usingMaths.com
Demonstrating and showing pupils and students one application of Mathematics.







<< PreviousNext >>

One Way Encryption - Hashes Code in C#



Hashes As Hand Signatures

A hash is no more than an encryption algorithm that is intended to be non-revertible - a one way encryption.
Just like Hand Signatures, its main function is to verify the authenticity of the source or initiator of a particular transaction.

The strength of a hash algorithm lies in the certainty that the hashed data cannot in be reversed to obtain the original data.


Properties of a Good Hash Algorithm

Any good hash algorithm is expected to possess the following characteristics:

  1. Same input data must result in the same hash output every time hashing is carried out - i.e., hashes must be unique .
    This assertion still holds even if the hash is been salted and the salt happens to be changed though the equality may become technical.
  2. A minute alteration in an input data should lead to a very large difference in the hash output.
  3. Hashes may be made to be of fixed length or in a particular length range; So that a hash of an input of say 5 characters will be the same as that with 1005 characters.
    I.e., length(hash(character_length_5)) = length(hash(character_length_1005)) .

Application of Hash Algorithms

If two parties intend to communicate securely with a Public Key - Private Key set-up over the Internet, the only uncertainty they will face will be who exactly is the author of a particular message, since a Public Key is accessible to everybody and anybody on the Internet and files sent over the Internet - or any other network for that matter - can be intercepted (and changed - since the Public Key for encrypting messages is available to everyone) by a suitably placed third party on the network.
This is where Hash Algorithms come into play.

Now since hashes should both be unique and non-revertible, the first party produces a hash of his message first and encrypts this hash value using his Private Key before encrypting his message proper using the Public Key of the second party.
The first party sends both message and hash value to the second party.
When the second party receives the message and message hash value in encrypted forms, he decrypts the message using his private key and the hash value using the public key of the first party; carries out a fresh hash on the message, and compares his fresh hash and the sent hash.

If both hashes correspond, then the authenticity of the message has been verified - i.e., the message could only have been authored by the first party since even if the message was intercepted, and a change attempted, the hash value could not be changed unless the intercepting party has knowledge of the first party's Private Key.

Passwords to online user accounts are also widely hashed before they are committed to databases.
Every time a user tries to log into his/her account, the entered password is hashed before been compared to the hash value in the application's database.

As hash values, if the security of a web application were to be breached and user account details were stolen, these accounts cannot be compromised since hash values are non-revertible.
It has to be mentioned though that common passwords can still be made out by comparing the stolen hash values to hash values for known common passwords.


Create a new class file;
Call it Hashes.
Type out the adjoining C# Hashing Algorithm.


Important: BigInteger is inbuilt in C#.
You only need to use the System.Numerics library.

You might have to add the above library in the reference section - Project >> Add Reference...; tick off System.Numerics - to be able to use it.









<< PreviousNext >>