Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Difference betwen Hash and signature

Posted on 2010-09-06
6
Medium Priority
?
496 Views
Last Modified: 2012-05-10
What is the main deference between, generate Hash or sign from a private key.
0
Comment
Question by:rflorencio
6 Comments
 
LVL 8

Expert Comment

by:Gururaj Badam
ID: 33612002
A signature contains the required Private/public key to encode/hash the data (Encrypt) so it can be safely sent over the wire.

Hashing is one of process while encrypting.
0
 
LVL 52

Expert Comment

by:Carl Tawn
ID: 33612467
Hashing the data makes it unreadable and is a one-way operation (note that hashing is NOT the same as encrypting). Signing is a way of identifying and verifying the source of whatever is being hashed.
0
 
LVL 12

Expert Comment

by:Mohamed Abowarda
ID: 33612622
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 27

Accepted Solution

by:
Tolomir earned 1800 total points
ID: 33613222
Hashing some content is often used for internal processing in most cases. You hash some data and store it into the database. Since it is a one-way function you always have to hash new data to be able to compare it with already hashed data (e.g. passwords) There are well know hash algorithms like md5.

Signing a message goes the same way. You create a hash value from the message, then you use your private key to encrypt that hash string.
Someone checking the signature requires your public key to generate the original hash value (this goes without the need of a password!) then you get a hash string. Now you hash (with the same hash function as the sender used like md5) the original message and compare both hashes - if they are equal the message is unchanged.

Someone without access to the private key of the sender is not able to create a signature that can be decrypted with the senders public key, so this is quite safe.
The advantage of using a hash function is, regardless how long the original message was, you always get the same hash length.
 
I hope this explains the procedure more clearly...

Tolomir
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 33613243
I've md5 hashed my message:

98cef3ab28a226306049b774005c09ae

As you can see there is no way to get the original message back, the result of the hash function contains not enough data to be able to decrypt it.
But the hash string is perfect to fit into a signature of an email. Of cause it needs to be "encrypted" with a pgp private key to be safe from modifications.
0
 

Assisted Solution

by:andrew_smith
andrew_smith earned 200 total points
ID: 33616095
A hash allows you to detect if the message has changed since the hash was generated, typically this is checking for corruption in transit but it also allows you to detect if the message has been altered.
Of course if someone altered the message deliberately then they could generate a new hash. So a signature encrypts this with someones private key, which only the original creator should have. If you can decrypt the hash with that persons public key and it all matches up you now know that the message is intact and that it had to have come from the original sender (non-repudiation).

(we keep saying message here, but the same process scales up to files, media etc)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
Hello there! As a developer I have modified and refactored the unit tests which was written by fellow developers in the past. On the course, I have gone through various misconceptions and technical challenges when it comes to implementation. I would…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question