Encryption, Hashing, Digital-Signature : Get them Right (2024)

Encryption, Hashing and Digital Signature - Get them Right.

Learning via some use cases:

To safeguard customer login credentials from unauthorized access, which cryptographic technique should the company use for storing user passwords?

(A) Encryption using a symmetric key algorithm

(B) Encryption using a public-key algorithm

(C) One-way hash functions

(D) Digital signatures

Explanation: Storing passwords as plain text is a security risk. Instead, the company should use one-way hash functions to convert passwords into unique, irreversible hashes. This prevents unauthorized access even if the hashes are leaked, as the original passwords cannot be reconstructed.

To protect customer financial data from unauthorized access, modification, or disclosure, which cryptographic techniques should the company use in conjunction with each other?

(A) Encryption using a symmetric key algorithm and authentication using digital signatures

(B) Encryption using a public-key algorithm and integrity checking using hash functions

(C) Encryption using a public-key algorithm and non-repudiation using digital signatures

(D) Integrity checking using hash functions and non-repudiation using digital signatures

Explanation: Encryption using a public-key algorithm ensures confidentiality, while integrity checking using hash functions ensures that data remains unchanged. This combination provides comprehensive protection for customer financial data.

To prevent a malicious attacker from impersonating a legitimate user and accessing customer accounts, which cryptographic technique should the company use to verify the identity of users before granting access to the application?

(A) Encryption using a symmetric key algorithm

(B) Encryption using a public-key algorithm

(C) Digital signatures

(D) Hash functions

Explanation: Digital signatures tie a piece of data to a specific user's identity, ensuring that it hasn't been tampered with or spoofed. When a user logs in, the application can verify the authenticity of the login request by verifying the digital signature attached to it.

E-signatures for legal documents

Explanation: When digitally signing legal documents, such as contracts or agreements, it is important to use both digital signatures and encryption to ensure that the documents are both authentic and confidential. Digital signatures verify the identity of the signer and ensure that the document has not been tampered with, while encryption protects the document from unauthorized access.

And so is Electronic health records (EHRs) business use case.

Hope, Encryption, Hashing and Digital Signature use cases are well understood now.

Encryption

Encryption is the process of converting plain text data into an unreadable format known as ciphertext. This prevents unauthorized parties from accessing the data's content without the correct decryption key. Encryption algorithms use complex mathematical functions to scramble the data in a way that is computationally infeasible to reverse without the key. There are two main types of encryption:

1. Symmetric-key encryption: This method uses a single key for both encryption and decryption. The key can be shared between the sender and receiver, or it can be generated and distributed using a secure channel.
2. Public-key encryption: This method uses a pair of mathematically related keys: a public key and a private key. The public key is shared with anyone who needs to send encrypted messages to the owner of the key pair, while the private key remains confidential. Only the owner of the private key can decrypt messages encrypted with the public key.

Hashing

Hashing is the process of transforming data of any size into a fixed-length string of characters known as a hash value. This value uniquely represents the input data but does not provide any information about the original data. Hashing is used to verify the integrity of data, ensuring that it has not been altered or tampered with. If the hash value of the original data matches the hash value of the received data, it means that the data has not been corrupted during transmission.

Hashing algorithms are designed to be one-way functions, meaning that it is computationally infeasible to reverse the hashing process and derive the original data from the hash value. This makes hashing a secure way to verify the integrity of data without revealing the actual contents.

Digital Signature

A digital signature is a mathematical scheme that allows a sender to verify the authenticity and integrity of a message or document. It combines encryption and hashing techniques to achieve the goals:

1. Authentication: The digital signature confirms that the message or document originated from the claimed sender.
2. Integrity: The digital signature verifies that the message or document has not been altered or tampered with since it was signed.
3. Non-repudiation: The digital signature binds the sender's identity to the message or document in a way that cannot be forged. This means that the sender of a message or document cannot later deny having sent it or having signed it.

To create a digital signature, the sender uses their private key to encrypt a hash of the message or document. This encrypted hash value is then attached to the message or document as the digital signature. The recipient can verify the signature using the sender's public key. If the signature is valid, it means that the message or document originated from the claimed sender and has not been altered since it was signed. This prevents the sender from repudiating their signature and the message.

In summary, encryption protects data confidentiality, hashing verifies data integrity, and digital signatures authenticate the sender and the integrity of the message or document. Non-repudiation is a powerful security feature that is an additional benefit of digital signatures. It plays a crucial role in securing digital communication and safeguarding sensitive information.