Hash functions and digital signatures

Hash Functions and Digital Signatures—two core topics in Information Security that work closely together to ensure data integrity, authenticity, and non-repudiation.

🔑 Hash Functions

🧠 What is a Hash Function?

A hash function is a mathematical algorithm that takes input data of any size and produces a fixed-size output (called a hash or digest).

🔍 Key Properties of Good Hash Functions:

🔧 Common Hash Algorithms:

• MD5 – obsolete (not secure)
• SHA-1 – weak, not recommended
• SHA-256 / SHA-3 – widely used, strong security

✅ Uses of Hash Functions:

• Password storage (hashed, not plain text)
• Data integrity (detect tampering)
• Digital signatures (paired with encryption)
• File integrity checks (e.g., software downloads)

✍️ Digital Signatures

🧠 What is a Digital Signature?

A digital signature is a cryptographic technique that verifies:

1. Authenticity – who sent the message
2. Integrity – the message wasn’t altered
3. Non-repudiation – the sender can't deny sending it

🔄 How Digital Signatures Work (Simplified):

1. Sender creates a hash of the message.
2. Sender encrypts the hash using their private key → this is the digital signature.
3. Sender sends the message + signature.

🛡️ On the receiver’s side:

1. Receiver decrypts the signature using the sender’s public key → gets the original hash.
2. Receiver hashes the message themselves.
3. If both hashes match → ✅ message is authentic and untampered.

🔧 Algorithms Used:

• RSA
• DSA (Digital Signature Algorithm)
• ECDSA (Elliptic Curve DSA)

📦 Real-World Use Cases:

• Email signing (PGP, S/MIME)
• Software distribution (signed executables)
• Digital certificates (SSL/TLS)
• Blockchain transactions

🔁 Relationship Between Hash Functions & Digital Signatures:

🧠 Analogy:

Think of a hash like a fingerprint of a file.
A digital signature is like a fingerprint that's been stamped with your unique seal (private key), proving it’s yours and hasn’t been altered.