What is the difference between hashing or encryption a data
-
- please some one tell me difference between hashing or encryption a data. 2) i saw hashing also encrypt data which is not human readable and encryption does the same then why people think hashing is different from encryption ? 3) what hashing does ? 4) if we encrypt data then we can decrypt it too but if we hashing the data then can we reverse the process ? 5) if no then what algorithm hashing use that no one can reverse the data ? 6) give me two sample code to has data one will hash data without salt key and another one hash data with salt key. thanks
tbhattacharjee
You could have answered this yourself had you just typed your subject line into Google. How many time have we told you that?
A guide to posting questions on CodeProject
Click this: Asking questions is a skill. Seriously, do it.
Dave Kreskowiak -
- please some one tell me difference between hashing or encryption a data. 2) i saw hashing also encrypt data which is not human readable and encryption does the same then why people think hashing is different from encryption ? 3) what hashing does ? 4) if we encrypt data then we can decrypt it too but if we hashing the data then can we reverse the process ? 5) if no then what algorithm hashing use that no one can reverse the data ? 6) give me two sample code to has data one will hash data without salt key and another one hash data with salt key. thanks
tbhattacharjee
I have only ever considered "hashing" in the context of a "random access addressing scheme" where multiple values can "hash" to the same address; generating "synonyms". And now you want to include "hashing" with "data encryption"? What's the difference between a shirt and a pair of pants?
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
-
I have only ever considered "hashing" in the context of a "random access addressing scheme" where multiple values can "hash" to the same address; generating "synonyms". And now you want to include "hashing" with "data encryption"? What's the difference between a shirt and a pair of pants?
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
Hashing is also used for passwords in any correctly-implemented authentication system. Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] Something which a lot of people confuse with "encryption".
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Hashing is also used for passwords in any correctly-implemented authentication system. Secure Password Authentication Explained Simply[^] Salted Password Hashing - Doing it Right[^] Something which a lot of people confuse with "encryption".
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
I can wear a shirt on my legs too; even though it makes little sense and is just a bending of the original definition. Even heard of HIDAM or HDAM databases?
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
-
I can wear a shirt on my legs too; even though it makes little sense and is just a bending of the original definition. Even heard of HIDAM or HDAM databases?
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
Gerry Schmitz wrote:
even though it makes little sense
When it comes to storing passwords to authenticate users, using anything other than a hash makes little sense. :)
Gerry Schmitz wrote:
Even heard of HIDAM or HDAM databases?
Nope, and neither has Wikipedia. Google has a bunch of links to IBM documentation, but it all looks pretty dense.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
"These people looked deep within my soul and assigned me a number based on the order in which I joined" - Homer
-
Gerry Schmitz wrote:
even though it makes little sense
When it comes to storing passwords to authenticate users, using anything other than a hash makes little sense. :)
Gerry Schmitz wrote:
Even heard of HIDAM or HDAM databases?
Nope, and neither has Wikipedia. Google has a bunch of links to IBM documentation, but it all looks pretty dense.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
The point is: why use the term "hash", when one means "encrypt". Particularly when most people (including laymen) know what encrypt means; but think of corned beef, "hash" browns, and eggs in the other (i.e. all "hash" to the same subject: food).
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
-
The point is: why use the term "hash", when one means "encrypt". Particularly when most people (including laymen) know what encrypt means; but think of corned beef, "hash" browns, and eggs in the other (i.e. all "hash" to the same subject: food).
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
But that's the point: it doesn't mean "encrypt". If you encrypt something, you can get the original back. If you hash it, you can't. Just because non-techies don't know the difference, that isn't an excuse to pretend there isn't a difference. :) Some people also confuse "encrypt" and "encode", and think that
Convert.ToBase64Stringis sufficient protection for their users' passwords. Should we just lump all three concepts together under a single term? :rolleyes:
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
But that's the point: it doesn't mean "encrypt". If you encrypt something, you can get the original back. If you hash it, you can't. Just because non-techies don't know the difference, that isn't an excuse to pretend there isn't a difference. :) Some people also confuse "encrypt" and "encode", and think that
Convert.ToBase64Stringis sufficient protection for their users' passwords. Should we just lump all three concepts together under a single term? :rolleyes:
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
A "fully optimized" hash is 2-way; but at that point, it has lost any performance benefits. (i.e. it's an "index"). A "non-optimized" hash (the basic purpose) can hash mulitple inputs to the same "address"; making it useless for encryption and not particularly useful for passwords depending on the size of the address space. You want to play with hashing algorithms for "password security"? Not on my watch.
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
-
A "fully optimized" hash is 2-way; but at that point, it has lost any performance benefits. (i.e. it's an "index"). A "non-optimized" hash (the basic purpose) can hash mulitple inputs to the same "address"; making it useless for encryption and not particularly useful for passwords depending on the size of the address space. You want to play with hashing algorithms for "password security"? Not on my watch.
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
Gerry Schmitz wrote:
A "fully optimized" hash is 2-way;
I'm starting to suspect you're using a different meaning of that word. :doh:
In cryptographic applications, hash functions are typically expected to be practically non-invertible, meaning that it is not realistic to reconstruct the input datum x from its hash value h(x) alone without spending great amounts of computing time (see also One-way function).
