HASHING: TAKING PRIVACY TO THE EXTREME
What best example of hash would I give to steemians other than their login passwords, bitshare login passwords, your voting keys etc., information and data are hashed for extreme security reasons. Then the next question would be, what is a hash or what is hashing? Is it the same with encryption? When is hashing necessary? Can hashed authentication details ever be recovered? Looking at those angry looking letters, numbers and even symbols when you registered on steemit with a bold suggestion of saving it somewhere safe, obviously, hashed details can not be retained in the human
memory, even if it can, it won't last there for long.
Looking at the first assumed question I feel like rushing to Wikipedia, copy and drop the meaning of hash in quote but that would mean sending my fans away from my blog. Here I will take a pure mathematical and Electronic approach in showing you guys how the angry looking expression was derived, and probably answer the above questions in clear terms, so sit tight as I bring to you a little tech tip for the day!
Image credit: ZDNET
Let me start by pointing out the difference between hashing and encryption. In a general term, encryption is a two way process; encryption and decryption. If I am to borrow word from my chemistry days I would say encryption is a reversible reaction. Encryption uses a set of keys to turn data into "humanly" unreadable characters that have variable lengths, once you have these keys, you can get back the original data.
Now, head back to your steemit.com login password and count it (I bet it is 52 characters), ask your friend to do same and tell you the result. Hashed data have fixed length and the length is dependent on the algorithm used. Hashing is irreversible. Once an information is hashed, it can not be recovered. Hashes are generated by parsing strings through an algorithm which results maintains fixed length but varies very widely with a little change in input string.
This means that if I subject my username "@henrychidiebere" to a hashing algorithm, the result would be the same length as when I subject my username plus the whole alphabets! The only way to check if a hashed password for example is correct is to hash exactly the same word and compare the results. In the picture shown,
))
Image credit:@henrychidiebere
To demonstrate that encrypted details can be decrypted (sometimes very easily), copy "096C460C17170E11030500232E262D2130" without the quotes and head to this site then hit "crack password". The image shown below shows the out put was exactly equal to the input "@henrychidiebere".
Try to decrypt the first password, I leave that to you, lol.
The first password as shown in the figure above had "5" written after the "secrete" which shows it is Message Digest 5 (MD5) hashing standard, which is a popular hashing standard. The only way to "recover" a hashed credential is by brute force attack which I call a a guessing game cause it involves hashing random strings and comparing the output to the already hashed word, if it is a match, then the process is successful. 90% of brute force attacks on a long passwords are always unsuccessful.
Finally I will go through the mathematical process of generating a hash. I will assume a little understanding of basic binary operations. The algorithm I will explain here is first the Secure Hash Algorithm (SHA-1).
The first step for hashing a word using SHA-1 is to create 5 hexadecimal variables each equating to 4 byte (32-bits). This is a variable meaning the values can take any shape. For the purpose of this example I will use the variables shown below (you can choose yours).
H0-11001010001010100011101010101000
H1-00010001111000101010001111001110
H2-01010101010101010101010100001110
H3-11111111100001010101000110011001 and finally
H4-01000101011101010101010011010101
The next step is to choose any word to hash and obtain the American Standard Code For Information Interchange (ASCII) equivalent of the word. You can find all ASCII character set here, I'll use my username "henrychidiebere" which is equivalent to "104 101 110 114 121 99 104 105 100 105 101 98 101 114 101" in ASCII transformation (note that the conversion is case sensitive, hence the capitalized characters have different ASCII codes from the lowercase letters).
Next, I'll convert the above ASCII codes to binary numbers. Because the ASCII codes are 127 in numbers, 8 bits (2^(8)=256) are enough to represent them in binary. Hence, henrychidiebere=
01101000 01100101 01101110 01110010 01111001 01100011 01101000 01101001 01100100 01101001 01100010 01100101 01110010 01100101
The above binary is 112 in numbers. You can read more about binary conversions here***
Next, We join all the binary numbers (void of space) to form a nibble. Hence, henrychidiebere =
0110100001100101011011100111001001111001011000110110100001101001011001000110100101100010011001010111001001100101
Next, We pad the above value with zeroes till we get 448-bit. Unlike decimals, the most significant bit for binary expressions are located on the right, hence we add zeroes to the right of the last bit till we get 448 bits. This is to accommodate more strings.
0110100001100101011011100111001001111001011000110110100001101001011001000110100101100010011001010111001001100101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Next, the length of the binary above is 448, to complete the standard SHA-1 length of 512, we convert the initial length of the string which is 112 to binary, giving us "01110000". We need 64-bits to make the length of 448-bit above equal 512. We add this 01110000 to the end of the 64 making the character look like this
0000000000000000000000000000000000000000000000000000000001110000
At this point, we combine the two binary strings, the 448-bit and the 64-bit, to form 512-bit and break it up in 32's to obtain 16 lines as shown below
01101000011001010110111001110010
01111001011000110110100001101001
01100100011010010110001001100101
01110010011001010000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000000000000
00000000000000000000000001110000
Next, we transform the above 16 by 32-bit long expression into 80 words. Our target is to Obtain an expression we can compare with our initial five variables. We make use of step loop function taking four words in each loop corresponding to 1, 3, 9 and 14, then 2, 4, 10 and 15 then 5, 8, 11 and 16 and finally 6,7,12 and 13. We perform an exclusive or operation on each of the above line pairs in the format
(((13 XOR12) XOR7) XOR 6)
The exclusive OR operation gives 1 only when the all the input are 1, elso, the output is zero. performing the above XOR operation on the 16 by 32-bit expression, we obtain the following expression
100001100000000000000000000000000
11000010010100100100100101010000
00001011010100100101100101010100
11000011010100100101100101011000 and
11000110101001001011001010101000
At this point we have the expression to compare with the initial five variable. Remember, they are called variable cause it can take any desired shape, this shows how varied the hashing function can be, the length of your bitshare account (if you have any) is not the same as the length of your steemit login password and both are products of hashing. For the purpose of this example, I will use only And operation to join the above expression to our initial variable but in reality, more than one logic operations are applied in performing this function. The resulting expression is shown below (you can perform this with an online calculator here
H0- 00001000000000000000000000000000
H1- 00000000010000100000000101000000
H2- 00000001010000100000000101000100
H3- 00111100111111111010111011101000 and
H4- 01000100001001000001000010000000
Finally, to obtain the required expression, we convert the above expression into hexadecimal value. You can perform this online here.
H0- 8000000
H1- 420140
H2- 1420144
H3- 3CFFAEE8
H4- 44241080
combining the above expression we have
800000042014014201443CFFAEE844241080
The above expression obtained using the SHA algorithm with my own "tweaking" and anyone can perform this as he/she pleases. So Hashing truly takes privacy to the extreme
Conclusion
Hashing is a one way process in which a desired string is subjected to some algorithm with an irreversible outcome. Our steemit passwords are hashed to prevent packet sniffing attacks since our usernames are obvious. Encrypted information can be retrieved once you have the encryption keys. Hashing is usually used when we want to prevent man in the middle attack, hence authentication can only be done by running the same algorithm and comparing the result with an already hashed strings. Brute force attack is the only possible means of breaking hashed information but the success rate is extremely low.
REFERENCES
- ASCII characters -Hawaii_edu
- binary operation -electronicstut
- hashing algorithm -cryptocompare
- Online bitwise calculator
- Online binary to Hex converter
some times, it is always necessary to take our encryption to the next level...especially when you doing very important thing or have so much important thing on your computer...Thanks Henro!