Post permalink

• prog_dotnet
  Nov 19, 2006 at 12:54 AM

  so it depends on what kind of hashing algorithm you are using.
  
  You can think of a hash like a factory...
  you send you message in, and get som numbers back. You provide the numbers (hash) along with the message to your friend, and he sends the message to his factory, and get som numbers back.

  He then compares his numbers with the ones provied from your end. If they are equal, then he can be resonably sure that the message
  are original and not modified in any way.

  In a security context, one normally sign the hash to make sure that
  that they are not forged. And since the hash is only useful if you have access to the source data, ( you need to compare two hashes created from the same source), you might think that one can convert between different hash alorithms...

  But the hash is created by inspecting the original message block by block, its a one way function...you can get the hash by inspecting the message, but you cant get the message by inspecting the hash.

  If you culd get an unseen message from a hash ( what you actually must do to convert from md5 to sha1), or find two different messages with the same hash, then the hash function
  is considered insecure.

See more posts in thread…