shockrah/csnotes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

note about hashing guarantees in 312 hashing notes

Browse Source
This commit is contained in:
shockrahwow 2019-10-22 11:06:40 -07:00
parent 5e934bca1d
commit 0c606cf985
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
312/notes/hash.md
View File

@ -34,5 +34,5 @@ In English: _Only inputs can find outputs, not the other way around._
_Hashes are not secure ffs_. When we say authentication we really mean that we are checking to ensure there has been no changes to the original message. _Hashes are not secure ffs_. When we say authentication we really mean that we are checking to ensure there has been no changes to the original message.
_NOTE:_ this really doesn't guarantee anything in communications susceptible to man-in-the-middle attacks. _NOTE:_ this really doesn't guarantee anything in communications susceptible to man-in-the-middle attacks.
Let's get real for minute: Think of it this way a message is like a car and the key is our hash. If the key doesn't fit in the slot then its not our car, **but** if we sent our car + key oversees whoever steals the car + key has full control and we lose security effectively. Using SSL is _kinda_ like putting that car + key combo in a box that nobody except the recipient can open. **Let's get real for minute:** Think of it this way a message is like a car and the key is our hash. If the key doesn't fit in the slot then its not our car, **but** if we sent our car + key oversees whoever steals the car + key has full control and we lose security effectively. Using SSL is _kinda_ like putting that car + key combo in a box that nobody except the recipient can open.