why hash functions are not used for encryption but authentic...

<< Back to: Cryptography FAQ (01/10: Overview)

Answer by OnyxBlack
Submitted on 6/16/2004
Rating:	Rate this answer:
There's a problem when authentificating: If you're not all that interested in hiding your message from public eyes, but want to give your partner at the receiving end the possibility to verify that the message actually was from YOU, the easiest possibilty would be to encrypt your message with your own private key, and then sending it to your partner. Anyone would be able to decrypt the message using your publicly available public key, but that's not the point. the point is that your partner simply has to try to decrypt the encrypted message with YOUR public key. if it works, then there's no doubt that the message is from you, since nobody but YOU has the neccessary secret key to encrypt the message so that it can be decrypted with the according public key. Sounds complicated, but'sits quite an easy Idea. Now to the problem: if you have a large message, i.e. a 100 page document, and want to authentificate it (give it your "signature") without encrypting it, you'd still have to encrypt it and your partner would have to decrypt it, wich would be a timeconsuming process with large documents. To save time and let your partner access the document immediately, you dont have to "sign" (i.e. encrypt) the document itself. Instead, you create a message digest (MD) (i.e. hash) of your document. an MD is unique, each document creates a unique MD (think of it as a summary of your document). If you change even one charakter of the document, the resulting MD would differ from the original one you created. The MD is far smaller in size (seldomly over 20 byte) than the document, and encrypting it doesnt take much time. So you simply create the MD, encrypt it with your private key, send it to your partner together with the document. He can instantly read the document, and if he doubt's that it really is your document, he simply has to decrypt the MD (which is a fast process at 20byte), create the MD of the document he received, and compare the two of them. If they're identical, than a) it for sure is YOUR document, since it was encrypted with YOUR private key and b) it hasn't been modified, or else the MD created by the partner would differ from the MD you sent him. That's the whole Idea. I hope it wasn't too complicated. It's hard to put it in words or text, but once you've gotten behind the idea, it's really easy to imagine...

FAQS.ORG makes no guarantees as to the accuracy of the posts. Each post is the personal opinion of the poster. These posts are not intended to substitute for medical, tax, legal, investment, accounting, or other professional advice. FAQS.ORG does not endorse any opinion or any product or service mentioned mentioned in these posts.

<< Back to: Cryptography FAQ (01/10: Overview)

[ Home | FAQ-Related Q&As | General Q&As | Answered Questions ]

Question by bab
Submitted on 8/16/2003
Related FAQ: Cryptography FAQ (01/10: Overview)
Rating:	Rate this question:
why hash functions are not used for encryption but authentication

Answer by Praveen Gauravaram
Submitted on 1/21/2004
Rating:	Rate this answer:
Encryption is done by ciphers that have a secret key or public key algorithms. Hash function's job is not to encrypt but to condense the large messages.

Your name or nickname:
If you'd like to create a new account or access your existing account, put in your password here:
Your answer: