What is Cryptography Hash Function?

A cryptographic hash function (CHF) is an equation that is widely used to verify the validity of
data. It has many applications, particularly in information security (e.g. user authentication). A
CHF translates data of various lengths of the message into a fixed-size numerical string the
hash. A cryptographic hash function is a single-directional work, making it extremely difficult to
reverse to recreate the information used to make it.

How Does a Cryptography Hash Function Work?

• The hash function accepts data of a fixed length. The data block size varies between
algorithms.

• If the blocks are too small, padding may be used to fill the space. However, regardless of
the kind of hashing used, the output, or hash value, always has the same set length.

• The hash function is then applied as many times as the number of data blocks.

What Does a Cryptography Hash Function Do?

A hash function in cryptography takes a plaintext input and produces a hashed value output of a
particular size that cannot be reversed. However, from a high-level viewpoint, they do more.

• Secure against unauthorized alterations: It assists you in even minor changes to a

message that will result in the generation of a whole new hash value.

• Protect passwords and operate at various speeds: Many websites allow you to save
your passwords so that you don't have to remember them each time you log in.
However, keeping plaintext passwords on a public-facing server is risky since it exposes
the information to thieves. Websites commonly use hash passwords to create hash
values, which they then store.

Applications of Cryptographic Hash Functions

Below are some applications of cryptography hash functions

Message Authentication

• Message authentication is a system or service that verifies the integrity of a

communication.

• It ensures data is received precisely as transmitted, with no modifications, insertions, or

deletions, a hash function is used for message authentication, and the value is
sometimes referred to as a message digest.

• Message authentication often involves employing a message authentication code

(MAC).

• MACs are widely used between two parties that share a secret key for authentication
purposes. A MAC function uses a secret key and data block to generate a hash value,
that identifies the protected communication.
Data Integrity Check

• Hash functions are most commonly used to create checksums for data files.

• This program offers the user with assurance that the data is correct.

• The integrity check allows the user to detect any modifications to the original file.

• It does not assure uniqueness. Instead of altering file data, the attacker can update the
entire file, compute a new hash, and deliver it to the recipient.

Digital Signatures

• The digital signature application is comparable to message authentication.

• Digital signatures operate similarly to MACs.

• Digital signatures encrypt message hash values using a user's private key.

• The digital signature may be verified by anybody who knows the user's public key.

Advantages of Having a Firewall

A firewall is a security system that controls the traffic flowing in and out of a network. It helps
protect systems and data from various online threats. The main advantages of having a firewall
are:

1. Access Control: Firewalls decide what data can enter or leave a network, ensuring only
authorized users and systems can connect.

2. Protection from External Threats: Firewalls block malicious traffic, like hackers,
viruses, and malware, from entering the network and causing harm.

3. Monitoring and Logging: Firewalls keep track of all network activity, which helps to spot
suspicious behavior and provide records for security checks.

4. Enforcing Security Policies: Firewalls make sure the network follows security rules,
allowing only specific types of traffic and blocking harmful or unnecessary ones.

5. Protecting Internal Resources: Firewalls prevent unauthorized users from accessing

internal systems and sensitive data, safeguarding the network.

6. Preventing Data Leaks: Firewalls can block the flow of confidential data outside the
network, preventing data theft or leakage.

7. Filtering and Segmentation: Firewalls can filter traffic based on rules and segment the
network, isolating sensitive areas to make them harder to attack.
Design Issues for Firewalls

When designing a firewall, several important factors need to be considered to ensure it works
well and offers proper security. Here are some key design issues:

1. Type of Firewall:

o Packet-Filtering Firewalls: Check each piece of data (packet) that comes into
or leaves the network and decide whether to allow it based on simple rules (like
IP addresses).

o Stateful Firewalls: Keep track of ongoing connections and make smarter

decisions about what traffic to allow or block.

o Proxy Firewalls: Act as a middleman between the internal network and external
users, hiding the network’s details for extra security.

o Next-Generation Firewalls (NGFW): Offer advanced features like blocking

harmful applications and detecting threats deeper in the traffic.

2. Performance and Scalability: The firewall must be fast and handle large amounts of
data without slowing down the network. It should also be able to grow with the network
as it expands.

3. Granularity of Access Control: Firewalls need to find a balance between being too
strict and too lenient. Too many rules might block legitimate traffic, while too few can
allow attacks.

4. Rule Set Complexity: Setting up rules for a firewall must be clear and simple. Complex
or poorly set rules can create security risks or lead to operational problems.

5. Ease of Configuration and Management: Firewalls should be easy to configure and

maintain. A difficult-to-manage firewall can create gaps in security, making it harder to
react to threats.

6. Integration with Other Security Systems: Firewalls should work together with other
security tools like antivirus software and intrusion detection systems to offer better
protection.

7. Network Address Translation (NAT): NAT hides internal network addresses from
external networks, but it may complicate some services that need direct access, like
video calls or peer-to-peer connections.

8. Redundancy and High Availability: To avoid downtime, firewalls should be designed

with backups or failover systems so that if one firewall fails, another can take over
without disrupting security.

