This cryptographic tool aids secure authentication and ensures data message integrity across digital channels heres what to know about what a hash function is and how it works
Whats four letters and is both a tasty breakfast item as well as a plant with pointy leaves? If you guessed hash, then youre right! But hash has another meaning as well that relates to cryptography, and thats what were going to discuss here.
A hash function is a serious mathematical process that holds a critical role in public key cryptography. Why? Because its what helps you to:
You can find hash functions in use just about everywhere from signing the software applications you use on your phone to securing the website connections you use to transmit sensitive information online. But what is a hash function in cryptography? What does it do exactly to help you protect your businesss data? And how does hashing work?
Lets hash it out.
A term like hash function can mean several things to different people depending on the context. For hash functions in cryptography, the definition is a bit more straightforward. A hash function is a unique identifier for any given piece of content. Its also a process that takes plaintext data of any size and converts it into a unique ciphertext of a specific length.
The first part of the definition tells you that no two pieces of content will have the same hash digest, and if the content changes, the hash digest changes as well. Basically, hashing is a way to ensure that any data you send reaches your recipient in the same condition that it left you, completely intact and unaltered.
But, wait, doesnt that sound a lot like encryption? Sure, theyre similar, but encryption and hashing are not the same thing. Theyre two separate cryptographic functions that aid in facilitating secure, legitimate communications. So, if you hear someone talking about decrypting a hash value, then you know they dont know what theyre talking about because, well, hashes arent encrypted in the first place.
Well speak more to the difference between these two processes a little later. But for now, lets stick with the topic of hashing. So, what does hashing look like?
A simple illustration of what a hash function does by taking a plaintext data input and using a mathematical algorithm to generate an unreadable output.
Looks simple enough, right? But what happens under the surface of the hash function is where things get a lot more interesting (and complicated). Heres a great video that helps to break hash functions down:
So, how do you define a hash in a more technical sense? A hash function is a versatile one-way cryptographic algorithm that maps an input of any size to a unique output of a fixed length of bits. The resulting output, which is known as a hash digest, hash value, or hash code, is the resulting unique identifier we mentioned earlier.
So, why do we call it a one-way function? Frankly, its because of the computing power, time, and cost it would take to brute force it. Trying every possible combination leading to a hash value is entirely impractical. So, for all intents and purposes, a hash function is a one-way function.
When you hash data, the resulting digest is typically smaller than the input that it started with. (Probably the exception here is when youre hashing passwords.) With hashing, it doesnt matter if you have a one-sentence message or an entire book the result will still be a fixed-length chunk of bits (1s and 0s). This prevents unintended parties from figuring out how big (or small) the original input message was.
Hash functions are primarily used for authentication but also have other uses.
So, what makes for a strong hashing algorithm? There are a few key traits that all good ones share:
One purpose of a hash function in cryptography is to take a plaintext input and generate a hashed value output of a specific size in a way that cant be reversed. But they do more than that from a 10,000-foot perspective. You see, hash functions tend to wear a few hats in the world of cryptography. In a nutshell, strong hash functions:
Hash functions are a way to ensure data integrity in public key cryptography. What I mean by that is that hash functions serve as a check-sum, or a way for someone to identify whether data has been tampered with after its been signed. It also serves as a means of identity verification.
For example, lets say youve logged on to public Wi-Fi to send me an email. (Dont do that, by the way. Its very insecure.) So, you write out the message, sign it using your digital certificate, and send it on its way across the internet. This is what you might call prime man-in-the-middle attack territory meaning that someone could easily intercept your message (again, because public wireless networks are notoriously insecure) and modify it to suit their evil purposes.
So, now I receive the message and I want to know its legitimate. What I can do then is use the hash value your digital signature provides (along with the algorithm it tells me you used) to re-generate the hash myself to verify whether the hash value I create matches the one you sent. If it matches, great, it means that no one has messed with it. But if it doesnt well, metaphoric klaxons sound, red flags go up, and I know to not trust it.
Even if something tiny changed in a message you capitalize a letter instead of using one thats lowercase, or you swap an exclamation mark where there was a period its going to result in the generation of an entirely new hash value. But thats the whole idea here no matter how big or small a change, the difference in hash values will tell you that it isnt legitimate.
One of the best aspects of a cryptographic hash function is that it helps you to ensure data integrity. But if you apply a hash to data, does it mean that the message cant be altered? No. But what it does is inform the message recipient that the message has been changed. Thats because even the smallest of changes to a message will result in the creation of an entirely new hash value.
Think of hashing kind of like you would a smoke alarm. While a smoke alarm doesnt stop a fire from starting, it does let you know that theres danger before its too late.
Nowadays, many websites allow you to store your passwords so you dont have to remember them every time you want to log in. But storing plaintext passwords like that in a public-facing server would be dangerous because it leaves that information vulnerable to cybercriminals. So, what websites typically do is hash passwords to generate hash values, which is what they store instead.
But password hashes on their own isnt enough to protect you against certain types of attacks, including brute force attacks. This is why you first need to add a salt. A salt is a unique, random number thats applied to plaintext passwords before theyre hashed. This provides an additional layer of security and can protect passwords from password cracking methods like rainbow table attacks. (Keep an eye out for our future article on rainbow tables in the next few weeks.)
