Hi,
hash is a kind of fingerprint for digital information. When you have digital
information available you can always find its fingerprint (simply by
applying hash algorithm). Having just a fingerpring without corresponding
digital information is totally useless by it-self in general case, but it
may be quite usefull if that fingerprint belongs to some of the documents in
your system and you have index with these fingerprints available.
Additionally you may send fingerprint (protected from tampering) together
with digital information as assertion of authentity of this digital
information. How strong this assertion is and what trust can we put in it
depends on how did you protect transmitted fingerprint from tampering. Usual
tamper protection scheme used for protocols that involves exchange of
digital information together with hash is following: the hash is encrypted
with well protected private key (wich should be never shared with other
parties), and receiver can decrypt that hash by using public key (wich is
shared among all parties) and than compare result of decryption to the hash
that (s)he compute on received data. If both hashes are the same - received
digital information could be trusted in the same extent as the amount of
trust that you can put on the authentity of received ecrypted hash (ie
considering how strong private key is, how strong encryption scheme is, what
is possiblity of private key being stolen, and so fourth).
-Valery.
See my blog at:
http://www.harper.no/valery
according to their defination a hash is
A mathematical formula that converts a message of any length into a unique
fixed-length string of digits (typically 160 bits) known as "message digest"
that represents the original message. A hash is a one-way function - that
is, it is infeasible to reverse the process to determine the original
message. Also, a hash function will not produce the same message digest from
two different inputs.
then how is the original message retrieved?
thanx
