Hashing Techniques
We build applications where components could be communicating between each other to share or pass some piece of data over the network. With this we can expect lot of security issues in terms of the data integrity and authenticity between these components.
How do we make sure the received message is from an authenticated component?
Did the data get changed during transit? What is the guarantee?
In order to make sure systems are communicating with an authenticated partner and the data integrity issues does not exists, few of the security concepts and algorithms evolved. Lets try to get a brief overview on these concepts in this article.
We will be using Cryptographic hash function as a terminology going further every now and then. Cryptographic hash function is an algorithm in which a fixed size string is generated from a piece of data. It is expected that hash key generated is nearly impossible to reverse and get the original message back. It is not an encryption technique. While the data is transmitted over the network, components will attach this hash key generated to verify the authenticity and data integrity. Receiver would be using the same algorithm to generate the hash key from the message and confirms that the message is not modified during the transit.
Message Digest
Message Digest is simply a hash of a message. Here an cryptographic hash function is used to generate a fixed size string. Message is the only input to generate a message digest value here.
inputMessage -> Hash() -> Fixed size hash key
MAC – Message Authentication Code
Message Authentication Code is also a fixed size string generated to check the data integrity and authenticity. MAC uses the original message and a secret key to generate the MAC value, also called as “tag”. It is expected that both sender and receiver knows the secret key to validate.
HMAC – Keyed Hash Message Authentication Code
HMAC is a specific type of MAC. Any cryptographic hash function can be used to generate MAC value here. Based on what algorithm is used internally, HMAC is termed as HMAC-MD5 or HMAC-SHA1, HMAC-SHA2(HMAC-SHA256, HMAC-SHA512)…and so on.
Different Cryptographic Hash Functions
- MD5
- Secured Hash Algorithms(SHA), SHA-0, SHA-1, SHA-2
SHA1 and SHA2 are widely used. Based on the output string size it is either SHA256 or SHA512.
Java package under cryptography, there are many utilities available to work on these cryptographic techniques.
PS: We have not discussed about the encryption technique so far, so the message could be send as is or encrypted along with the hash string.
Encryption
Encryption is a technique in which original data is converted into an unreadable, non fixed size string by applying some mathematical transformations. These transformations(Cipher) are done using an encryption key. Unlike hashing, encrypted string can be decrypted back to get the original message. Broadly there are two types of encryption techniques.
Symmetric Encryption
In symmetric encryption a shared common secret key is used while both encrypting and decrypting.
Asymmetric or Public Key Encryption
There will be two different keys for encryption and decryption here.
Algorithms used in Encryption
- DES – Data Encryption Standard, Uses a 56 bit sized key
- TripleDES
- AES – Advanced Encryption Standard, Uses 128, 192 and 256 bit keys.
