12. Hashing Deep Dive

Hashing puts data through a hash function or algorithm to create an alphanumeric digest that means nothing to people who might view it.

Key Points

• No matter how long the input is, the hash digest will be the same number of characters.
  • Any minor change in the input, such as:
  • a misspelling
  • an upper-case or lower-case error will create a completely different hash digest.
• The hash digest can be used to confirm that the input exactly matches what is expected or required, such as a password.

Why It Matters

• Hashing can help detect changes in data.
• It acts as an extra layer of defense.

Checksum

• Before going live with a third-party software product, it must be verified that nothing has changed since it was tested.
• The provider usually sends the digest of their code.
• That digest is compared to the original.
• This is also known as a checksum.

If There Is a Discrepancy

• A discrepancy means something has changed.
• Security coders compare the original and the new one.
• They may need to inspect line by line to find bugs or lines that need fixing.
• Sometimes these problems are not intentional.
• Sometimes they appear during final adjustments to the software.

Example Mentioned in the Slide

• At the University of Florida, copies of Windows 2000 / Millennium distributed to 50,000 students on CD-ROMs were compromised.
• The problem was detected when the digests did not match on a distribution file.