Chapter 3: Introduction to Technological Aspects of Privacy

Hashing, Salt and Digital Signatures

Hashing is a one-way function producing an output that does not reveal the input, used for pseudonyms and integrity checks. Plain hashes can be defeated by lookup tables, so organizations add salt. Digital signatures use Alice's private key to prove a message is unchanged.

Hashing is one-way (like turning a potato into hash browns - you cannot reverse it). It can create pseudonyms (e.g. hashing a patient's name and date of birth) and verify integrity, since the same input always yields the same hash.

Hashing can be defeated - add salt

An attacker can build a table of hashed outputs for every possible Social Security number and then look up the SSN matched to each hash. Adding 'salt' to the hash (approximating an encryption key) makes this lookup attack much harder. A hash without salt may not protect short strings like SSNs.

Key terms - quick answers

What is “Hashing”?

A one-way cryptographic function that transforms an input into an alphanumeric output that cannot be reversed back to the original.

What is “Salt”?

Added input to a hash (approximating an encryption key) that makes lookup-table attacks against the hash much more difficult.

What is “Digital signature”?

A string Alice creates with her private key; if Bob's application of her public key yields readable plaintext, the message is verified as unchanged.

← Encryption: Symmetric, Asymmetric, Certificates and PKI Cybersecurity Foundations: The CIA Triad →