2

From many forums I saw that the SHA256 data cannot be decrypted? If that's really true then hows is the data verified? Whats the use of just encrypting the data? The same question goes for the digital signatures (which I believe is the hashed value and private key)?

Anders
  • 65,052
  • 24
  • 180
  • 218
Gaurav Mathur
  • 71
  • 1
  • 1
  • 2
  • Hash the same input again and compare the hash. – CodesInChaos Dec 14 '16 at 09:43
  • 7
    SHA256 is a cryptographic hash, not encryption... And yes, the point is specifically being one-way. I suggest you learn the very basics of these terms, e.g. even from Wikipedia. Then you can come ask more specific questions... – AviD Dec 14 '16 at 09:46
  • 1
    Possible duplicate of [Why are hash functions one way? If I know the algorithm, why can't I calculate the input from it?](http://security.stackexchange.com/questions/11717/why-are-hash-functions-one-way-if-i-know-the-algorithm-why-cant-i-calculate-t) – Xander Dec 14 '16 at 14:42

2 Answers2

14

First, there is a difference between hashing and encryption. SHA256 is a hashing function, not an encryption function.

Secondly, since SHA256 is not an encryption function, it cannot be decrypted. What you mean is probably reversing it. In that case, SHA256 cannot be reversed because it's a one-way function. Reversing it would cause a preimage attack, which defeats its design goal.

Thirdly, SHA256 verification works by computing it again and comparing the result with the result at hand. If both results match, then the verification is successful. The theoretical background is that it's difficult to find another input which gives the same hash result. Violation of this creates a second-preimage attack, which defeats its design goal.

Finally, digital signatures are not simply hash and key combinations. But a hash function may improve its security.

Cyker
  • 1,613
  • 12
  • 17
6

SHA256 is not an encryption function but a hash function. The fundamental difference is that while encryption is a two way function (given the key) hash is only a one way function: given some data you can compute the hash, given the hash it is difficult (and mathematically impossible) to have the data back.

I said it is mathematically impossible to find the data from the hash because typically a hash function has a small codomain (for example 256bit for SHA256) but a big domain (you can hash any string), so there will be collisions: different strings with the same hash.

For this reason if your password is saved in a hashed form then there exist infinite password (but they can be very long) that unlocks your account.

The good news is that collisions are rare when you use cryptographic hash functions, so your account is still safe.

Answering the fist part of your question, data verification is easy: if Alice sends to Bob a file with the hash checksum Bob can easily compute the hash of the file he has received and compare it with the hash received from Alice. This is usually enough to find out if there has been any error during the transmission (so the file is corrupt), but isn't enough if the transmission has been altered by some attacker that also altered the hash. So Alice and Bob needs a secure channel to transmit the hash (for example a https page with a valid certificate) or they need to sign the hash in some way.

So we move to the answer to your second question: Alice can sign the hash using her private key before sending it to Bob, in this way an attacker can't tamper with it without invalidating the signature.

Now you could ask why Alice signs with her RSA (or similar) key only the hash and not all the message, this is because computing RSA is slower than computing a hash (so she has to do the slow thing only on a small string: the hash). This was true especially when PGP was created and computers was slower.

Enrico Polesel
  • 201
  • 1
  • 4