Cryptographic hash function - Wikipedia[^]:
it is infeasible to generate a message from its hash value except by trying all possible messages
You want to use anything other than a cryptographic hash function for password storage? Not on my watch. ;P
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
What hashing does for which its value can not be reverse ?
tbhattacharjee
..there aren't many properties or methods in
global::System.Object. Each item included would be included in any derived object, and since "everything" inherits from that one class at a given point, everything has those methods. There's not many of them, yet it contains a method called "GetHashCode". Has nothing to do with encryption either, but apparently it was important enough to ensure that "everything" has that method - and I'll even hint on the fact that it has nothing to do with encrypting stuff. You're welcome :)Bastard Programmer from Hell :suss: If you can't read my code, try converting it here[^][](X-Clacks-Overhead: GNU Terry Pratchett)
-
A "fully optimized" hash is 2-way; but at that point, it has lost any performance benefits. (i.e. it's an "index"). A "non-optimized" hash (the basic purpose) can hash mulitple inputs to the same "address"; making it useless for encryption and not particularly useful for passwords depending on the size of the address space. You want to play with hashing algorithms for "password security"? Not on my watch.
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
Gerry Schmitz wrote:
You want to play with hashing algorithms for "password security"? Not on my watch.
The hashing algorithms used for passwords are considerably more secure than any encryption: SHA-512 for example generates a 512 bit hash value from the (hopefully salted) user password input. This is compared with the stored hash - so the "clear text" password is never transfered out of the authenticating system - and a match confirms the input. This gives you in theory a 1 : 1.34078079e154 chance of a collision or "false positive" assuming that the hashing algorithm gives no weight to any particular range of output values. You cannot regenerate the original input from the hashed value. Encrypted password on the other hand are seriously insecure: the decryption key has to be available to the "check the password" code and that means that it's effectively stored with the encrypted data. Please, do tell us which security systems you have implemented encryption for, so we can avoid them or ensure that we only ever use a "one-time" password (which I do anyway, no two of my logins have the same password, and I use an encrypted password store to hold them - the password to that is only ever stored in my head...)
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Gerry Schmitz wrote:
even though it makes little sense
When it comes to storing passwords to authenticate users, using anything other than a hash makes little sense. :)
Gerry Schmitz wrote:
Even heard of HIDAM or HDAM databases?
Nope, and neither has Wikipedia. Google has a bunch of links to IBM documentation, but it all looks pretty dense.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
:thumbsup:
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
What hashing does for which its value can not be reverse ?
tbhattacharjee
Most of them. Try this simple one: add each byte of the input stream together, storing the result in a byte:
byte hash = 0;
foreach (byte b in bytes)
{
hash += b;
}If you feed this any two bytes, can you tell from the result exactly what two bytes you started with? If you think you can, here are some examples: 123, 42, 0, 122 What two bytes values did I start with in each case? You get one guess. There will be a significant prize if you - and you alone - get it on the first attempt.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Gerry Schmitz wrote:
You want to play with hashing algorithms for "password security"? Not on my watch.
The hashing algorithms used for passwords are considerably more secure than any encryption: SHA-512 for example generates a 512 bit hash value from the (hopefully salted) user password input. This is compared with the stored hash - so the "clear text" password is never transfered out of the authenticating system - and a match confirms the input. This gives you in theory a 1 : 1.34078079e154 chance of a collision or "false positive" assuming that the hashing algorithm gives no weight to any particular range of output values. You cannot regenerate the original input from the hashed value. Encrypted password on the other hand are seriously insecure: the decryption key has to be available to the "check the password" code and that means that it's effectively stored with the encrypted data. Please, do tell us which security systems you have implemented encryption for, so we can avoid them or ensure that we only ever use a "one-time" password (which I do anyway, no two of my logins have the same password, and I use an encrypted password store to hold them - the password to that is only ever stored in my head...)
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Gerry Schmitz wrote:
A "fully optimized" hash is 2-way;
I'm starting to suspect you're using a different meaning of that word. :doh:
In cryptographic applications, hash functions are typically expected to be practically non-invertible, meaning that it is not realistic to reconstruct the input datum x from its hash value h(x) alone without spending great amounts of computing time (see also One-way function).
Cryptographic hash function - Wikipedia[^]:
it is infeasible to generate a message from its hash value except by trying all possible messages
You want to use anything other than a cryptographic hash function for password storage? Not on my watch. ;P
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
I use Windows Authentication. I don't presume to know more. I said there would be colissions; you want to quibble about the number.
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
And how do you think Windows stores your password? :rolleyes:
Passwords Technical Overview[^]:
For use in Windows networking, including Active Directory domains, the password is stored two different ways by default: as the LAN Manager one-way function (LM OWF) and as the NT OWF. "One-way function" is a term that denotes a one-way mathematical transformation of data. ... The most common type of one-way function in use is a cryptographic hash.
Although interestingly, Microsoft have added to the confusion by referring to "encryption" in the same sentence.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
You're confirming what I've been saying.
"(I) am amazed to see myself here rather than there ... now rather than then". ― Blaise Pascal
The only thing I'm confirming is that some people don't understand the difference between encrypting and hashing. :laugh: security - Fundamental difference between Hashing and Encryption algorithms - Stack Overflow[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
And how do you think Windows stores your password? :rolleyes:
Passwords Technical Overview[^]:
For use in Windows networking, including Active Directory domains, the password is stored two different ways by default: as the LAN Manager one-way function (LM OWF) and as the NT OWF. "One-way function" is a term that denotes a one-way mathematical transformation of data. ... The most common type of one-way function in use is a cryptographic hash.
Although interestingly, Microsoft have added to the confusion by referring to "encryption" in the same sentence.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
The only thing I'm confirming is that some people don't understand the difference between encrypting and hashing. :laugh: security - Fundamental difference between Hashing and Encryption algorithms - Stack Overflow[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
As usual, you come here having done no research for yourself. Use Google or Bing. This information is all available for you.
This space for rent
Not his first time. :laugh:
The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
