what is the different between encryption and digest? i don't understand their difference.
A:
Encryption conceals the contents of the plaintext, while a digest is a special kind of hash that acts as a sort of fingerprint for the data. If the message digest is encrypted with a private key, this can be used as a digital signature to ensure that it came from a particular source.
Steven Sudit
2010-07-26 06:33:32
Verifying the integrity of files can be done using a (message) digest, see http://en.wikipedia.org/wiki/Message_digest. However, authentication (i.e. verifying that a message comes from a particular source) can't be done using a simple digest. Authentication would require e.g. a digitial signature.
0xA3
2010-07-26 06:46:37
@0xA3: I'm sorry, you're correct. I'll fix my answer.
Steven Sudit
2010-07-26 06:48:52
Thanks for the clarification, +1
0xA3
2010-07-26 07:12:55
@0xA3: Thanks for catching my blunder. I know we have this whole ludic system of up- and down-votes but what really matters is that the OP gets an accurate answer.
Steven Sudit
2010-07-26 07:20:37
+2
A:
encryption takes a plain text and converts it to an encrypted text using a key and an encryption algorithm. The resulting encrypted text can later be decrypted (by using the key and the algorithm)
digest takes a plain text and generates a hashcode which can be used to verify if the plain text is unmodified but ich CANNOT be used to decrypt the original text form the hash value
Nikolaus Gradwohl
2010-07-26 06:47:02
Yes, digests are typically one-way, however with rainbow tables, or crappy hash algorithms it's possible to reverse the hash and get the original text. Just a minor point.
Alan
2010-07-26 06:48:50
Nik, we should probably mention that nothing stops someone from changing the message and then generating a new digest. Something like HMAC or DSA would do that, though.
Steven Sudit
2010-07-26 06:52:26
@alan yes for short plaintexts like passwords, but not for big files like textdocuments or images
Nikolaus Gradwohl
2010-07-26 07:01:11
@Steven either that or you have to store the generated mac in a secure way/place
Nikolaus Gradwohl
2010-07-26 07:01:43
@Nik: Well, a good cryptographic digest is hard to find a plausible plaintext for on short order, so you could transmit the digest in the clear immediately prior to sending the plaintext in a private, but unencrypted and potentially tamperable, way. For example, you could publish the digest in a newspaper and then send the plaintext by mail. This doesn't prevent the mail from being intercepted, but it does make it hard to replace it with a fake message.
Steven Sudit
2010-07-26 07:06:19
It occurs to me that I should probably mention that these are called preimage attacks (http://en.wikipedia.org/wiki/Preimage_attack). The type mentioned in my example would be a second preimage attack, at it has known plaintext. As it stands, this is very difficult even with a "broken" hash like MD5, but it can be made arbitrarily more difficult simply by taking two different hashes.
Steven Sudit
2010-07-26 15:08:44
A:
Encryption is a way of "Security by Obscurity." It is exactly what the word suggests, to encrypt, to encode, etc.. and ANYTHING that is encrypted/encoded CAN be decrypted/decoded (seeing as how they are the antonyms and all) Assuming you know how whatever was encrypted.
A digest on the other hand, or hash.. is something that cannot be reversed. Usually a particular hashing algorithm will return a "fingerprint" in a set bit size. For instance, 128-bits. The algorithm somehow digests everything into a simple 128 bit string... using mathematical equations and such to keep a decryption impossible.
In closing, encryption is meant to hide things from others, while hashing is meant to identify. Like passwords for instance, you would never encrypt a password...mainly because you risk the chance of someone actually decrypting it.
There are rumors out there that hashes/digests CAN be reversed through use of a "resource" out there somewhere, but in reality, it is nothing but a collection of hashes in a databases and if one just so happens to type in a string that hashes to the same value in one of the records of this database -- it is called a collision at the most. Either the hash has been salted differently, or you actually got lucky enough to match a hash.
Zane Edward Dockery
2010-07-26 07:07:09
No, "secuirity by obscurity" refers to something else. http://en.wikipedia.org/wiki/Security_through_obscurity
Steven Sudit
2010-07-26 07:09:21
Also, the reason a fingerprint can't be decrypted is because it's not encrypted in the first place. In fact, for any non-trivial message, it's much too short to contain the plaintext in any recoverable way.
Steven Sudit
2010-07-26 07:10:15
As Nik already pointed out, rainbow tables are only relevant to hashes of short strings, such as passwords, and then only when they're unsalted. If I hash this entire page, no rainbow table could possibly reverse it.
Steven Sudit
2010-07-26 07:11:39