Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Difference betwen Hash and signature

Posted on 2010-09-06
6
Medium Priority
?
494 Views
Last Modified: 2012-05-10
What is the main deference between, generate Hash or sign from a private key.
0
Comment
Question by:rflorencio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:Gururaj Badam
ID: 33612002
A signature contains the required Private/public key to encode/hash the data (Encrypt) so it can be safely sent over the wire.

Hashing is one of process while encrypting.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 33612467
Hashing the data makes it unreadable and is a one-way operation (note that hashing is NOT the same as encrypting). Signing is a way of identifying and verifying the source of whatever is being hashed.
0
 
LVL 12

Expert Comment

by:Mohamed Abowarda
ID: 33612622
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 27

Accepted Solution

by:
Tolomir earned 1800 total points
ID: 33613222
Hashing some content is often used for internal processing in most cases. You hash some data and store it into the database. Since it is a one-way function you always have to hash new data to be able to compare it with already hashed data (e.g. passwords) There are well know hash algorithms like md5.

Signing a message goes the same way. You create a hash value from the message, then you use your private key to encrypt that hash string.
Someone checking the signature requires your public key to generate the original hash value (this goes without the need of a password!) then you get a hash string. Now you hash (with the same hash function as the sender used like md5) the original message and compare both hashes - if they are equal the message is unchanged.

Someone without access to the private key of the sender is not able to create a signature that can be decrypted with the senders public key, so this is quite safe.
The advantage of using a hash function is, regardless how long the original message was, you always get the same hash length.
 
I hope this explains the procedure more clearly...

Tolomir
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 33613243
I've md5 hashed my message:

98cef3ab28a226306049b774005c09ae

As you can see there is no way to get the original message back, the result of the hash function contains not enough data to be able to decrypt it.
But the hash string is perfect to fit into a signature of an email. Of cause it needs to be "encrypted" with a pgp private key to be safe from modifications.
0
 

Assisted Solution

by:andrew_smith
andrew_smith earned 200 total points
ID: 33616095
A hash allows you to detect if the message has changed since the hash was generated, typically this is checking for corruption in transit but it also allows you to detect if the message has been altered.
Of course if someone altered the message deliberately then they could generate a new hash. So a signature encrypts this with someones private key, which only the original creator should have. If you can decrypt the hash with that persons public key and it all matches up you now know that the message is intact and that it had to have come from the original sender (non-repudiation).

(we keep saying message here, but the same process scales up to files, media etc)
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question