Understanding Hash Functions, Network+ Exam


       I am running through the securing TCP/IP of the N10-06 certification and having difficulty understanding the use of Hash. I get the process of using the algorithm to change the data, but what I don't understand is how that is applied and how it is decrypted on the receiving side to get the data. I have read that it is a One-Way system and cannot be decrypted, but if that is the case how does the recipient decrypt it? Is there a public key sent with the hash and what portion of my computer actually does the decryption. I've been Googling on this a while and reading Mike Myers book as well as Professor Messers video on it, but I am only getting vague descriptions on the intent and concept but not how its staged and executed. Does anyone have any sage advice on this?

James BunchSystems AnalystAsked:
Who is Participating?
Dr. KlahnConnect With a Mentor Principal Software EngineerCommented:
Hashing is, indeed, a one-way process.  It is easy to hash a data stream; it is difficult if not impossible to go backwards because of hash collisions.

Hashing is used for many purposes but three are very common:

  • Table lookup for identifiers that would otherwise be complex to look up
  • Password validation
  • Validation for data

Since the context is "securing TCP/IP", I suspect that the last two apply.  Herewith are possible examples.

Consider a complex data stream received by a system -- let it be as long and complex as you like.  Apply the hash algorithm to it.  The receiver says to the sender, "Is this (value) the correct hash for the data you sent?"  The sender says, "Yes it is, the data you received is probably valid" or "No it is not; the data you received is definitely invalid or it has been tampered with."

Hashing also allows password validation without storing or exchanging passwords.  (Storing actual paswords is obviously dangerous if the password database is compromised.)  Consider:  System A needs to send a password to system B.  System A salts the password, hashes it and sends the hash.  System B checks to see if the hash matches.  If the hash matches there is a very high probability (not perfect, due to hash collisions) that the password is correct.  At no time did the actual password travel over the network - though the connection should obviously be encrypted, even though the password is salted.

This used to be considered acceptably secure, but due to the improvement in compute horsepower it is now possible to find hash collisions via rainbow tables, and hash-based validation (on a single hash) is no longer as secure as would be desirable.
AlanConnect With a Mentor ConsultantCommented:

The hash is not decrypted

The data is re-hashed at the other end and the hashes are compared to ensure that what was sent is the same as what was received.

James BunchSystems AnalystAuthor Commented:
@Alan So the HASH itself does not contain the data directly like in cipher blocks or streams, its just a equation used on both ends to verify it matches exactly? Kind of like the concept of FCS of a frame? So the hash AND the data are sent to the recipient and then the receiving system runs the hash "Re-Hash" and compares its answer with the one that came from the sender?

If this is so, do the hash and data go at the same time, or does it act kind of like  a certificate when accessing a secure site. You request data, the hash is sent to you and when its confirmed you received it then the data comes in a sequential transmission?

Sorry to ask so many questions. It is just hard to move forward with learning this stuff if I don't feel 100% confident I get the process.
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

James BunchSystems AnalystAuthor Commented:
@Dr. Klahn  
At no time did the actual password travel over the network - though the connection should obviously be encrypted, even though the password is salted.

Your response was submitted when I was responding to Alan, sorry. But with your quote above, since the hash has not been submitted at this point of verification, once the systems agree the data is valid, does it then send the password across? Or does it not even need too since the authentication system knows the hash is valid and assumes from that point.
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
the password is never sent since the hashes match. If they don't match then an invalid username/password sequence is sent.
Dr. KlahnPrincipal Software EngineerCommented:
That would depend on the programs using the communication channel.  However, if the systems are using hash confirmation, there is probably no value in sending the password because the receiving system probably does not know the password.  All it has stored is the hash, or possibly hashes if multiple hash algorithms are being used.
James BunchSystems AnalystAuthor Commented:
Okay now some of these details in the book/study material are making sense based off of the responses. Thank you all for elaborating, you are awesome!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.