Skip main navigation

New offer! Get 30% off your first 2 months of Unlimited Monthly. Start your subscription for just £29.99 £19.99. New subscribers only. T&Cs apply

Find out more

Basics of Hashing and Cryptography

In this video, watch Zanidd explain the basics of hashing and cryptography, and how these concepts relate to passwords security.
Next up, hashing. Let’s take a look at one-way hash functions. As the name suggests, one-way hash functions are a one-way function. They’re a mathematical function which cannot be reversed, and they’re usually used to either store passwords or create checksums over files.
They’re often used to store passwords, but they can also be used to create checksums over files, or other things.
There’s also not just one hash function, there are multiple hash functions with different strength. And there exists bad ones, like MD5, which is more or less cracked and broken, and better ones like SHA2 or SHA3. In theory, SHA3 would be better than SHA2, but it doesn’t have a large support right now from bigger companies and tools, so we’re stuck with SHA2, for the moment. A hash usually looks like some gibberish, and you cannot determine the out and input from the hash alone. If I have two completely different words, like “banana” and “test,” the hashes will also be completely different, except for the length, which will always be the same length.
In theory, if you change one or two bits of the input, the hash should be around 50% different than before. I say “in theory” because, in hashes like MD5, there are hash collisions, which means that two different words will create the same hash. You can think of hash functions. I always like to bring up the example of hash browns when talking about hash functions. If you have the same potato- the exact same potato, two times - and you make the exact same steps to prepare the hash browns, you will get two hash browns that are identical, or even the same.
If you use another potato that is completely different, and do the same steps, you will get completely different hash browns. Also, you cannot convert your hash browns back into regular potatoes. Let’s take a look at cryptography. Now, cryptography has three main goals
which make the acronym CIA: Confidentiality - Only for the right eyes. Integrity - The message I send is the same you will receive. No attacker has edited the message I sent you. Authenticity - If a message tells that I sent it, I should actually be the real sender of that message. Now, what does cryptography have to do with passwords? First and foremost, passwords are never encrypted, or never should be. Passwords are hashed. And hashes are not encryption because an encryption can usually be reversed, and a hash, not. But passwords are used for encryption. Like if you have a password-protected zip, it’s basically just an encrypted zip.
Password-based encryption will not be the topic of this course, but with the methods, and strategies, and tools from this course, you can also crack encryption, which is password-based. Something like a password-protected zip file can be cracked with the tools and methods learned in this course. Now, let’s do a quick recap. We took a look at entropy, which is a measure of information. The higher the entropy, the more secure the password. So, our goal is to make passwords that have a high entropy, so an attacker needs more time to crack it. We have taken a look at hashing and what hashes are - usually, a one-way function to scramble passwords and store them in a safe way.
Cryptography - cryptography should not be used to store passwords. You do not encrypt passwords and store them in databases. You hash them, store them in databases, and when a user tries to log in, you hash what he enters in the password box, and compare the two hashes. Encryption and decryption will not be the topic of this course. We will focus on passwords and how to exploit them, and how you can prevent that. And that’s it for this video. Thank you for watching. In the next one, we’ll be setting up the environment.

This step will explain the basics of hashing and cryptography, and how these concepts relate to passwords security.

Passwords are never encrypted, they are hashed. That means that fixed bits of information are converted into unique, fixed-length strings of seemingly random letters and numbers. Hashes are generated by hashing algorithms. There are many types of hash functions, with different degrees of strengths. One-way hash functions are usually used to store passwords. Others, like MD5 do not have great strength, while SHA2 is much better. This video will further explain the difference between hashing and encryption.

This article is from the free online

Advanced Cyber Security Training: Hands-On Password Attacks

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now