Information Security

Lecture # 14

Dr. Shafiq Hussain

Associate Professor & Chairperson
Department of Computer Science

1
 Objectives
• Introduction to Hash Functions.

2
 Hash Functions
• A hash function is a mathematical function or
algorithm that simply takes a variable number of
characters (called a ”message”) and converts it into a
string with a fixed number of characters (called a
hash value or simply, a hash).

3
 Hash Functions (Cont..)
• Means the input to the hash function is of any length
but output is always of fixed length.

4
Hash Functions (Cont..)

5
 Hash Functions (Cont..)
• The act of hashing is, therefore, running an input into
a formula that converts it into an output message of
fixed length.

6
 Hash Functions (Cont..)
• No matter how many characters long the input is, the
output will always be the same in terms of the
number of hexadecimal (letters and numbers)
characters.

7
 Hash Functions (Cont..)
• Hashing is useful to ensure the authenticity of a piece
of data, as any small change to the message will
result in a completely different hash value.

• Hash functions are the basic tools of modern

cryptography that are used in information security to
authenticate transactions, messages, and digital
signatures.

8
 Hash Functions (Cont..)
• Hashing is generally a one-way function, which
means that it is easy to convert a message into a hash
but very difficult to “reverse hash” a hash value
back to its original message as it requires a massive
amount of computing power.

9
 Hash Functions (Cont..)
• This difficulty is what cryptocurrencies like Bitcoin,
which uses proof-of-work systems, depend on to
ensure the integrity of their blockchain.

10
 Hash Functions (Cont..)
• When you hash a message, it takes your file or
message of any size, runs it through a mathematical
algorithm, and spits out an output of a fixed length.

11
Hash Functions (Cont..)

12
 Hash Functions (Cont..)
• In Table 1 above, the same input message (the letters
CFI) are converted into hash values using three
different hash functions (MD5, SHA-1, and SHA-
256).

13
 Hash Functions (Cont..)
• Each one of those different hash functions will spit
out an output hash that has a set fixed length of
hexadecimal characters.

• In the case of MD5, it is 32 characters, SHA-1, 40

characters, and SHA-256, 64 characters.

14
Hash Functions (Cont..)

15
 Hash Functions (Cont..)
• It doesn’t matter what we put in as an input, the same
hash function will always produce a hash value that
has the the same number of characters.

16
 Hash Functions (Cont..)
• In Table 2 above, we change the message each time,
but using the same hash function (SHA-1 in this
case), the output is always 40 hexadecimal characters
long.

17
 Hash Functions (Cont..)
Ensure data integrity:
• Let’s think of an example where you want to send a
digital message or document to someone, and you
want to make sure that it hasn’t been tampered with
along the way.

• You could send it multiple times and have the

recipient verify each copy is the same, but that would
not be feasible if the file or message was very large.

18
 Hash Functions (Cont..)
• It would be much easier if there was a way of having
a shorter and set number of characters for the sender
and receiver to check.

• And that’s essentially what a hash function allows

two computers to do.

19
 Hash Functions (Cont..)
• Rather than compare the data in its original (and
larger) form, by comparing the two hashes of the
data, computers can quickly confirm that the data has
not been tampered with and changed.

20
 Hash Functions (Cont..)
• Hash functions, therefore, serve as a check-sum or a
way for someone to identify whether digital data has
been tampered with after it’s been created.

21
 Hash Functions (Cont..)
Verify authenticity:
• For example, if you send out an email, it can be
intercepted easily (especially if it is sent over an
unsecured WiFi network).

• The recipient of the email has no way of knowing if

someone has altered the contents of the email along
the way, called a “Man-in-the-Middle” (MitM)
attack.

22
 Hash Functions (Cont..)
Verify authenticity:
• However, if the sender signs the email with their
digital signature and hashes that together with the
email contents, the receiver can examine the hash
data to ensure that the email contents have not been
modified after being digitally signed.

23
 Hash Functions (Cont..)
Verify authenticity:
• To do this, the receiver would compare the hash value
on the digitally-signed email received to a hash value
they “re-generate” themselves using the same hash
function provided by the sender, as well as the
signer’s public key.

24
 Hash Functions (Cont..)
Verify authenticity:
• If it matches, that means that no one has altered the
message, but if the hashes are different, then the
receiver knows that the contents of the email are not
authentic, as even if something small has been
changed in that message, the hash will be completely
different.

25
 Questions
Any Question Please?

You can contact me at: [email protected]

Your Query will be answered within one working day.

26
 Further Readings
• Chapter No. 1
Computer_Security_Principles_and_Practice_(3rd_E
dition)
By William Stallings and Lawrie Brown

27
Thanks

28