Hashes As Hand Signatures
A hash is no more than an encryption algorithm that is intended to be
non-revertible - a one way encryption.
Just like Hand Signatures, its main function is to verify the authenticity
of the source or initiator of a particular transaction.
The strength of a hash algorithm lies in the certainty that the hashed data
cannot in be reversed to obtain the original data.
Application of Hash Algorithms
If two parties intend to communicate securely with a Public Key -
Private Key set-up over the Internet, the only uncertainty they will face
will be who exactly is the author of a particular message, since a Public Key
is accessible to everybody and anybody on the Internet and files sent
over the Internet - or any other network for that matter - can be
intercepted (and changed - since the Public Key for encrypting messages is available to everyone)
by a suitably placed third party on the network.
This is where Hash Algorithms come into play.
Now since hashes should both be unique and non-revertible, the first party
produces a hash of his message first and encrypts this hash value using his
Private Key before encrypting his message proper using the Public Key of the second party.
The first party sends both message and hash value to the second party.
When the second party receives the message and message hash value in
encrypted forms, he decrypts the message using his private key and
the hash value using the public key of the first party; carries out
a fresh hash on the message, and compares his fresh hash and the sent hash.
If both hashes correspond, then the authenticity of the message has been
verified - i.e., the message could only have been authored by the first party
since even if the message was intercepted, and a change attempted, the hash value
could not be changed unless the intercepting party has knowledge of the first party's
Private Key.
Passwords to online user accounts are also widely hashed before they
are committed to databases.
Every time a user tries to log into his/her account, the entered
password is hashed before been compared to the hash value in the
application's database.
As hash values, if the security of a web application were to be breached
and user account details were stolen, these accounts cannot be compromised
since hash values are non-revertible.
It has to be mentioned though that common passwords can still be made out
by comparing the stolen hash values to hash values for known common passwords.