Hi, I came across two questions in Whizlabs which I have a doubt on
Q-1) You want to encrypt the PIN of an ATM transaction using a one-way encryption algorithm to prevent data theft. Which of the following would you use.
b) SHA < Correct Answer as per whizlabs
Now, I know that SHA is a one-way hashing algorithm. But, I think the purpose of a one-way hash function is to calculate a checksum style message digest so that client can re-calculate the message checksum using SHA and verify that value with the server's value. As two different messages would not compute to the same hash value, matching of client's value with server's value would ensure that the message was not modified in transport by the malicious party. I don't think the purpose of SHA is to provide message level security. You could use asymmetric or symmetric cryptography in addition to SHA/MD5 to provide message level encryption.
Am I wrong?
Q-2) Company B wants to encrypt some sales figures and send it to Company A, but company B does not have a key to encrypt the data. Competitor X is highly interested in these figures and is sniffing the traffic between A and B. What should Company A and B do to prevent X from getting its hands on the sales figures. Choose two options -
a) Use asymmetric cryptography < correct answer
b) Use symmetric cryptography
c) Use HTTPS
d) Use HTTP < use this as per whizlabs and not HTTPS
As per the authors, since the data is already encrypted using asymmetric keys, you do not need to use HTTPS. My doubt was - isn't exchanging keys a part of using SSL protocol over HTTPS?
Only SHA and MD5 are valid one way hash algorithms. From the list all the other SHA reamining algorithms are used for symmetric and asymmetric ciphers.
Please reply if my understanding is wrong
posted 10 years ago
Yes, that is true. But my question was not about which one's are one-way hash functions and which one's are symmetric-asymmetric. That is pretty obvious. The question is whether one-way hash functions can be used to encrypt data. I thought they were only used to validate that the message was not modified in transport.