Solved

Difference betwen Hash and signature

Posted on 2010-09-06
6
486 Views
Last Modified: 2012-05-10
What is the main deference between, generate Hash or sign from a private key.
0
Comment
Question by:rflorencio
6 Comments
 
LVL 8

Expert Comment

by:Gururaj Badam
ID: 33612002
A signature contains the required Private/public key to encode/hash the data (Encrypt) so it can be safely sent over the wire.

Hashing is one of process while encrypting.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 33612467
Hashing the data makes it unreadable and is a one-way operation (note that hashing is NOT the same as encrypting). Signing is a way of identifying and verifying the source of whatever is being hashed.
0
 
LVL 12

Expert Comment

by:Mohamed Abowarda
ID: 33612622
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 27

Accepted Solution

by:
Tolomir earned 450 total points
ID: 33613222
Hashing some content is often used for internal processing in most cases. You hash some data and store it into the database. Since it is a one-way function you always have to hash new data to be able to compare it with already hashed data (e.g. passwords) There are well know hash algorithms like md5.

Signing a message goes the same way. You create a hash value from the message, then you use your private key to encrypt that hash string.
Someone checking the signature requires your public key to generate the original hash value (this goes without the need of a password!) then you get a hash string. Now you hash (with the same hash function as the sender used like md5) the original message and compare both hashes - if they are equal the message is unchanged.

Someone without access to the private key of the sender is not able to create a signature that can be decrypted with the senders public key, so this is quite safe.
The advantage of using a hash function is, regardless how long the original message was, you always get the same hash length.
 
I hope this explains the procedure more clearly...

Tolomir
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 33613243
I've md5 hashed my message:

98cef3ab28a226306049b774005c09ae

As you can see there is no way to get the original message back, the result of the hash function contains not enough data to be able to decrypt it.
But the hash string is perfect to fit into a signature of an email. Of cause it needs to be "encrypted" with a pgp private key to be safe from modifications.
0
 

Assisted Solution

by:andrew_smith
andrew_smith earned 50 total points
ID: 33616095
A hash allows you to detect if the message has changed since the hash was generated, typically this is checking for corruption in transit but it also allows you to detect if the message has been altered.
Of course if someone altered the message deliberately then they could generate a new hash. So a signature encrypts this with someones private key, which only the original creator should have. If you can decrypt the hash with that persons public key and it all matches up you now know that the message is intact and that it had to have come from the original sender (non-repudiation).

(we keep saying message here, but the same process scales up to files, media etc)
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now