7. The Bedrock of Cybersecurity: Cryptography 171 Table 7.9 Hashes in hexadecimal format. 7.2.3.1 Hash Properties In physical space a fingerprint “stands in” for a person—even though it is just a small fragment, it uniquely identifies a person. In the same way, a hash uniquely identifies a data object. Like a fingerprint, hashes are lossy. As they crunch data, they lose information. Because hash functions are lossy, there is no way to go from a hash back to the original data object. Symmetric and public key encryption are both lossless because the original data must be recoverable, but this is not true of hash functions. This helps in making them much more efficient than the encryption process. Efficiency is important for hash functions since they need to be able to quickly process large data inputs. Unlike ciphertext, there is no way to reverse engineer or cryptanalyze hashes to recover the original data—this is a feature of hashes called the one-way property. Hashes also must be unique. There cannot be two different data objects that have the same hash. This property is called collision resistance. It is mind-boggling that no hash collisions could ever be found (i.e., different data objects having the same hash). After all, hash strings are relatively short and there are an infinite number of data objects. But as we saw above with key lengths, powers of two grow quickly, and the number of “hash buckets” for a modern day hash function is practically infinite. Below we explore the math for the collision resistance property of hashes. 7.2.3.2 Data and Message Integrity These properties of hash functions, one-way and collision resistance, have surprisingly many uses. One use is data integrity. For example, the hash for an executable can be stored in a secure environment, and the program can be periodically hashed to see if it produces the same hash string as the one on file. If it does, the program has not been tampered with, but if it does not, one can know definitively that the executable has been modified in some way—this is due to the collision resistance property of hash functions. The hash would not reveal the exact modification, but it would detect that a modification of some sort has occurred. In some instances, this would mean that the program can no longer be trusted. Table 7.10 shows hash results for slightly different strings. The first and second string are 112 bits long and differ by only one bit—the third bit is a 1 in the first string and a 0 in the second. The other 111 bits are identical. The hashes of these strings
RkJQdWJsaXNoZXIy MTM4ODY=