I have to synchronise small sets of data between two or more systems over an ins
ID: 656793 • Letter: I
Question
I have to synchronise small sets of data between two or more systems over an insecure network. First I have to check that the other system has the same unique identification information for the data set, but without giving away the identification data if it doesn't. The unique identification strings are between 12 and 40 bytes long. I am thinking of using a one-way hash to individually hash a group of unique identifiers, send that to the remote system and have the remote system use the same hash salt to hash the same identification data from its datasets (it will have in the order of 1000 sets), compare the received hashes with its computed hashes and send back the identifiers that match (encrypted but not hashed). An obvious requirement is a very low risk of a hash collision to prevent data leakage in either direction.
What is the best hash algorithm to use for this? Is it OK to send the hash salt with the hashed data? Can I use one salt for several identifiers, or do I need to have a unique salt for each identifier?
Explanation / Answer
personally I would just use SSH with public/private keys for a job like this. that employs an mechanism to not send over any identifying features (excluding hostname and possibly username, not sure on that) and is easy to setup, and easy to use.
any of the SHA algorithms would fit the bill, its 'better' to not send over the salt with the data (separated channel would be sufficient) and as for 1 or more salts, that depends on how secret much your information be kept.