A-level Computing 2009/AQA/Problem Solving, Programming, Operating Systems, Databases and Networking/Programming Concepts/Hashing





Hashing involves applying a hashing algorithm to a data item, known as the hashing key, to create a hash value. Hashing is used so that searching a database can be done more efficiently, data can be stored more securely and data transmissions can be checked for tampering.

Hashing tables
To build a set of hashing values we use a hashing algorithm to create a hashing table. Take a look at the diagram below, by applying a hashing algorithm each data item (or hashing key) has a hashing value. Now if we decided to search for:

We could search the hashing table for hashing value 3, and if we found it we would know that Sam Doe does exist.

But what about searching for an item that doesn't exist? Take a look at this example: We can now search the hashing table and can see that there is no entry for Hash Value=9, therefore that data doesn't exist and we didn't have to search through all the data to prove this.

Hashing Algorithms
A hash is supposed to be repeatable, that means each time we apply it to the same data we should get the same hash value out. This requires that we create a hashing algorithm or function:

Take a look at this (if you've forgotten how MOD works, go check it out!) hashKey MOD 6 If we apply this to the following list of hash keys: Once we have calculated the Hash Values we can start to build the Hashing Table, notice because we are using MOD 6 we have 6 different possible Hashing Values: Now if you were asked whether the hashing key  was a member of the data you have been given you would do the following: 23448 MOD 6 = 0 Nothing attached to 0 in the hashing table Therefore 23448 isn't stored
 * 1) Use the Hashing Key, apply the hashing algorithm and calculate the hashing value
 * 2) Check for the hashing value in the hashing table
 * 3) If it exists, you have found the data, if it doesn't the data isn't there

Create a hashing table for the following hashing keys and hashing algorithm: HashKey MOD 8

Create a hashing table for the following hashing keys and hashing algorithm: (HashKey + 12) MOD 8

Can you find the hashing key 3245 stored in the following hashing table, built on the hashing algorithm: (HashKey + 67) MOD 8:

No. As (3245 + 67) MOD 8 = 0, and there is no data stored against that key in the Hashing Table

Describe the following:
 * Hashing Key
 * Hashing Algorithm
 * Hashing Value

All of them – everything is done by consensus.

All of them – everything is done by consensus.

All of them – everything is done by consensus.

Collisions
You might have already noticed this, what happens when we run out of unique hashing values, when two hashing keys give the same hashing value? Take a look at the final row of the following example, built on the hashing algorithm of HashKey MOD 6: When two hash keys result in the same hash value this is called a Collision. This causes a problem as we can no longer quickly find whether data is in our hashing table or not, as another piece of data might have the same hashing value. There are several ways of solving this, we are going to look at two:

Closed Hashing (Open Addressing)
When two hash keys create the same hash value we place the colliding keys in next free hash value.

Open Hashing (Closed Addressing)
When two hash keys create the same hash value we place the colliding keys in the same location, by utilising a linked list to link together all the values that match that hashing value.

Sending files
MD5 MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 Even a small change in the message will (with overwhelming probability) result in a mostly different hash: MD5("The quick brown fox jumps over the lazy dog . ") = e4d909c290d0fb1ca068ffaddf22cbd0



Passwords






Searching
As you should know from studying databases we often have to search for data in tables using the primary key. That is the unique value that is stored about each record. This is normally a number, but if we didn't have a numeric primary key we still need to be able to search through the data. For example the table below shows details about some students in a class, and we are going to search on the name of each student: Searching on the name of each student could take some time as we might be searching for: Aubrey Carrington This might take checking thousands of different records and 17 characters before we were sure that we found them. If the data was even larger it could take much longer than that. What is needed is a quick way to apply an index key to each data item so we can quickly search through the data. Attaching an index key to each data item (or hashing key) is called hashing and the index value is called the hashing value. This hashing value isn't random, but is dependent on the hashing key being hashed, so that each time you apply the same hashing algorithm to the same data, you'll get the same hash value.

For example, if we hashed each name (or hash key) and we got that Anthony Tarkovsky's hash value was 12, we would only need to check the hashing table to see if 12 existed instead of searching through the name field for all 17 characters.

As you can't work out the original value from the hashed value, Hashing is also used to store passwords. Companies with poor security keep passwords in text fields, which can make it easier for passwords to be stolen. A more secure way to store passwords is the following: Much smarter companies do the following: Now when a customer returns to the site and enters their password the system does the following: This has the benefit of dealing with the following situation:
 * 1) User enters password "thisisreallym3"
 * 2) Database system hashes password to "$2b$12$8ngyq48e1Y5N3nhxNI4Xiu1eb.1042lSDb1qeagbtyT2MivOjx7cC" and stores this in the database.
 * 1) User enters password
 * 2) Password entered is immediately hashed and the hashed value compared against the database value
 * 3) If values are the same let them in, if values are different reject their log in attempt
 * 1) A script kiddie cracks into the system and steals the user database
 * 2) They get user details with only the hashed value of the password
 * 3) Hashed passwords are useless for finding out real passwords without the hashing algorithm (and mostly useless with it!)
 * 4) Users' accounts  on that website and other websites are not compromised even if they use the same password everywhere

Encryption
Hashing algorithms should do the following-
 * 1) Have few collisions
 * 2) Produce a wide range of hashed values
 * 3) Produce the hashed output every time for the same input