Cryptography/Expectations of Normal Users

DRAFT:

Cryptography affects us every day through a variety of subtle means. Cryptography protects our credit card number when it is sent over the phone lines, it protects your bank card pin from unauthorized access, and it keeps passwords safe from unauthorized access. As a society, we have become more dependent upon computers for our everyday lives. Right now, your health history, driving record, and financial information are probably computerized. The Internet is a fairly uncontrolled media, everything that is given access to the Internet is vulnerable to unauthorized access by hackers or other ne'er-do-wells, and therefore must be protected.

You are probably already familiar with one form of protection, a password. It is a secret phrase that only you and the trusted party know. To authenticate yourself to the trusted party (the site with your information in the case of a bank or a doctors office), you give the password. It would not be very secure to have a list of passwords written on a sheet of paper by the counter (or just laying around in plaintext on a computer) in order to authenticate every client. The solution comes in the form of a cryptographic hash, typically Argon2. The trusted party stores a hash of your password instead of the plaintext version. If someone were to steal the hashed version of your password (assuming the office in question used salting and a secure hash algorithm) it would be nearly useless to them. When you give your password, the office would compute the hash of it and compare that hash to the hash they have on record. Since one of the properties of a hash is that it does not collide (that is for any given input there is one unique output which is not equal to any other input. Of course there is no fixed length hash which can completely comply with that requirement over an infinite length input; most passwords are between 8 and 14 characters therefore for our purposes MD5 will suffice) if the two hashes are identical, then the ciphertexts were identical, so the user is authenticated. This process goes on almost every time you enter a password on a computer (Which is why most of the time you are given the option to reset your password not retrieve it because Argon2 is a one-way hash. There are two-way cryptographic "hashes,"[citation needed] but I will not discuss them here.).

Even though we know that collisions theoretically exist, cryptographic hashes -- even MD5 -- are designed to make it infeasible to actually find a value that would produce the same hash value as your password.[1]

  1. "Potential collision with hash password"