'When is one way encryption used?'

* Privacy * Security * Surveillance * Blog * 4402

• Local Services

Jess from New York -

I've heard of one way encryption where one cannot decrypt the information. Why would anybody want to use such a technique rather than having a system where you can decrypt the information if you know the key/code?

Comment #1 George from Montana -

It is used all the time for passwords.

Comment #2 Jess from New York -

Right, I understand now. It's because for passwords the admin doesn't need to know the password and therefore one way encryption is perfect, but for things where you need to retrieve the data, it has to be a two way encryption.

Comment #3 G Barrow (68.215.227.146) -

Comment #2 Jess from New York -

Right, I understand now. It's because for passwords the admin doesn't need to know the password and therefore one way encryption is perfect, but for things where you need to retrieve the data, it has to be a two way encryption.

Actually there is no reason AT ALL to make passwords retrieveable, as admins will have the permissions necessary to reset passwords should the need arise. So to answer your question, password applications are one place where one way encryption is used.

It is also used (or can be) in high security applications where the need to protect the data encrypted outweighs the need to access the data should passwords be forgotten.

Comment #4 Tony (66.112.105.24) -

Here's how one-way encryption works.

Let's say a password is encrypted one-way. That way there is no way to get it back, but if you encrypt the same password, you'll get the same result (most likely a really long string of 0-F characters).

When someone tries to use that password to log in, it encrypts it the same way as the master password. If the two encrypted strings match, the login is successful.

Basically, it's impossible to unencrypt the master password, but you can encrypt another string and see if it matches the original.

Comment #5 George from Montana -

Often times the encrypted password is shorter than the plain text password. Ie: the encrypted password might be 32 bits. The plain text might be 2 or 3 times that.

The result being that many different plain text passwords could match an encrypted password. If someone understood the encryption formula well, they might be able to do a brute force attack much more efficiently.

Comment #6 Soney (63.176.159.182) -

If man encrypts it then man can decrypt it. You just need one correct specimen to study to know what the encryption is. Sounds pretty easy but in reality, its very hard and tedious to do.

Comment #7 Sharp (63.176.159.96) -

You ahve a point there Soney

Comment #8 Mac from UK -

One way encryption is not really the correct terminology. It’s actually called Cryptographic Hashing and there are already many resources available for cracking a lot of them. (Rainbow tables is just 1 of many)

Uses include (but not limited to)

-Password Storage

-File integrity file checking

-Digital signing (part of PKI/PGP etc)

Examples of hashing algorithms are:

-Most common:

-MD5 - www.ietf.org / rfc/rfc1321.txt

-SHA1 - www.faqs.org / rfcs/rfc3174.html

-Newest:

-MD6 - groups.csail.mit.edu / cis/md6/

I hope this helps shed some light, and for those hoping to find more information try a google search for MD5 Hashing, or checking wiki. There is a lot of information published on the web regarding this subject.

Mac

• Cryptographic Hashing

E-Mail:         

Name:            (required)

Title:           (required)

Message (do not enter emails or links or urls in the message!):