Its also important to note that hash functions arent one-size-fits-all tools. As we mentioned earlier, different hash functions serve different purposes depending on their design and hash speeds. They work at different operational speeds some are faster while others are much slower. These speeds can aid or impede the security of a hashing algorithm depending on how youre using it. So, some fall under the umbrella of secure hashing algorithms while others do not.
An example of where youd want to use a fast hashing algorithm is when establishing secure connections to websites. This is an example of when having a faster speed matters because it helps to provide a better user experience. However, if you were trying to enable your websites to store passwords for your customers, then youd definitely want to use a slow hashing algorithm. At scale, this would require a password-cracking attack (such as brute force) that takes up more time and computing resources for cybercriminals. You dont want to make it easy for them, right?
But where do you find hash functions? Look no further than the technology surrounding you. Hashing is useful for everything from signing new software and verifying digital signatures to securing the website connections in your computer and mobile web browsers. Its also great for indexing and retrieving items in online databases. For example, hashing is used for verifying:
Hash functions can be found throughout public key cryptography. For example, youll find hash functions are facilitated through the use of:
Manage Digital Certificates like a Boss
14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.
When you hash a message, you take a string of data of any size as your input, run it through a mathematical algorithm that results in the generation of an output of a fixed length.
In some methods of hashing, that original data input is broken up into smaller blocks of equal size. If there isnt enough data in any of the blocks for it to be the same size, then padding (1s and 0s) can be used to fill it out. Then those individual blocks of data are run through a hashing algorithm and result in an output of a hash value. The process looks something like this:
Of course, this process would look a bit different if you were hashing passwords for storage in an online server. That process would involve the use of a salt. Basically, youd add a unique, random value to the message before running it through the hashing algorithm. By even just adding a single character, then you get an entirely new hash value at the end of the process.
Okay, now that we know what a hash function is and what it does in a theoretical context, lets consider how it works logistically with a few examples. Lets say you have the following riddle from Gollum in The Hobbit as your input:
It cannot be seen, cannot be felt,Cannot be heard, cannot be smelt.It lies behind stars and under hills,And empty holes it fills.It comes out first and follows after,Ends life, kills laughter.
No, Im not going to give you the answer to the riddle if you havent already figured it out. But if you were to run that riddle through a SHA-256 hashing algorithm, the resulting output would look like this on your screen:
49FCA16A2271B34066DAA46492C226C4D4F61D56452A1E1A01A3201B234509A2
And here is an illustration that shows how we get from A to B:
What if you also decide to hash a smaller message? Say, for example, The Lord of the Rings. Then your output would look the same in terms of size (as shown below) so long as you use the same hashing algorithm:
01912B8E8425CFF006F430C15DBC4991F1799401F7B6BEB0633E56529FE148B9
Thats because both example strings are 256 bits, which display on your screen as 64 hexadecimal characters per string. No matter how large or how small the message, its always going to return an output that is the same size. Remember, hash algorithms are deterministic, so this means that they always result in the same size output regardless of the size of the input.
Now, if you were to take the same six-line riddle input and run it through an MD5 hash function, then youd wind up with a hash value that looks something like this instead:
B53CE8A3139752B10AAE878A15216598
As you can see, the output is quite a bit shorter. Thats because MD5 gives you a hash digest thats only 32 hexadecimal characters long. Its literally half the size of the digests that result from a SHA-256 hashing algorithm. But every time you run an MD5 hashing algorithm on a plaintext message, the resulting output will be the same size.
What if you decided to run the riddle through a SHA-512 hashing algorithm? Then we go to the opposite end of the spectrum in terms of length and your digest would look something like this (a 512-bit hexadecimal string):
6DC1AAE5D80E8F72E5AF3E88A5C0FA8A71604739D4C0618182303EEEB1F02A0DBA319987D5B5F717E771B9DA1EAD7F3F92DC8BA48C064D41DD790D69D7D98B44
But arent hashing and encryption the same thing? Nope. Yes, theyre both cryptography functions that use algorithms as a part of their processes. But thats just about where the similarities end. We covered the differences between hashing and encryption in another article, so we arent going to rehash all of that here.
As you now know, a hash function is a one-way function. The idea is that you can use it to convert readable plaintext data into an unreadable hexadecimal string of digits but not the other way around. Encryption, on the other hand, is known as a two-way function. Thats because the whole point of being able to encrypt something is to prevent unauthorized or unintended parties from accessing the data. So, you encrypt data so that it can only be decrypted by the person who has the key.
Okay, we now know what hash functions are and how hashing algorithms work. Now its time to learn what some of the most common hash algorithms are. NIST provides guidance on hash functions as do several Federal Information Processing Standards (FIPS).
A few examples of common hashing algorithms include:
Other examples of hash algorithms includeBLAKE 2 and BLAKE 3, RIPEMD-160, and WHIRLPOOL, among others.
Theres a lot to know about hash functions and hashing in general. What they are, what they do, how they operate, and where youll find them in use in computer communications and technologies.
Go here to see the original:
What Is a Hash Function in Cryptography? A Beginner's Guide - Hashed Out by The SSL Store - Hashed Out by The SSL Store
