Hashing
-
Upload
bitcoin-association-of-australia -
Category
Technology
-
view
172 -
download
0
Transcript of Hashing
– Wikipedia
A hash function is used to map digital data of an arbitrary size to digital data of a fixed size, with slight differences in input data producing very big differences in output
data.
A hash function provides a concise fingerprint for data that is easily verified, and easy to spot if
the data has been tampered.
Arbitrary Input LengthIdeally, we should be able to hash anything we want: an
email, document, movie, etc.
Fixed Output LengthThe output of the hash function should be small so it is
efficient to send, and differences can be easily detected.
The Avalanche EffectA small change to the input, should have a large effect
on the output to make tampering easy to detect.
Collision ResistanceThe probability of generating the same hash output
should be computationally impractical.
Password Storage And Verification
Instead of storing your actual password, websites will store the hash of your password
Prevents system administrators, and hackers from being able to view your password if they gain
access to the database.
Source Code/Software Verification
Using hashes and public key cryptography digital signatures we can quickly verify that source code and software has not been tampered with.
GITGIT is the most popular version control software used to
track source code changes throughout a project.
A git source code repository computes hashes of each file, directory structure, and commit details to ensure
source code integrity.
Bitcoin ArmoryBitcoin technology allows a person to hold their entire
life savings in software.
With this in mind, the ability to verify that software we download hasn’t been tampered with becomes critically
important.
Signed Hash FileContains the signed message and the message signature that will be verified
against the software vendors signing key. In this example, the message contains the hash of the file we want to verify, and the filename.
Signing KeyContains the software vendors public key used to verify that the signed message is authentic, and has not been
tampered with.
This can be downloaded from the software vendors website, or from a centralised key server.
Further Reading• Hash function wikipedia definition
• http://en.wikipedia.org/wiki/Hash_function
• GPG-Verifying Armory Installers
• https://bitcoinarmory.com/download/
• Brainwallet
• http://brainwallet.org