I apologize if this is not the right place for this question … I did not want to ask in Stackoverflow or CodeReview, since it will be closed in minutes as "too broad".
A client of mine is writing an API that takes a piece of personally identifiable information as the parameter in the URL, and has requested that the value be marked with SHA512.
Normally, when I deal with anything that involves personal information in this way, code using a shared private key … but I'm very confused about the whole idea of hashing.
My understanding of hashing was effectively …
- Take the input value and create a hash from it.
- When checking the value, create a hash from the new input value and compare them
What I am struggling to understand (and I do not want to ask the client and show my ignorance) is how Does the client take the hash value and convert it back to the original input value?
And, in particular, if the client can convert the hash back to the original entry, what prevents someone else from doing it?
And if other people can convert it again, what is the hashed point in the first place?