You may have seen MD5 or SHA hashes(digests) listed next to downloads on the Internet, but what exactly they are? Let’s take a look at what these cryptic strings(Hashes).
The Values returned by the has functions are called as hash codes, hash sums, message digest or simply hashes.
What Are Hashes and What Are They Used For?
Hashes, also called as “digests,” are the products of cryptographic algorithms. Algorithms are a set of instructions used by computers to manipulate data. Many hash functions are designed to produce a fixed-length digest, regardless of the size of the input data. Take a look at the above chart and you’ll see that both “Fox” and “The red fox jumps over the blue dog” yield the same length output.
Another factor is complexity. Compare the second example in the above chart to the third, fourth, and fifth. You’ll see that despite a very minor change in the input data, the resulting hashes are all very different from one another. This is a sign of the complexity of the algorithm and helps make it so that working backward from the hash to the data is very difficult. Most of the website stores passwords often as hashes because of this reason; it’s easy to take the password during a login attempt and compare it to the stored hash. On the other hand, if someone has the hash, it’s very difficult to work backward to the original input. Hashes are one way you can’t decode it. When people try to crack passwords, they usually don’t work backward, but instead, use a dictionary of known hashes (usually of common passwords and key patterns) to compare the stolen ones with.
MD5, the Message-Digest Algorithm, has been used in multiple types of security-based programs in the past, but it’s also widely employed for another purpose: data verification. These types of algorithms work great to verify your downloads. Imagine, if you will, you’re online trying to grab the latest Ubuntu release from BitTorrent. Some horrible troublemaker starts distributing a version of the .iso you need but with malicious code embedded into it. Not just that, he’s clever, so he makes sure the files are exactly the same size. You wouldn’t know you had the bad file until you tried to boot the CD, and by then, permanent damage could have already occurred!
You can run a hash check yourself with any number of tools, and then check it against the posted checksum. If there are any differences at all, you know that the file you have was tampered with, did not complete properly, or something else prevented the data from matching. This way you prevent any damage to your system before you run anything, and you can just re-download the appropriate file.
SHA, MD5, Blowfish are some of the commonly used techniques. But nowadays people have started using SHA-1 algorithms.
Now, We have learned What are Hashes!! In the next Tutorial, We will see How to use them/Check Hashes!