

Okay that produce the above 16bytes ( 128 bit ) md5 hash. This is a one-way process and not crackable, outside of a brute-force attack. If we would have used sha1, it would have became ;

*6dcd4ce23d88e2ee9568ba546c007c63d9131c1b*

And the message digest would be 160bits/20bytes in length

Every time we use the one-way hash generator, the resulting hash would always be the same. So if I hash the letter "A" today on one machine, it would still be the same message digest of

*7fc56270e7a70fa81a5935b72eacbe29*on another machine.

Since this hash function will always compute the same message digest for the same data input, we could compute a digital hash to verify that data content has not change. Weaker hash functions have been deprecated due to a hash message for one set of data could result in a computed message digest that would collided with another. These collision where noted via these supper duper mathematical genius & wizards :)

e.g

google "Xiaoyun Wang"

Okay so now let's look at encryption.

Encryption does thing slightly different, we take un-encrypted data (aka plaintext ) and encrypted the data within a method to make it a secret from external parties. In all encryption, it's typically done so the data is not grown or reduced in size or content during the encryption process.

Various types of ciphers , provides a set degree of encoding function to the plaintext. And they typically deploy one of the following

*block ciphers ( fix blocks of bits of data )*

*or*

*stream ciphers ( pseudorandom streams )*

The choice of the encryption cipher might be based numerous factors such as;

*speed*

*strength*

*choice of block sizes*

*governmental restrictions*

*etc....*

With all encryption types, the same

**Algorithms**needs to be used by both parties during the encryption and decryption process to recover the plaintext.

*( e.g I can't encrypt with 3DES on end and expect to recover the plaintext with AES on the other end )*

So the same encoding function and keys needs to be know, and these are call symmetrical encryption.

*Now let's demostrate this using a file I created from a unix ls output;*

Okay so we will now encrypt this file using openssl and the following ciphers types;

*aes128 ,*

*aes192, aes256*

You notice that we encrypted the file, and the size has not changed and the plaintext is not recognized any more.

( see below )

So their you have it, & with real examples of hash function vrs data encryption.

Ken Felix

Freelance Network & Security Engineer

kfelix a-t hyperfeed -d-o-t- com

## No comments:

## Post a Comment