Dwight Watt - Newspaper Article #394 10/18/2017


Question: What is a security hash?

Answer:

When machines exchange passwords across the network or the Internet there are three basic ways the password could be sent.

The first way is that it sends the password to the server in plain text form. This way should never be used for a password as a person who picks up the signal across the network can easily read the password.

The second way is by sending encrypted communications. This means that what ever is sent is basically scrambled using some format and at the other end the information is unscrambled. This makes it harder for the password to be stolen while being sent but knowing the method used to encrypt the communications, the password and message can be decrypted and read. This is basically a good method and most often used and works fine as long as the code to do the scrambling or encrypting is long enough.

The third way is by using a hash. This is not something that we eat. This is taking the encryption to a new level. Your credit cards that use the chip on them use a hashing method. With the hashing method, the password is not actually sent (either encrypted or decrypted. The sending device used a method and key to create a hash of the password which is then sent. The hash creates a whole new code and even knowing what code and method was used to create the hash will not allow you to decode the hash and create the password (with encryption you could do this). The receiving machine knows how the hash was created and either creates a hash from the password on file (or better yet created a hash when you set up password an never kept the password) and then the receiving machine compares the hash sent to the hash it has or just created and sees if matched (similar to just sending passwords). Now there is a special code (the hash) that is created each time and compared and no way to recreate the original password (it is theorically possible but such complex math and so much work involved it would take way to long (years) to do and not worth it)

You really do not need to understand how hashing works but you want to know when passwords for credit and debit cards and financial information are sent across the network that they use hashing which is a very strong security. However, keep in mind the bad hackers, etc. are always trying to find ways to beat the system so constant improvements must be made by the good security people.