In my last post I have mentioned about working differences between hashing and encryption. Based on their working, today I am going to post when and where we should use this processes for security.
HASHING
It should be used a hash function when we want to compare but can't store the plain value. Passwords should always be hashed . This is because we don't want recover the stored password rather we would compare betwwen stored and input data. We also use hashing to check for pirated files. It is also used to verify whether two files are identical. This is helpful when we download a file from internet and can check successfully whether the downloaded file and file on server are same. Hash functions are also great for signing data. For example, if we are using HMAC, you sign a piece of data by taking a hash of the data concatenated with a known but not transmitted value (a secret value). So we send the plain-text and the HMAC hash. Then, the receiver simply hashes the submitted data with the known value and checks to see if it matches the transmitted HMAC. If it is the same, we know it wasn't tampered by a party without the secret value. This is commonly used in secure cookie systems by HTTP networks, as well as in message transmission of data over HTTP where we want some validity to the data.
The probability of a collision is astronomical for small input sizes. That's why it's recommended for passwords. For passwords up to 32 characters, MD5 has 4 times the output space. SHA-1 has about 6 times the output space. SHA-512 has about 16 times the output space. You must have seen that in many sites if you forgot your password then you are provided with a page to enter new password and old password is never recovered.
ENCRYPTION
Encryption should be used whenever we need to get the input data back out. If we are storing credit card numbers, we need to get them back out at some point of time, but don't want to store the plain text. So instead, store the encrypted version and keep the key as safe as possible. This key is important as if someone gets this key then the value can be decrypted very easily.
Today I will show you how you can implement Bankers algorithm in Java. The Banker's algorithm is a resource allocation and deadlock a...
Today I am going to show how to convert a postfix expression to an infix expression using stack in Java. In an earlier post here we ...
Today in this article I will tell you how to convert an infix expression to postfix expression using stack. This is an important applicat...
--------------------UPDATE------------------- I have updated my post so that now it can detect IE 11. This modification was necessary as t...
Today I am going to show you how you can generate and validate captcha. A CAPTCHA (an acronym for "Completely Automated Public Turin...
Today I am going to post a program that will be able to produce all the mColorings of a given graph G. What is mColoring : The problem st...
Today in this article I will show you how to create or develop a Tower of Hanoi game in Java. The Tower of Hanoi is a famous problem tha...
0 comments:
Post a Comment