Tag Archives: Security

What is Hashing?

| June 11, 2019

What is Hashing?The security triad (also known as the CIA triad) defines the overarching principles of information security. One of the triad’s primary principles is assuring the integrity of data. The goal of this principle is to provide assurance that the data has not been modified, tampered with, or corrupted in any way, and the method most often used to do this is called hashing.

 

What is Hashing?

There are three key components involved in the hashing process: input, hash function, and hash value. The input is the data itself, which can be any size and take any form such as a text file, Microsoft PowerPoint presentation, MP3 music file, etc. The hash function is the algorithm used to generate the fingerprint. The hash value is the output of that hash function, which is the resultant fingerprint of the input data.

It’s important to note, however, that the hash value is a fixed size regardless of the input data size. The size of the output depends on the algorithm used. To illustrate this, let’s look at an example.

The MD5 hash value for the opening paragraph of this document is:

fb84fe5514eebe360ec434bc326c70d2

The MD5 hash for Ernest Hemingway’s novel The Old Man and the Sea is:

e6200a8a14a76ce2e19bac3f48d2f036

 

Properties of Hash algorithm

In order to be considered viable, there are four goals that a hash algorithm needs to meet:

  1. Running the same hash function on the same input data must yield the same hash value.
  2. Small changes to input data should result in large changes to the hash value.
  3. Each resultant hash value for different input data should be unique.
  4. The hashing process must be one way (i.e. it can’t be reversed).

 

Common Hash Algorithms

There are many different hash algorithms available for use today. Here are a few of the most common hash algorithms:

  1. MD5 – One of the most common algorithms, which provides a 128-bit hash value.
  2. SHA-1 – Provides a 160-bit hash value. Designed by the National Security Agency (NSA).
  3. SHA-2 – Actually a family of hash algorithms, SHA-2 has several variants that produce different size hash values.
  4. SHA-3 – Provides variants that produce hash values of the same length as SHA-2, but it corrects some of SHA-2’s weaknesses.
  5. HMAC – HMAC can use any cryptographic hash function as its base but also appends a secret key to the input data, serving as both a hash function and a message authentication method.

 

Hashing and Data integrity

Now that we’ve got all the background information, we can see the different ways hashing is used. One use is in verifying data integrity – which is one of the key concepts for information security. In addition, it can also be used to authenticate a sender, not only ensuring that the data remains intact but also making sure of its sender.

 

Conclusion

As we can see, hashing plays an important role in information security. When considering hashing, there are three important concepts to remember:

  1. Hashing plays a key role in assuring data integrity.
  2. Even minor changes to the input data must result in major changes to the hash value output.
  3. The hashing process must be one way.

 

Download the White Paper

 

REDCOM Secure Client for Android receives FIPS 140-2 Validation

| May 29, 2019

REDCOM completed the FIPS 140-2 validation process, receiving certificate #3189 in May and #3229 in July of last year.

The FIPS 140-2 validations were granted after independently accredited labs put the REDCOM encryption modules through a series of tests. After proving conformance with the FIPS 140-2 standard, the modules’ test reports were sent to CMVP, the Cryptographic Module Validation Program, operated by the United States National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS), a branch of the Communications Security Establishment (CSE). Their joint office confirmed compliance and issued the certificates, both available publicly on the CMVP website. #3189 was issued for a C-based module deployed in a Linux environment, while #3229 was for a Java module operating on Android.

This validation effort is very important to REDCOM because the REDCOM Secure Client for Android is now available with U.S. government certified encryption, making it eligible to be procured by federal agencies, including the Department of Defense. It is also approved for use in regulated industries such as utilities, finance, and healthcare, opening doors to significant future revenue.

“FIPS 140-2 validated encryption has fortified our positioning,” said REDCOM Voice Product Security Program Manager Sal Ceravolo. “As a major supplier of communications technology to the U.S. military, government agencies, and emergency responders, we understand how crucial it is to meet the stringent benchmarks for deployment in these sectors.”

The certifications were streamlined via strategic partnership with encryption experts at SafeLogic. Instead of starting from scratch, SafeLogic provided cryptographic technology that had already been tested by independent labs, saving significant time from the arduous process.

“REDCOM was our first partner to certify the Java crypto module on an Android mobile platform,” noted SafeLogic CEO Ray Potter. “It was a great collaboration, paving the way for an accelerated validation while also conducting operational testing in a different environment!”

“SafeLogic’s technical team was very impressive with their feedback and responsiveness,” Ceravolo added. “They provided us with a knowledgeable software engineer we could talk to at any time and we got certified in the first pass.

Our partnership saved us the hassle of dealing with consultants or hiring engineers familiar with esoteric FIPS 140-2 regulations.”

The REDCOM Secure Client is part of the company’s portfolio of UC solutions for Federal and military customers designed to improve operational flexibility, command & control, and readiness. For more details on the REDCOM Secure Client, visit www.redcom.com/products/secure-client-gov

 

About REDCOM

REDCOM Laboratories, Inc. is a woman-owned small business that specializes in the design and manufacture of advanced tactical and strategic communications solutions with a focus on security, reliability, and interoperability. REDCOM’s customers include all branches of the military, government agencies, emergency responders, integrators, and enterprises. For additional information, please visit the REDCOM website at www.redcom.com.

 

About SafeLogic

SafeLogic provides innovative encryption products for applications in mobile, cloud, server, appliance, wearable, IoT, and other constrained environments. Our flagship product, CryptoComply, provides drop-in FIPS 140-2 compliance with a common API across platforms. SafeLogic’s customers include many of the most influential and innovative companies in technology. SafeLogic is privately held and is headquartered in Palo Alto, CA. For more information about SafeLogic, please visit www.SafeLogic.com.