eli5: Lots of websites will have a file hash you can use to verify file integrity; computationally speaking how is this created? Do you really need to inspect every character or just make sure the first and last few are correct? For well known programs should you verify the hash with a third party?
In: 3
A hash is a one way function – the same input will always create the same output but there is no way to get the input even if you know the output and the function. It absolutely has to be checked in it’s entirety to verify a password.
Here’s a simple (and not very secure) example. Your ATM PIN is 1234. The hash function gives you the last two digits. So, you would put in your PIN and the hash would say “34”, which the ATM checks against the number stored. If that is also 34, you can get your money out. Note that knowing that your hash is 34 still doesn’t tell you what the original PIN is – it could be 3434 or 8134 or many other options that are wrong.
Latest Answers