Saturday, January 5, 2013
Today I am going to post about security. Many of people has a misconception about hashing and encryption. Not only that many cannot understand when to use hashing and when to use encryption. So here we will discuss differences of hashing and encryption.
HASHING
They provide a mapping between an arbitrary length input, and usually fixed or smaller length output. It can be anything like simple CRC32, to a full blown cryptographic hash function such as MD5 , SHA1/SHA2/SHA256/SHA512. A oneway mapping is carried out. It's always a many:one mapping (there will always be collisions) since every function produces a smaller output than it's capable of inputting.The reason they are hard and practically impossible to reverse is because of their algorithms. Most hash functions iterate over the input many times to produce the output. At each fixed length input (which is algorithm dependent), the hash function will call it its current state. It will then iterate over this state and change to a new one and use the result as feedback (MD5 do this 64 times for each of 512bits of data). It then combines the resultant states from all the iterations back together to form the resultant hash of the input.
Now, if we want to decode the hash, you'd first need to figure out how to split the given hash into its iterated states. Then we need to reverse the iteration for each state. Now, to explain why this is VERY HARD, think of trying to deduce x and y from : x + y=10. There are 10 positive combinations of x and y that can work. Now iterate over that a number of times: tmp = x + y; x = y; y = tmp. For 64 iterations, we will have 10^64 possibilities. Real hash functions do a lot more than one operation (MD5 does 15 operations on 4 state variables). And since the next iteration depends on the state of the previous and the previous is destroyed in creating the current state, it's all but impossible to determine the input state that led to a given output state. Bruteforce is a better choice than decoding if the length of input is known.
ENCRYPTION
They provide a 1:1 mapping between an arbitrary length input and and output and are always reversible. It is always 1:1 for a given key. Now, there are multiple input:key pairs that might generate the same output. Good encrypted data is indistinguishable from random noise. This is different from a hash output which is always of a consistent format.
Labels:Security
Subscribe to:
Post Comments
(Atom)
Labels
 Algorithms (7)
 Annotation (3)
 Files (6)
 Generics (3)
 Graphics2D (5)
 Graphics2DImages (7)
 Inheritance (2)
 J2EE (9)
 Java 8 (4)
 Java FAQs (19)
 JDBC (3)
 Networking (2)
 Packages (1)
 Reflection (4)
 Security (7)
 Sorting (2)
 Swing (3)
 Threads (3)
 Utils (3)
Popular Posts

Today I will show you how you can implement Bankers algorithm in Java. The Banker's algorithm is a resource allocation and deadlock a...

 UPDATE  I have updated the code on request of some followers so that they can directly...

Today I am going to show how to convert a postfix expression to an infix expression using stack in Java. In an earlier post here we ...

Today in this article I will tell you how to convert an infix expression to postfix expression using stack. This is an important applicat...

UPDATE I have updated my post so that now it can detect IE 11. This modification was necessary as t...

Today I am going to post a program that will be able to produce all the mColorings of a given graph G. What is mColoring : The problem st...

Today I am going to show you how you can generate and validate captcha. A CAPTCHA (an acronym for "Completely Automated Public Turin...

Today I will show you how to do 256bits AES encryption and decryption of a file in Java. You can write codes for AES  128bits without d...
Links
About Me

Nirupam Das
 I am a student of BTech Computer Science Engineering from RCCIIT,Kolkata. I am a crazy lover of Java and wants to settle as a Java developer. I have a seven years Java experience with an application developer experience for 2 years. Recently from March 2012 I am a registered S40 app developer for Nokia and has corrected an app of them. I am currently writing blogs to encourage and grow interest in all those who don't know or learning Java.
0 comments:
Post a Comment