What Is Hashing? | What Is Hashing With Example | Hashing Explained Simply | Simplilearn

Simplilearn

8 Jul 202109:45

Summary

TLDRThis video script from 'Simply Learn' delves into the importance of secure password storage, contrasting plain text, encryption, and hashing methods. It emphasizes hashing as the industry standard due to its one-way, irreversible nature, preventing plain text password storage. The script explains hash functions, their mathematical operations, and the significance of unique digests for each input. It also addresses security enhancements like salting and peppering to prevent hash collisions and strengthen password security, making it harder for hackers to crack passwords.

Takeaways

🔐 Websites have three options for storing passwords: plain text, encryption, or hashing. Hashing is the most secure method.
🚫 Storing passwords in plain text is highly insecure as it allows anyone to access the passwords, and a data breach can expose all credentials.
🔒 Encrypting passwords requires storing a decryption key, which, if compromised, can lead to both the key and encrypted passwords being leaked.
🔄 Hashing passwords is irreversible, providing a higher level of security as only the hash values are stored, not the plain text.
🔑 Hash functions are algorithms that perform mathematical operations on data to generate a unique hash value or 'digest'.
⚠️ Hash functions are designed to be one-way, meaning they should not be reversible, ensuring that original data cannot be retrieved from the hash.
🔄 When a user signs up, their password is hashed and the hash is stored. Upon login, the entered password is hashed again and compared to the stored hash.
🔗 Hash functions must be quick for efficiency but not so fast that they become vulnerable to brute force attacks.
🔄 A good hash function will produce a significantly different hash value even with a minor change in the input, ensuring data integrity.
🧂 'Salting' adds a unique random keyword (salt) to the password before hashing to reduce hash collisions and enhance security.
🌶️ 'Peppering' involves adding a common random string (pepper) to the password before hashing, which is not stored on the server, further securing the hashes.

Q & A

What are the three alternatives for storing user passwords mentioned in the script?
-The three alternatives for storing user passwords are: storing passwords in plain text format, encrypting the passwords using an encryption and decryption key, and storing the passwords in a hash value.
Why is storing passwords in plain text considered unsafe?
-Storing passwords in plain text is unsafe because it allows anyone with access to the company's servers to read the passwords, and a single hack or data breach can expose all account credentials without extra effort.
What is the risk associated with storing encrypted passwords on a server?
-The risk with storing encrypted passwords is that if there's a data breach or server hack, both the decryption key and the encrypted passwords could be leaked, making it a single point of failure.
How does hashing differ from encryption in terms of security?
-Hashing differs from encryption in that it is meant to be irreversible, meaning no decryption key can convert the hashed value back to its original form. This is intended to provide a higher level of security as it prevents the original data from being retrieved even if the hash is compromised.
What is the purpose of a hash function in the context of password storage?
-A hash function is used to scramble the password into a hash value, which is stored on the server. When a user logs in, the entered password is hashed and compared to the stored hash value to verify the password without ever storing the plain text password.
Why are hash functions designed to be one-way?
-Hash functions are designed to be one-way to ensure that once data is hashed, it cannot be reversed or decrypted back to its original form, thus providing a layer of security by preventing the recovery of sensitive information like passwords.
What is a hash collision and how can it be mitigated?
-A hash collision occurs when two different inputs produce the same hash output. This can be mitigated using techniques like salting, where a unique random keyword (salt) is added to the input before hashing, ensuring that even identical passwords will produce different hash values.
What is the role of salting in hashing passwords?
-Salting involves adding a unique random string (salt) to the password before it is hashed. This ensures that even if two users have the same password, their hash values will be different due to the unique salt, thus reducing the risk of hash collisions.
How does peppering complement salting in enhancing password security?
-Peppering adds an additional layer of security by including a random string (pepper) common to all users but not stored on the server. This pepper is hard-coded into the website's source code, making it more difficult for attackers to crack hashed passwords even if they obtain the salts.
Why is it important for a hash function to be quick yet not too fast?
-A hash function needs to be quick enough to handle large amounts of data efficiently but not so fast that it becomes susceptible to brute force attacks. The balance ensures security by making it computationally expensive to try all possible combinations to reverse the hash.
How do hash functions ensure data integrity when files are uploaded and downloaded?
-Hash functions ensure data integrity by generating a unique hash value for the file. This hash is uploaded with the file. When a user downloads the file, they can recalculate the hash and compare it to the original. If the hashes match, it confirms that the file has not been tampered with or corrupted.