Skip to main content
Version: Next

Hashing algorithms

  • Also known as one-way functions, hash functions or message-digest-functions
  • Calculates unique fixed-size representation of a block of information.
  • Cannot be reversed.
  • πŸ“ Used for
    • integrity e.g. when downloading a file in internet, you can compare downloaded files hash with hash given on the website to ensure the right file is downloaded
    • storing passwords in a database by e.g. operating systems
  • Checksum
    • Number created by a message digest.

Collision resistance​

Hash functions​

MD5​

  • πŸ“ Most popular message digest algorithm.
  • Takes any length of input and produces a 128-bit hash
  • Considered very insecure as it is easy to reverse with current processing power
  • Still used commonly in integrity checking e.g. file download verification

SHA​

  • Secure Hashing Algorithms
  • πŸ“ Generates a cryptographically secure message digest.
  • Published by NIST (National Institute of Standards and Technology)
  • Generations
    • SHA-0
      • Withdrawn shortly after publication due to a flaw and replaced with revised SHA-1
    • πŸ“ SHA-1
      • Produces 160-bit digests
      • Designated by NSA
    • SHA-2
      • Primarily SHA-256 (32-bit block words), SHA-512 (64-bit block words)
      • Truncated versions: SHA-224, SHA-384, SHA-512/224 and SHA-512/256
      • Designated by NSA
    • SHA-3
      • Chosen after competition by non-NSA designers
      • Supports same hash lengths as SHA-2
      • Internal structure differs significantly from the rest of the SHA family.

RIPEMD (RACE Integrity Primitives Evaluation Message Digest)​

  • 160-bit hash algorithm
  • Working through 80 stages made up of 6 blocks that executes 16 times each
  • Using modulo 32 addition

HMAC​

  • Expands either as
    • Keyed-hash message authentication code
    • Hash-based message authentication code
  • Uses a combination of a cryptographic key and hash function such as SHA-1 or MD5.
  • Used for authentication and integrity checks.
  • E.g. HMAC_SHA256("key", "The quick brown fox jumps over the lazy dog") = f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
  • Uses keyed hashing to generate hashed-based MACs (HMAC).
    • Involves hashing a message with a β€’ hash function and β€’ a secret key.
    • Message authentication codes (MACs)
      • Cryptographic checksums
      • Used to detect when an attacker has tampered with a message
    • Keyed hashing vs salted hashes
      • Keyed hashing is against tampering, hash salting is against brute-force attacks.
      • Salts are not assumed to be secret but keys are.
  • HMAC can provide digital signatures without PKI infrastructure
    • Delegates the key exchange to the communicating parties
    • Parties are responsible for establishing and using a trusted channel to agree on the key prior to communication

Hash function attacks​

Hash function attack countermeasures​

Salted hash​

  • πŸ“ Hash is used with salt (collection of random bits) to obscure the hash.
  • Goal is to increase protection against dictionary and brute-force attacks.
  • Usually the salt is stored along with the hash of e.g. password.
  • See also Password cracking countermeasures

Key stretching​

  • Converting a key (e.g. password) to a longer and more random key to e.g. use as encryption.
  • Makes encryption stronger as it increases the time and resources for brute-force attacks.
  • Usually done by re-hashing multiple (e.g. a few million) times
  • E.g. using slow key derivation functions such as PBKDF2