Uses for Cryptographic Hashing
Lecture, Dr. Lawlor
The biggest use of hashing in cryptography is to detect changes to
But hashing also has lots of other uses:
- To detect changes to software downloads, it's common to
include a hash as a checksum. For example, here's the GnuPG download page,
with SHA-1 hashes.
- To detect changes to a network run requests, I use SHA-1
checksum as a message
authentication code for NetRun's backend servers
- To detect changes to an issued https certificate, the
certificate ships with SHA-256 and SHA-1 "fingerprints".
- To "whiten" the output of a pseudorandom noise algorithm (make
it more like "white
noise"), you can compute a hash of the noise pool.
This works because hash algorithms output very random-looking
output, by mixing all the entropy in the input message.
- To reduce the chance of a data breach revealing user's
passwords, it's considered a good idea to only store the hash of
the password, not the bare password. To prevent attackers
from just looking up the hash in a precomputed table of hashes
(a rainbow table), it's common to add an unpredictable salt
- To assert the existence of something without revealing it, you
can publish only the hash. This could be used to publish
the terms of a contract, establish priority on an invention, or
establish existence for "grandfather exemption" laws. To
selectively reveal parts, you can build a tree of hashes, known
as a Merkle
- BitCoin uses the SHA-256 hash as a "proof of computational
work": you win some bitcoins (currently 25BTC, about $300) if
you can find a number to add to the
current block that hashes to produce enough leading zeros.