The Powerful Hash Encryption Algorithm

In my opinion, hash encryption is a powerful algorithm that, while seemingly simple, addresses the core pain points of web applications, making it a topic worth discussing.

Why do I say this?

This requires clarifying what I referred to at the beginning of the article as the “core pain point of web applications”.

1. Trust

My answer may be somewhat subjective, but I believe this core pain point is “trust”.

A typical scenario is “user registration”.

Once upon a time, every time I filled out a username and password in a website registration form and clicked the “confirm” button, I would always wonder if it was really reliable.

I would think, when my password travels over the network to the website’s backend, does the site owner get to know my password? Perhaps not only the site owner knows, but also the backend developers, and even the testers might know…

If those who know my password then copy the information and “sell it cheap” to others, and those others continue to sell it, isn’t my password essentially useless?

Moreover, I do not trust so-called “encrypted storage” because I feel that if you can encrypt, decrypting must also be easy. The so-called “encryption” is merely self-deception.

2. One-way Encryption Algorithms

Such concerns are not unfounded. However, the implementation of hash encryption algorithms completely alleviates this user concern.

This is because one of the most typical features of hash encryption algorithms is that they are one-way encryption algorithms that cannot be decrypted.

In other words, hash encryption is irreversible; you can “hash” the original plaintext into a ciphertext that is completely different from the original text, but you cannot revert this ciphertext back to plaintext.

As long as the hash encryption algorithm is deployed on the backend of the website responsible for receiving frontend data, the password set by the user will first be hashed and then stored in the database.

Thus, what the website backend stores is only the irretrievable “ciphertext”, and the plaintext password is known only to the user.

3. How to Verify Without Storing Passwords?

Some may wonder, if the website backend only saves the ciphertext of the user’s password, how can it confirm whether the plaintext password entered by the user is correct during login?

This is where a common misconception must be broken: that password verification can only be done by comparing plaintext with plaintext. In fact, verifying ciphertext against ciphertext yields the same result.

As long as there is a one-to-one mapping relationship between plaintext and ciphertext, ensuring that different plaintexts correspond to different ciphertexts, it is entirely possible to use ciphertext verification instead of plaintext verification.

Hash encryption precisely possesses this characteristic.

4. Encrypted Communication

Hash encryption also plays a crucial role in HTTPS or SSL, continuing to address the “trust” crisis, but this time the focus is not on the endpoints of communication, but on the communication path, in short, addressing the “man-in-the-middle” issue.

Hash encryption algorithms are among the core underlying encryption algorithms for encrypted communication. In the field of encrypted communication, it is often referred to as a “hashing algorithm”.

5. Identity Verification

Hash encryption can also implement identity verification in the form of tokens. For detailed principles, refer to the previous article “How to Understand Tokens in Web Communication?”. In simple terms, it combines the “identifiability” of the user ID with the “confidentiality” of the encryption algorithm, replacing the combination of username and password with a token, thus simplifying the identity verification process.

6. Cache Updates

Interestingly, as an encryption algorithm, hash algorithms also play an important role in non-encrypted areas. This area is the cache-busting of static resources in the web frontend.

To enhance user experience, web pages are typically cached by default, so the same page does not reload repeatedly. However, the existence of caching mechanisms often leads to outdated page updates.

Thus, utilizing the one-to-one characteristic of hash encryption between plaintext and ciphertext, some have thought of directly using the ciphertext of a file as the file name.

In this way, as long as the file content changes, the file name will also change, and once the file name changes, the browser will automatically update the cache.

-END-

Leave a Comment