shawnfjohnsonshawnfjohnson Member Posts: 5 ■■■□□□□□□□
I know hashing = Integrity.  Questions are confusing when they are referring to hashing on the test.  Sometimes they talk hashing the private key and sometimes they talk about hashing the entire message (text).  Am i interpreting things differently?  How do I get around the gotcha's with these questions on the test?  Sorry for the dumb question.


  • Options
    JDMurrayJDMurray Admin Posts: 13,029 Admin
    edited October 2020
    Cryptographic hashing creates a "digital fingerprint" of some finite length of data that can be used to determine if the content of the data has changed--even by so much as one bit. Hashing itself is just a tool that can be used in many different algorithms, protocols, and systems. A key to understanding hashing (pun) is therefore in understanding the context in which it is used.

    Your example is the use of hashing in public key cryptography to test if a decrypted key or message has not changed since it was originally encrypted. The purpose of the hashing is the same for both the key and the message, but when, why, and how hashing is used is determined by the design of the public key cryptosystem. Understand the cryptosystem and you will understand its use of cryptographic hashing.

    And there's never any dumb questions here!  B)
  • Options
    scascscasc Member Posts: 461 ■■■■■■■□□□
    2 types of hashing - 1) Actual contents of messages between source/destination and 2) Passwords/secrets stored at backend. For the former you will deploy your typical SHA256/384/512 etc as these are deemed fast in nature. You encrypt the message and hash it (used to be other way round but vulnerabilities came out with TLS 1.2 - Poodle/BEAST attacks etc. 

    For latter - PBDF, BCRYPT, SCRYPT - where the random salt is appended to the message and you apply your key algorithm to the message - e.g. HMAC 256. These are slower in nature thus harder for brute force attacking that's why used to hash your secrets/passwords. 

    Sorry for digressing. But the key thing is that you either add your public key (shared secret) to the message and hash it => called HMAC. Or you simply hash the message as part of your TLS connection - which will be your standard MAC function (e.g. MD5, SHA1 etc). If not part of the TLS tunnel, I believe its the actual contents of the message that is hashed and sent along which is then checked to see if the hash value is the same - if so then message integrity in tact. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • Options
    shawnfjohnsonshawnfjohnson Member Posts: 5 ■■■□□□□□□□
    Both, good information!  Thanks
Sign In or Register to comment.