Here is a crypto version of “Selling It,” a long-running back-page column in the magazine Consumer Reports. For those unsure of the acronyms, “SHA-256” stands for a version of the Secure Hash Algorithm yielding a 256-bit output. SHA is not encryption. People have used hash algorithms for encryption, but the results are poor.
“Selling It” highlights awkward, ignorant, and contradictory advertisements. Typical examples are a cleaning company ad offering “Roof blown off for free” and a wine bottle whose price tag says “Machine Washable.”
The basic way to encrypt with a hash is to create a stream cipher. The hash generates the key stream: each time you need more bits, you hash the previous hash output. This approach was used in some older software; you can attack it with a bit of known plaintext. We can block the obvious attack, but it’s like putting lipstick on a pig.