9. Transparency and Stealth: Firewalls should not reveal information about the internal
network to attackers, making it harder for them to find weaknesses.

10. Encrypted Traffic Inspection: With more traffic being encrypted (like HTTPS), firewalls
must be able to check this encrypted data for hidden threats without compromising
privacy.
Feature Substitution Cipher Transposition Cipher

Substitution ciphers replace each Transposition ciphers rearrange or

Definition element of the plaintext with another permute the elements of the plaintext
symbol (letter, number, etc.). without changing the actual symbols.

Each symbol in the plaintext is The positions of symbols in the plaintext

Encryption
substituted with a corresponding are shuffled based on a specific rule or
Method
symbol from a key or rule. key.

Type of Substitution changes the symbol Transposition changes the position of

Change itself. symbols.

The characters or symbols are

Effect on The order of characters or symbols is
replaced, but their order remains the
Message changed, but they remain the same.
same.

Example of Caesar Cipher, Atbash Cipher, Rail Fence Cipher, Columnar

Cipher Monoalphabetic Cipher. Transposition Cipher.

Generally less secure, as patterns Can be more secure as it relies on

Strength (e.g., frequency of letters) can be rearranging the text, making it harder to
analyzed to break the code. detect patterns.

Decryption Requires knowing the substitution Requires knowing the exact method for
Process rule or key. reversing the rearrangement.

Substitution Cipher Example: Caesar Cipher

In a Caesar cipher, each letter in the plaintext is shifted by a certain number of positions in the
alphabet.

Example:

• Plaintext: HELLO

• Shift by 3 positions (the key): KHOOR

In this case, each letter of the plaintext is replaced by the letter three positions later in the
alphabet:

• H→K

• E→H

• L→O

• L→O

• O→R

So, the encrypted text is KHOOR.

Transposition Cipher Example: Rail Fence Cipher

In a Rail Fence cipher, the letters of the plaintext are written in a zigzag pattern across multiple
"rails" (rows) and then read off row by row to create the ciphertext.

Example:

• Plaintext: HELLO WORLD

• Key: 3 (using 3 rails)

Step 1: Write the message in a zigzag pattern across 3 rails.

H...O...R...

.E.L.W.L.D.

..L...O....

Step 2: Read off the rows to create the ciphertext.

• Rail 1: HOR

• Rail 2: ELWLD

• Rail 3: LO

So, the ciphertext is HOR ELWLD LO.

Feature Hashing Encryption

Used to generate a fixed-size Used to convert plaintext into ciphertext to

output (hash) from input data. It's keep the data confidential. It's mainly used
Purpose
mainly used for verifying data for securing data during transmission or
integrity. storage.

Irreversible – once data is Reversible – encrypted data can be

Reversibility hashed, it cannot be converted decrypted back to its original form using a
back to its original form. key.

Produces a fixed-length output,

Output Produces variable-length output, depending
regardless of the size of the input
Length on the algorithm and key used.
data.

No key is used – the process is

Requires a key for encryption and
Key Usage deterministic (same input always
decryption.
gives the same output).

Protecting sensitive data, securing

Verifying data integrity, password
Use Cases communication (e.g., SSL/TLS), and
storage, digital signatures, etc.
encryption of files.

Examples MD5, SHA-256, SHA-1 AES, RSA, DES, 3DES

Faster, as it involves simpler Slower, as it involves more complex

Speed
mathematical operations. encryption algorithms.

The output is usually a hash (e.g., The output is ciphertext, which is the
Output
256-bit hash in SHA-256). encrypted version of the original data.

Hashing Algorithm Explanation

A hashing algorithm is a mathematical function that takes an input (or "message") and
produces a fixed-size string of characters, which is typically a digest that uniquely represents
the data.

The important features of a hashing algorithm include:

1. Fixed Output Size: Regardless of the input size, a hashing algorithm always produces a
fixed-length output (e.g., 256-bit or 512-bit). This is useful for comparing large files or
verifying data without needing to store the full input.

2. Deterministic: For the same input, a hashing algorithm will always produce the same
output. This property is useful for checking data integrity and consistency.

3. Collision Resistance: It is very hard to find two different inputs that produce the same
hash output (this is known as a collision). A good hashing algorithm minimizes the
chance of collisions.
 4. One-Way Function: It is computationally infeasible to reverse the hash back to the
original input. This is why hashes are used for things like password storage – even if
someone sees the hash, they cannot retrieve the original password.

5. Small Change in Input, Big Change in Output: A minor change in the input (even
changing one letter) results in a completely different hash. This ensures that even small
data changes are easily detectable.

What is Cryptography?

Cryptography is the practice of securing communication and information through the use of
mathematical algorithms. It is used to protect the confidentiality, integrity, authenticity, and
non-repudiation of data during transmission or storage. In simpler terms, cryptography is about
keeping information safe and ensuring that only authorized individuals can access it or alter it.

Cryptography plays a vital role in various fields such as securing online banking, e-commerce,
military communication, and data privacy. It ensures that sensitive information such as
passwords, credit card details, and personal messages is protected from unauthorized access
or tampering.

