csci 3341 class notes - 09-02-2025
Hashing vs Encryption: Key Concepts
Q1: Is hashing a type of encryption?
Answer: No.
Hashing a data item produces a hash value from the data alone (data → hash).
Sender sends data + hash; receiver needs the original data to validate the hash.
Security service provided by hashing: data integrity (verification that data has not been altered).
How encryption works (and where confidentiality comes from):
Data is transformed into ciphertext using an encryption key (key1).
Sender → Receiver: ciphertext.
Receiver uses a key2 to decrypt:
If key2 = key1, symmetric cryptography.
If key2 is the inverse of key1, asymmetric cryptography (public/private key pair).
Security service provided by (encryption/decryption): confidentiality (privacy of data).
Q2: Is a key used in hashing?
Yes, in keyed hashing (aka Message Authentication Codes, MAC).
Pre-requisite: the key must be pre-shared between parties.
Topic: Keyed Hashing (MAC)
A secret key is also called: shared key, symmetric key, classical key, or pre-shared key.
In symmetric cryptography, both sides use the same key (hence the term symmetric key).
A shared key is typically established via a key exchange protocol (e.g., Diffie-Hellman).
Cryptoanalytic assumption: data on the network may be sniffed (e.g., via tools like Wireshark).
Strength considerations: a cryptographic algorithm should use sufficient key length and strong algorithms.
Key length examples:
Old DES uses 56-bit keys; AES uses 256-bit keys.
Key space progression (illustrative):
For 1-bit key: size is (keys: 0, 1).
For 2-bit key: size is (keys: 00, 01, 10, 11).
For N-bit key: size is (2^N possible keys).
When to use DES versus AES
DES is used only when AES or more advanced algorithms are not available (e.g., low-end devices like sensors).
NIST overview
National Institute of Standards and Technologies (NIST): Standardizes protocols and algorithms to enable interoperable systems.
Public Key Cryptography (PKC, aka asymmetric crypto) uses higher key lengths than symmetric cryptography.
FAQ: Public key crypto is also called asymmetric crypto.
Public-key cryptography and RSA keys
As of 2025, RSA keys around bits are recommended.
Rationale:
Public key is publicly available; private key is private to the owner.
There is an inverse relationship between public and private keys.
Public-key operations:
Encrypt with public key → ciphertext; Decrypt with private key → recovered data (public-key encryption).
Encrypt with private key → ciphertext; Decrypt with public key → recovered data (digital signatures).
Lesson: use a high number of key bits when using public-key cryptography (e.g., RSA).
Data Authentication using HMAC
HMAC provides two security services: data integrity and authentication (also called data origin integrity).
Keyless hashing provides only data integrity, but not guaranteed origin/identity, because anyone with the data and the hashing algorithm could compute a matching hash.
With HMAC, both parties share a pre-shared key, tying the MAC to a particular entity.
Practical visuals (referenced in the transcript)
Figure 1: A sample script using HMAC.
Figure 2: Alice verifies Bob’s identity with a shared key and an HMAC function.
Figure 3: A Python script that simulates the above scenario.
Figure 4: Examples of using json.dumps() and json.loads().
Python script overview (HMAC example)
Code snippet context:
Imports:
import hashlibandimport hmac.Reference: Python HMAC documentation.
HMAC with SHA-256:
Key:
b'key1'(bytes)Message:
msg1 = 'message'hmac_sha256 = hmac.new(key=b'key1', msg=msg1.encode(), digestmod=hashlib.sha256)Outputs:
Original message:
msg1.MAC via
digest(): raw bytes.MAC via
hexdigest(): hex string.digest_size: size in bytes of the MAC output.
HMAC with MD5:
hmac_md5 = hmac.new(key=b'key1', msg=msg1.encode(), digestmod=hashlib.md5)Similar outputs as above.
Changing the message and updating digests:
`msg2 =