In today’s digital age, security and privacy are top priorities. Whether you’re creating an online account or sending confidential messages, cryptographic concepts like hashing and encryption play a crucial role in safeguarding your data.
This article dives into the basics of hashing, the different types of encryption, and walks you through the steps to generate secure key pairs on Linux.
🔐 What Is Hashing?
Hashing is a process that transforms data—like a password—into a fixed-length string, known as a hash value. This transformation is done using algorithms such as MD5 or SHA-256.
📌 Real-World Use of Hashing
When you register on a website like LinkedIn, you typically provide your:
- Name
- Age
- Email address
- Password
Most of this information is stored in plain text in the database—except your password. Instead, your password is passed through a hashing algorithm, like MD5, and the resulting hash is what’s saved.
🚨 Why Is This Important?
If a data breach occurs, the hacker may obtain your details—but not your password. Instead, they get the hash, which cannot be reversed to reveal the original password. Hashes are one-way functions, making them practically irreversible.
🛠️ Password Cracking Techniques (and How to Prevent Them)
While a hash cannot be reversed, attackers use various techniques to guess or match hashes with known passwords.
🌈 Rainbow Tables
A rainbow table is a collection of pre-computed hashes and their matching plain text passwords. For example, the hash of a common password like password123 can be looked up.
You can explore hashing on tools like:
onlinewebtoolkit.comcrackstation.net
These sites demonstrate how common passwords are vulnerable.
📚 Dictionary & Brute-Force Attacks
In a dictionary attack, hackers use massive wordlists to try different passwords. A famous example is the rockyou.txt wordlist in Kali Linux, containing over 14 million entries.
With brute-force attacks, every possible combination is tried until a match is found.
🧂 Salting: Making Passwords Stronger
To make passwords more secure, salting is used. This involves adding a unique, random string to your password before hashing. Even if two users have the same password, their hashes will differ due to the salt.
Salting makes rainbow tables and dictionary attacks ineffective—unless a hacker knows the salt, which is usually secret and unique to the company.
🔑 Understanding Encryption
While hashing is one-way, encryption is two-way—you can encrypt and then decrypt data using a key. There are two main types:
1. Symmetric Encryption
- Same key is used for both encryption and decryption.
- Fast but risky if the key is shared.
- Example: AES (Advanced Encryption Standard)
Imagine Jon and Sue sharing the same key to lock and unlock a file. If someone else gets the key, they can read the data.
2. Asymmetric Encryption
- Uses a public and a private key.
- Public key = for encrypting (like a mailbox anyone can drop letters into).
- Private key = for decrypting (only the key owner can read the letter).
- Example: RSA algorithm
🔄 How It Works
- Sue shares her public key.
- Bob encrypts a message using Sue’s public key.
- Only Sue can decrypt the message using her private key.
The public and private keys are mathematically linked, but it’s impossible to derive one from the other.
🧪 Creating Public & Private Keys on Linux
Here’s how you can generate and use key pairs on a Linux system.
Step 1: Get Server IP
Use the command:
arp -a
This helps you identify the IP address of the server (e.g., 192.168.1.152).
Step 2: Try Connecting Without Keys
Try accessing the server using SSH:
ssh root@192.168.1.152
If no key is available, you’ll get a message like:
No matching host key type found.
Step 3: Generate Key Pair
Use the following command to generate your SSH key pair:
ssh-keygen -t rsa
This creates:
- A private key (kept on your machine)
- A public key (installed on the server)
The keys are stored in your ~/.ssh directory. To see them, run:
ls -la ~/.ssh
You’ll see files like:
id_rsa(private key)id_rsa.pub(public key)
Step 4: Connect to Server with Preconfigured Account
You can now connect using SSH or PuTTY. For example, using PuTTY on Ubuntu:
putty
Enter the IP and connect using the username and password (symmetric encryption). In future configurations, you’ll upload the public key to the server for key-based authentication, which is more secure.
🔒 Summary
Let’s recap the key points:
- Hashing secures passwords by transforming them into fixed, irreversible strings.
- Rainbow tables, dictionary, and brute-force attacks threaten weak passwords.
- Salting adds randomness to hashes, making them stronger.
- Symmetric encryption uses one shared key, while asymmetric encryption uses public/private key pairs for added security.
- On Linux, you can generate and use secure key pairs for safe server communication.
Understanding these concepts helps you stay one step ahead in digital security. Use strong, unique passwords, enable multifactor authentication, and take encryption seriously.
Tags:
hashing, password security, encryption, symmetric encryption, asymmetric encryption, rainbow tables, brute force attack, salting, ssh keygen, cybersecurity, linux, ssh authentication, rsa keys, aes encryption, rsa encryption, cyber hygiene, password hashing
Hashtags:
#hashing #encryption #cybersecurity #passwordsecurity #linux #rsa #ssh #symmetricencryption #asymmetricencryption #rainbowtables #bruteforce #salting #cyberhygiene #infosec #sshkeys