Types of Cryptographic Algorithms

Cryptographic algorithms are the mathematical procedures used to encrypt and decrypt data.
They can be divided into several categories based on how they function and their purpose. The
main types of cryptographic algorithms are:

1. Symmetric Key Algorithms (also known as Secret Key Cryptography):

o In symmetric key algorithms, the same key is used for both encryption and
decryption. Both the sender and the receiver must have the same secret key.

o Example: AES (Advanced Encryption Standard), DES (Data Encryption

Standard).

o Advantages: These algorithms are generally faster and efficient for large
amounts of data.

o Disadvantages: The biggest challenge is securely sharing the key. If the key is
intercepted, the entire communication is compromised.

Example:

o AES: A widely used symmetric encryption standard, known for its efficiency and
strong security. AES supports key sizes of 128, 192, or 256 bits.
2. Asymmetric Key Algorithms (also known as Public Key Cryptography):

o Asymmetric encryption uses two different keys: a public key (used for
encryption) and a private key (used for decryption). The public key can be freely
distributed, while the private key is kept secret.

o The main benefit of asymmetric encryption is that it solves the key distribution
problem. Even if the public key is intercepted, only the private key can decrypt
the message.

o Example: RSA, ECC (Elliptic Curve Cryptography).

o Advantages: The key distribution problem is solved because the private key
never needs to be shared.

o Disadvantages: These algorithms are slower and less efficient for encrypting
large amounts of data.

Example:

o RSA: One of the most common asymmetric encryption algorithms, used for
secure data transmission. It relies on the difficulty of factoring large prime
numbers.

3. Hash Functions:

o Hash functions are cryptographic algorithms that take an input (or "message")
and return a fixed-length string of characters, which is typically a hash value or
hash code. Hashing is one-way (it cannot be reversed) and is commonly used
for verifying data integrity and storing passwords securely.

o Example: SHA-256 (part of the SHA-2 family), MD5 (though MD5 is considered
weak now).

o Advantages: Hashing is very fast and used to ensure data integrity.

o Disadvantages: Once data is hashed, it cannot be converted back to its original

form.

Example:

o SHA-256: A cryptographic hash function used to produce a 256-bit hash value.

It's widely used in blockchain technology and digital certificates.
Public key infrastructure or PKI is the governing body behind issuing digital certificates. It helps
to protect confidential data and gives unique identities to users and systems. Thus, it ensures
security in communications.

The public key infrastructure uses a pair of keys: the public key and the private key to achieve
security. The public keys are prone to attacks and thus an intact infrastructure is needed to
maintain them.

Managing Keys in the Cryptosystem:

The security of a cryptosystem relies on its keys. Thus, it is important that we have a solid key
management system in place. The 3 main areas of key management are as follows:

• A cryptographic key is a piece of data that must be managed by secure administration.

• It involves managing the key life cycle which is as follows:

• Public key management further requires:

o Keeping the private key secret: Only the owner of a private key is authorized to
use a private key. It should thus remain out of reach of any other person.

o Assuring the public key: Public keys are in the open domain and can be publicly
accessed. When this extent of public accessibility, it becomes hard to know if a
key is correct and what it will be used for. The purpose of a public key must be
explicitly defined.

PKI or public key infrastructure aims at achieving the assurance of public key.

Key Functions of PKI in Public Key Encryption

1. Key Generation:

o PKI provides tools and protocols for generating a pair of keys (public and private)
securely. These keys must be mathematically related, and the private key must
remain confidential while the public key is shared with others.

o Example: The RSA algorithm is commonly used within PKI for key generation.
 2. Key Distribution:

o The public key must be shared with the communicating parties, and PKI provides
a way to distribute public keys securely. Without PKI, sharing public keys
securely can be difficult, as attackers might impersonate others and provide
fake keys.

o Role of PKI: PKI ensures that a public key truly belongs to the claimed entity by
using digital certificates, which link the public key to the identity of its owner.

3. Digital Certificates:

o PKI uses Digital Certificates to validate the identity of users, systems, or

organizations. A digital certificate binds a public key to an individual or entity,
assuring that the public key belongs to the claimed owner.

o These certificates are issued and signed by Certificate Authorities (CAs), trusted
third parties that vouch for the identity of the public key owner.

Example: When you visit a website with HTTPS, the server's identity is verified by a digital
certificate, which contains the server’s public key.

4. Certificate Authorities (CA):

o Certificate Authorities (CAs) are trusted entities within PKI that issue and sign
digital certificates. The CA verifies the identity of the entity requesting the
certificate and ensures that the public key is properly associated with that entity.

o The CA is critical for making public key encryption secure because it ensures
that the public keys exchanged between parties are authentic.

5. Digital Signatures:

o PKI is also used for creating and verifying digital signatures, which are a
combination of public key encryption and hashing. A person can sign a
document using their private key, and anyone can verify the signature using their
public key.

o This is useful for ensuring the authenticity and integrity of messages or

documents.