Why do we need a hash function, what do the numbers that it returns, and how and what tasks can be solved with it?

  • as a rule for data encryption - johniek_comp
  • 7
    @johniek_comp, hope you are joking. - Dex

3 answers 3

How do you like that answer?

The benefit of hashing is that the inverse transform is almost impossible. Almost, because the power grows and with a lot of desire and some investment, you can even find out what is cached there.

PHP examples, but I think you’ll figure it out.

The simplest example is md5() , which is no longer recommended without salts.
During registration:

 $user_name = $_POST['user_name']; // получаем имя (!) $password = $_POST['password']; // получаем пароль (!) $password = md5($password); // хэшируем save_to_db($user_name, $password); // сохраняем их в БД 

When logging in:

 $user_name = $_POST['user_name']; // получаем имя $password = $_POST['password']; // получаем пароль $correct_pass_hash = load_user_passhash($user_name); // загружаем пароль из БД if ($correct_pass_hash == md5($password)) // проверяем совпадают ли хэши $logged = TRUE; 

The idea is that the hash should theoretically be unique for a unique data set, so there is no need to store the password in its pure form - enough hash.

Exclamation marks in the comments due to the fact that you can not take data directly from the user. There must be some kind of validation.

The second example is mail activation.
When sending an activation letter:

 $hash_link = md5($user_email.$user_id.$current_time); // создали уникальную ссылку $body = "Перейдите сюда, чтобы активировать почту http://example.com/act/$hash_link"; send_mail($user_email, $body); // отправили почту 

When switching user:

 $user = get_user_by_hashlink($hash_link); activate_user($user); 

What to read

  • Can you give an example of a simple program using a hash function? - klast
  • one
    @klast Hash a large file, transfer it through an unreliable environment, and hash it on the recipient side. If the hashes have matched - the file is transferred completely, without damage - neoascetic
  • 2
    @neoascetic, you can say that the file was transferred without damage, but not 100% say this. - Dex
  • we hash the passwords of registered users before entering the database, firstly all passwords have a fixed length, and secondly, even if the attackers get a base, it will be more difficult to get the passwords themselves - Specter
  • 2
    CRC by its definition is, of course, also a hash function. That is, let's say, not every hash function is a cheksumma, but any cheksumma is a hash function. - Costantino Rupert

Hash codes have a very wide application. Examples:

  1. Check file integrity. We consider a certain function from the input data set and save its value. If at the next recalculation the value has changed - the file has changed. This may indicate that a failure occurred during its transfer or during storage. Well, or someone changed it.
  2. Storing passwords in the database. As you know, in the database passwords to keep in an open form is a very bad idea. The fact is that the database can break and then the hacker will be able to learn all the passwords. To prevent this from happening, password hashes are stored in databases. And hashes are already compared. The hashes are the same - it means that the user entered the password correctly. In this case, hash collisions are usually ignored.
  3. Hashes are still very convenient to use as an index to search for any non-trivial data. But it echoes item 1. For example, there are hundreds of thousands of lines and among them are the same. Instead of comparing each with each, it is easier to count the hashes and break them into groups with the same hash. It is clear that the lines with different hash will be a priori different, but inside the group you will have to make a character-by-character comparison.

There are many more examples ....

    Another hash is used in memkesh, the request is hashed, the data is cached. Later on this hash, the data is retrieved from the cache.