You\u2019ll notice that all the hashes here are 40 characters long, which is unsurprising given that in each case the input is five characters long. However, more surprisingly, entering every word of this story so far into the hash generator returns the following hash: db8471259c92193d6072c51ce61dacfdda0ac3d7. That\u2019s some 1,637 characters (with spaces included) condensed down \u2013 just like the five-character words above \u2013 into a 40 character output. You could SHA-1 hash the collected works of William Shakespeare and still end up with a 40-character output. Furthermore, no two inputs yield the same hashed output.<\/p>\n
Here\u2019s a picture courtesy of Wikimedia Commons illustrating the same concept for those of you who prefer visual learning:<\/p>\n
What are hashes used for?<\/b><\/p>\n Great question. Unfortunately, the answer is that crypto hashes are used for a whole lot of things.<\/p>\n For me and you, the most common form of hashing has to do with passwords<\/a>. For example, if you ever forget your password to some online service, you will likely have to perform a password reset. When you reset your password, you generally don\u2019t receive your plaintext password in return. That\u2019s because the online service doesn\u2019t store your plaintext password. They store a hash value for that password. In fact, that service (unless you are using an incredibly simple password for which the hash value is widely recognized) has no idea what your real password is.<\/p>\n To be clear, if you do receive your plaintext password in return, that means that the online service you are using isn\u2019t hashing your password and shame on them.<\/p>\n You can test this yourself with an online reverse hash generator. If you generate a hash value for a weak password<\/a> like \u201cpassword\u201d or \u201c123456\u201d and then enter that hash value into a reverse hash generator, chances are the reverse hash generator will recognize the hash value for either of those passwords. In my case, the reverse hash generator recognized the hashes for \u2018brain\u2019 and \u2018Brian\u2019 but not the hash that represents the body of this text. So the integrity of a hash output is entirely dependent on the input data, which can be literally anything.<\/p>\n On that point, according to a report from TechCrunch late last month<\/a>, the popular cloud storage service, Dropbox, blocked one of its users from sharing content protected under the Digital Millennium Copyright Act (DMCA). This user tweeted that he had been blocked from sharing certain content, and Twitter blew up a bit with people shouting and screaming about how Dropbox must be rifling through user content despite promising not to do exactly that in its privacy policy<\/a>.<\/p>\n Dropbox, of course, did not rifle through any user content. As noted by the TechCrunch article, what likely happened here is that the copyright holder took their copyrighted file (perhaps the digital makeup of a song or movie) and passed it through a hash function. They then took the output hash value and added that series of forty characters to some sort of denylist for the hashes of copyright-protected materials. When the user tried to share this copyright-protected material, Dropbox\u2019s automated scanners picked up on the denied hash and blocked it from being shared.<\/p>\n![\"Cryptographic](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2014\/04\/06043858\/Cryptographic-Hashing-Explained.png\")
<\/a><\/p>\n