Understanding Hash Functions, Network+ Exam


       I am running through the securing TCP/IP of the N10-06 certification and having difficulty understanding the use of Hash. I get the process of using the algorithm to change the data, but what I don't understand is how that is applied and how it is decrypted on the receiving side to get the data. I have read that it is a One-Way system and cannot be decrypted, but if that is the case how does the recipient decrypt it? Is there a public key sent with the hash and what portion of my computer actually does the decryption. I've been Googling on this a while and reading Mike Myers book as well as Professor Messers video on it, but I am only getting vague descriptions on the intent and concept but not how its staged and executed. Does anyone have any sage advice on this?

James BunchSystems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


The hash is not decrypted

The data is re-hashed at the other end and the hashes are compared to ensure that what was sent is the same as what was received.

Dr. KlahnPrincipal Software EngineerCommented:
Hashing is, indeed, a one-way process.  It is easy to hash a data stream; it is difficult if not impossible to go backwards because of hash collisions.

Hashing is used for many purposes but three are very common:

  • Table lookup for identifiers that would otherwise be complex to look up
  • Password validation
  • Validation for data

Since the context is "securing TCP/IP", I suspect that the last two apply.  Herewith are possible examples.

Consider a complex data stream received by a system -- let it be as long and complex as you like.  Apply the hash algorithm to it.  The receiver says to the sender, "Is this (value) the correct hash for the data you sent?"  The sender says, "Yes it is, the data you received is probably valid" or "No it is not; the data you received is definitely invalid or it has been tampered with."

Hashing also allows password validation without storing or exchanging passwords.  (Storing actual paswords is obviously dangerous if the password database is compromised.)  Consider:  System A needs to send a password to system B.  System A salts the password, hashes it and sends the hash.  System B checks to see if the hash matches.  If the hash matches there is a very high probability (not perfect, due to hash collisions) that the password is correct.  At no time did the actual password travel over the network - though the connection should obviously be encrypted, even though the password is salted.

This used to be considered acceptably secure, but due to the improvement in compute horsepower it is now possible to find hash collisions via rainbow tables, and hash-based validation (on a single hash) is no longer as secure as would be desirable.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
James BunchSystems EngineerAuthor Commented:
@Alan So the HASH itself does not contain the data directly like in cipher blocks or streams, its just a equation used on both ends to verify it matches exactly? Kind of like the concept of FCS of a frame? So the hash AND the data are sent to the recipient and then the receiving system runs the hash "Re-Hash" and compares its answer with the one that came from the sender?

If this is so, do the hash and data go at the same time, or does it act kind of like  a certificate when accessing a secure site. You request data, the hash is sent to you and when its confirmed you received it then the data comes in a sequential transmission?

Sorry to ask so many questions. It is just hard to move forward with learning this stuff if I don't feel 100% confident I get the process.
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

James BunchSystems EngineerAuthor Commented:
@Dr. Klahn  
At no time did the actual password travel over the network - though the connection should obviously be encrypted, even though the password is salted.

Your response was submitted when I was responding to Alan, sorry. But with your quote above, since the hash has not been submitted at this point of verification, once the systems agree the data is valid, does it then send the password across? Or does it not even need too since the authentication system knows the hash is valid and assumes from that point.
David Johnson, CD, MVPRetiredCommented:
the password is never sent since the hashes match. If they don't match then an invalid username/password sequence is sent.
Dr. KlahnPrincipal Software EngineerCommented:
That would depend on the programs using the communication channel.  However, if the systems are using hash confirmation, there is probably no value in sending the password because the receiving system probably does not know the password.  All it has stored is the hash, or possibly hashes if multiple hash algorithms are being used.
James BunchSystems EngineerAuthor Commented:
Okay now some of these details in the book/study material are making sense based off of the responses. Thank you all for elaborating, you are awesome!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.