SQL Joins in a nutshell

SQL Joins in a nutshell.
Source: Linkedin post

Hashing and Encryption

Consider a database table which stores user id and password in plain text. If a hacker gets access to the table, he can easily login to the application that uses the user id and passwords and steal user information. Hence, there is a need to store passwords in a secure way. How do we do it? There are two ways - Hashing and Encryption.

Hashing 

Hashing is the process of converting a text into a string or number that cannot be reversed back to the original form. It is a one-way conversion to a hash. Best use case would be storing a password in a database. Passwords can be hashed and stored in tables. So, even in case of hacker attack, it would be impossible to retrieve what the user entered. 

Hashing algorithms 

MDA5 - Produces a 16-byte hash value, expressed as a 32 digit hexadecimal number.  Recently, a vulnerability was found when using MD5.

SHA - 0 - Very rarely used, as it contained an error

SHA - 1  - Rectified the error of SHA-0. It produces a 20-byte hash value. Most commonly used.

SHA - 2 - Produces 32-byte hash value. Considered to be the strongest and comprises of 6 hashing algorithms.

Salt - A random number added to the text to be hashed and then hashed. The resulting hash is a product of both the text and the random number which makes it harder to retrieve.

Rainbow table -  An attacker can run a hashing algorithm over a list of commonly used passwords and match it against the values in the database.  This list is called a rainbow table.  Salts are added to the text to make it more difficult for a hacker to come up with a rainbow table.

Encryption

Encryption is a two way conversion wherein, a text can be converted or encrypted using a key into a non-readable format to transfer it over a network, which then can be decrypted back to its original form at the receiver’s end. There are two types of encryption - symmetric encryption and public key encryption. 

Consider a use case - Suppose Rita wants to send a secret message to Anita, she can send it as plain text over the network, which an eavesdropper can get. Encryption comes into use in such cases. 

Rita and Anita can share a common encryption key. So, Rita can encrypt her message using the common encryption key and send the encrypted message over network. Anita on the other end, can decrypt the message using the common encryption key. This form of encryption is known as symmetric encryption where the same encryption key is used to encrypt and decrypt messages or text. 

Public key encryption or Asymmetric encryption -  In public key encryption, each user has two keys. A public key(known to everyone) and a private key(known only to the owner). 

Public key is used to encrypt and private key is used to decrypt. 

In Rita and Anita’s use case, Rita will use Anita’s public key to encrypt the message. And Anita will use her private key to decrypt the message. 

LDAP technology can be used to store a registry of public keys.   

PGP - Pretty Good Privacy is a well known public key system for transmitting information. 

Encryption Algorithms

AES - Used widely symmetric key encryption

PGP - Popular public key encryption algorithm.

When to use what?

If a text needs to be sent securely with the message to be available in its raw form at receiver end, then encryption is the best bet.

In cases where the raw form is not required, hashing can be used.

Symmetric encryption is simpler to use and has an improved performance. However, both parties need to be aware of the encryption key to use. Public key encryption can be used to send across symmetric key for the first time and later on symmetric encryption can be used thereafter- eliminating the challenge of sharing the key securely.