Cryptography

Introduction to Hash Functions

November 23, 2020 by Nitesh Malviya

Hash Functions

Hash functions are most commonly used mathematical functions in cryptography for implementing security. A Hash function converts an input value of any arbitrary size to fixed-size value. Thus, the input can be of any length but the output generated is always of a fixed length. The output generated is called hash values or hashes. 

One more important thing to be noted is Hash Functions and Cryptography are altogether totally different from each other. Encryption is a two way function i.e. encrypted data needs to be decrypted using a private key, thus they are reversible. Hashing or hash functions are one way functions i.e. hashes cannot be reversed. Thus, hashing is faster than cryptography.

Most common use of hashing is password checking. When the user enters the password, the hash of the password is generated and compared with the hash in the database. If both the hashes are the same then the user is allowed to login else the user needs to enter the password again.

Popular Hash Functions

Following are the widely used Hash functions – 

1) MD – It stands for Message Digest. It can be MD2, MD4, MD5 and MD6. MD is a 128 bit Hash function.

2) SHA – It stands for Secure Hash Algorithm. It can be SHA-0, SHA-1, SHA-2 and SHA-3. SHA-224, SHA-256, SHA-384, and SHA-512 are variants of the SHA-2 family.

3) RIPEMD – It stands for RACE Integrity Primitives Evaluation Message Digest. RIPEMD, RIPEMD-128, and RIPEMD-160 are widely used. 256 and 320-bit versions of this algorithm also exist.

4) Whirlpool – Whirlpool is 512 bit hash function and a modified version of AES. WHIRLPOOL-0, WHIRLPOOL-T, and WHIRLPOOL are three versions of Whirlpool.

Properties of Hash Functions

An ideal hash function is desired to possess the following properties to be effective from various attacks from attackers. They are as follows – 

  1. Pre-Image Resistance
    • Pre-Image Resistance means that the hash function could not be reversed.
    • In simple words, if any hash function “a” produces a hash value “c”, then it should be very difficult to find any input value “b” that hashes to “c”.
    • This property makes it impossible for an attacker who has a hash value and is trying to find the input.

     2) Second Pre-Image Resistance

    • Second Pre-Image Resistance means for any input and its hash value, it should be very difficult to find a different input generating the same hash.
    • In simple words, if any hash function for an input “a” produces a hash value h(a), then it should be hard to find any other input value “b” such that h(b) = h(a).

     3) Collision Resistance

    • Collision Resistance means it should be very difficult to find two different inputs of any length which produces the same hash. This property is also known as collision free hash function. This property prevents a widely known attack called hash collision attack.
    • In simple words, for a given hash function h, it is very difficult to find any two inputs x and y so h(x) = h(y).
    • This collision free property confirms that these collisions should be hard to find for a given hash function.
    • Also, it is this property that makes it hard for an attacker to find two input values generating the same hash.

Hash Functions Application

Following are the fields where Hash function is widely used –

  1. Cryptocurrency
  2. Password Verification for Authentication 
  3. Data and File Integrity Check
  4. Digital Signature

 

Sources

  1. https://www.geeksforgeeks.org/what-are-hash-functions-and-how-to-choose-a-good-hash-function/  
  2. https://www.tutorialspoint.com/cryptography/cryptography_hash_functions.htm 
  3. https://www.includehelp.com/cryptography/applications-of-hash-function.aspx 
  4. https://www.investopedia.com/news/cryptographic-hash-functions/ 

 

Posted: November 23, 2020
Articles Author
Nitesh Malviya
View Profile

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog – https://nitmalviya03.wordpress.com/ and Linkedin – https://www.linkedin.com/in/nitmalviya03/.