I know there are plenty of materials for this question. But I just can’t help but stuck in data retrieval question. If I know the hash key of hashed data , do I have access to it ?
E.g
`DECLARE @HashThis NVARCHAR(32)`
`SET @HashThis = ‘data’`
`SELECT HASHBYTES(‘SHA2_256’, u/HashThis);`
Let’s imagine hash key is 0x741238C01D9DB821CF171BF61D72260B998F7C7881D90091099945E0B9E0C2E3
Now, if I know this hash key, do I have access to data ?Basically, all attacker needs to know is this hash key ?
If it is not about key and I need algo to get hashed data, then what stops attackers from using this algorithm
In: 1
Hashing is just a complicated mathematical operation that you can’t reverse, it’s a one way thing. many math operations are applied to the thing you want to hash, and after it’s over it will give you something that can’t be remade with any other input.
There is no hash key or anything, there is a list of instructions called an algorithm that just tell us the math function, we just input the stuff into the function and we get the output, only way for an attacker to reverse a hash is to try every possible input, until they produce the same hash.
A hash function is a one way function. Given the data, it is possible to compute the hash. But going the other way is not possible. So suppose I have a file and I publish the hash for it. Another system can compute the hash and see that the file has not been changed, because they get the same hash.
In your case, they can’t go backwards from your hashkey to the original data. This is often used for passwords. So I input my password when I create an account. If they just stored the password, then if someone stole the password file, they could log in as me. But if instead they store the hash, an attacker can’t go backwards from the hash to my password. But the system can take the password I type when I log in, hash it and compare the hash to the one in the password file. If they match it is the same password and they let me in.
Latest Answers