Encryption & Security

Hashing, Salting & Key Derivation

Not everything in security is about locking and unlocking. Some of the most important tools are one-way: they scramble data so it can be verified but never reversed. Hashing protects your password, fingerprints your files, and turns weak human secrets into strong encryption keys. Here's how the pieces fit together.

Hash function
A one-way fingerprint — fast forwards, impossible to reverse. NDEVR uses SHA-256.
Password hash
A deliberately slow, salted hash for storing passwords. NDEVR uses bcrypt.
Key derivation
Turns a secret into a uniform encryption key. NDEVR uses PBKDF2 and HKDF.
Salt
A unique random value added before hashing so identical inputs never share a hash.

What is a Hash?

A hash function takes any input — a word, a password, a gigabyte file — and produces a fixed-size string of bytes called a digest. Three properties make it useful:

  • One-way. Easy to compute the hash from the input; practically impossible to recover the input from the hash.
  • Deterministic. The same input always yields the same hash — so you can compare fingerprints instead of the originals.
  • Avalanche effect. Change a single character and the entire hash changes unrecognizably.

Crucially, a hash is not encryption: there is no key and no way to “decrypt” it. It's a fingerprint, not a locked box.

SHA-256, the Fingerprint

SHA-256 (part of the SHA-2 family, standardized by NIST) produces a 256-bit digest and is one of the most trusted hash functions in use. It's everywhere: verifying that a download wasn't corrupted, underpinning digital signatures and Bitcoin, and inside nearly every secure protocol. NDEVR uses SHA-256 throughout — for example, to derive deterministic encryption keys from secret material and to fingerprint tokens so the raw value never has to be stored.

Passwords, Salt & bcrypt

You should never store a password as-is. If the database leaks, every account is instantly compromised. So systems store a hash of the password instead — at login, they hash what you typed and compare. But two problems remain:

  • Identical passwords share a hash. If two users both pick “password123”, their stored hashes match — and attackers can precompute giant tables (“rainbow tables”) of common passwords. The fix is a salt: a unique random value mixed in before hashing, so identical passwords produce totally different stored hashes and precomputed tables are useless.
  • Fast hashes are too fast. A general-purpose hash like SHA-256 is built for speed, which lets an attacker try billions of guesses per second. Password hashing should be deliberately slow.

bcrypt solves both. It builds the salt in automatically and has an adjustable cost factor that makes each guess take a measurable fraction of a second — trivial for one honest login, ruinously expensive for an attacker making billions of attempts. As hardware gets faster, the cost factor is simply turned up. NDEVR stores account passwords with bcrypt.

Salts must be truly random

A salt is only effective if it's unpredictable. NDEVR generates salts from a cryptographically secure random source (the operating system's CSPRNG, e.g. OpenSSL's RAND_bytes) — never from something guessable like the current time.

Turning Secrets Into Keys

Encryption needs uniform, full-length keys, but the secrets we start with — a password, or the raw output of a key exchange — usually aren't in that shape. A key derivation function (KDF) bridges the gap. Two are used here:

  • PBKDF2 (Password-Based Key Derivation Function 2) — for deriving a key from a low-entropy secret like a password. Like bcrypt, it's deliberately slow (it repeats an inner hash many thousands of times) to resist guessing. NDEVR uses PBKDF2-HMAC-SHA256.
  • HKDF (HMAC-based KDF) — for deriving keys from a high-entropy secret that's already strong but not uniformly shaped, such as the shared secret produced by an ECDH key agreement. HKDF “extracts and expands” that secret into one or more clean keys. It doesn't need to be slow, because the input is already unguessable.

How NDEVR Uses Them

These one-way tools quietly hold the whole system together. NDEVR uses bcrypt to store account passwords safely; SHA-256 to generate deterministic encryption keys and to fingerprint session tokens at rest; PBKDF2 to derive a key from your password so your private key can be encrypted before it's stored; and HKDF inside ECIES to turn a key-agreement secret into a strong AES key. Together they're what let OWL keep your account secure without the server ever learning your password.

References & Further Reading