Hashing is a method which takes a set of information, usually sensitive data, and makes it into another set of data which cannot be reversed. Because this information is not reversible, to check if the information is correct, you must compare the results of your hashing algorithm.
Minor changes in the information you’re hashing will drastically change the results. This makes it almost impossible to see any pattern within hashing algorithms, and makes them very hard to break.
There are several different types of hashes, and several ways to interact with them to make data more secure.
Not All Hashes are Perfect
Typically, developers use a hashing algorithm called MD5. However, MD5 is old and used more often than it should be. Although MD5 is not reversible, it has a high degree of collision and it is open to rainbow tables or brute force attacks.
This means that people will make a huge list of hashes, and compare them with the hash they’re trying to break. Once they find out what went into making a hash, they will know what the original information was, and thus, the hash was broken.
One solution to this is something called a “salt.” This is where you append some additional information onto the information you’re trying to hash. For example, if you were trying to hash “the quick brown fox jumps over the lazy dog,” you will get something that can be compared to a rainbow table, and easily broken.
However, with salting, you can add another layer of complexity. If you use the same rules going into the hashing algorithm, the comparison will return true every time. For example, let’s say we want to append some information prior to our information, after it, and replace all of the spaces with another set of characters. We will use the same information, but this time, we will salt that information:
If we apply these rules every time, we will get far more secure data, as people will rarely have this random string of characters hashed ahead of time, waiting to compare it
There also rates of collision. Because we occasionally take large bits of information, and turn them into a smaller grouping of information, there is a chance minor changes will not affect the results of our hash. This is potentially dangerous with things like SSL certificates, and other applications which use hashing in order to verify identity or legitimacy of information.
There are better hashing algorithms out there. MD5 is widely used online, and is more open to things like brute force and rainbow table type attacks, even with salting. A good alternative is the SHA2 grouping of hashing algorithms. There are many alternatives, each with their own benefits and drawbacks. You should read into your choice carefully, but at the end of the day, just don’t use MD5.