Introduction to Hash Functions

Hash functions are basic cryptographic algorithms used for verifying the integrity of information, safely storing passwords, checking software integrity, securing blockchain operations, and much more. If you use cryptocurrencies, secure apps, or a self-custody wallet to keep your assets in personal custody, there is probably at least one case of hashing being applied to your data. Download AliceBob Wallet today to access a convenient self-custody wallet that lets you control your crypto without compromising security.

Cryptography Basics: Who Are Alice and Bob?

In cryptography, Alice and Bob are used to represent participants in an exchange. Alice wants to send Bob a file, sign a message, or initiate a blockchain transaction. What does a hash function do? A hash function generates a short digital fingerprint of the data in question.

What Is a Hash Function?

A hash function takes input data and creates a digital fingerprint, known as a hash, hash value, or digest. The input can be anything from a word, a password, or a file to the contents of an entire blockchain block.

For example, Alice passes a document through a hash function and receives a sequence of characters and numbers that look like gibberish to her. She gives the document to Bob, who verifies whether it comes from her by running it through the same hash function and checking whether the output is identical.

Changing even a single character in the file leads to an entirely different hash value. Thus, hashing allows checking data integrity easily.

Properties of Hashing

What does a hash function need to accomplish to be considered good enough for cryptography? Let us start with some basic properties.

The output of a hash function is:

–   Deterministic: the same input generates the same hash;

–   Fast to calculate: systems need to generate hashes quickly, especially on networks and in blockchains;

–   Non-reversible: if Eve gets only the hash, she cannot reverse-engineer the original input using only the hash value;

–   Resistant to collisions: if two inputs generate the same hash, the system may encounter a security problem; finding such pairs should be impractical in well-designed cryptographic hash functions;

–   Very sensitive to input changes: just a single character added to the input produces a totally different output.

Process of Hashing

As we saw before, Alice uses hashing to prove that the document comes from her. How does this process happen?

First, Alice decides what data to hash.

Second, she passes the data through a hash function, which processes the data according to a specific mathematical structure.

Third, the hash function generates an output that always has the same size regardless of the size of the input data.

Finally, Alice and Bob can compare their hashes and decide whether the documents are the same.

Of course, the above procedure does not let Alice prove her identity. To achieve this, Alice would need to sign the document with her private key or apply some other method of proving authenticity.

Cryptographic Hash Functions

While regular hash functions provide certain benefits, cryptographic hash functions have special properties. First of all, they are resistant to attacks aimed at compromising data integrity and security. The following properties define the security of a hash function:

–   Pre-image resistance: if Eve knows only the hash, she cannot find the original input;

–   Second pre-image resistance: having one input in her possession, Eve cannot find another input that generates the same hash;

–   Collision resistance: Eve cannot find any two distinct inputs that generate the same hash.

Because of these characteristics, hashing has many applications, including blockchain validation, certificate management, software integrity, password storage, and secure communications.

The Avalanche Effect in Hashing

An avalanche effect describes the situation when the input of a hash function changes minimally, and the difference between outputs becomes huge.

Consider that Alice hashes a phrase, and she obtains a particular hash value. Then Alice tries to add or remove a letter or swap adjacent characters in the phrase. In this case, the resulting hash should look completely different.

Why is the avalanche effect useful? If Alice makes even one change to a signed message, Eve will immediately see that something is wrong. Moreover, the avalanche effect helps avoid patterns in hashes: slightly different messages cannot generate very similar hashes.

Popular Hashing Algorithms

Here is a brief overview of three popular hashing algorithms: SHA-256, MD5, and SHA-3.

SHA-256 is part of the SHA-2 family of hash functions. It produces 256-bit hashes and is widely used. According to NIST’s Secure Hash Standard, FIPS 180-4, SHA-256 is one of the algorithms that generate message digests used for detecting data modifications.

MD5 used to be quite widespread for generating checksums and verifying message integrity. However, this hash function is no longer considered secure for cryptographic use due to collision attacks. Despite that, some legacy systems still might employ MD5 hashing for some tasks.

SHA-3 is a newer hashing algorithm based on the Keccak algorithm. It is specified in NIST’s FIPS 202, alongside SHA-3 extendable-output functions. SHA-3 is helpful because its internal structure differs from that of SHA-2 hash functions.

Difference Between Hashing and Encryption

Both hashing and encryption involve mathematical algorithms, but the purpose of each of these techniques is quite different.

Encryption is intended to convert data into a form that can be decrypted by a person with access to a decryption key. For example, Alice can use a key to encrypt a message, and Bob can use the same key to decipher it.

On the other hand, a hash function converts the input data into a hash that is impossible to decode. If Bob gets a hash value from Alice, the best option is for him to generate the same hash by applying the same hash function to the input data.

The lack of a decryption key is precisely the reason why passwords should be hashed rather than encrypted for storage.

Role of Hashing in Blockchain and Cryptocurrencies

In blockchain systems, transactions are grouped in blocks. A typical block contains a hash of the previous block, creating a chain of blocks. If any part of a block is altered, the hash is different, and the block does not belong to the original blockchain anymore.

Transaction hashes are also used to track transactions. If Alice wants to transfer cryptocurrency to Bob, the transaction gets hashed, and the hash serves as an identifier.

In AliceBob Wallet, hashing is also involved in transactions verification and management. Self-custody wallets are part of a broader range of products involving cryptographic functions.

Proof of Work Mining and Hashing

One of the core mechanisms of cryptocurrency blockchains is proof of work, also referred to as PoW. This type of consensus protocol uses hashing to create new blocks by solving complex mathematical problems.

In PoW blockchains, miners attempt to guess values to generate a block hash with a specific property, such as starting with zeros. As soon as one miner guesses the appropriate values, he announces his solution, and the network confirms it.

Thus, the proof of work mining relies heavily on hash functions. In addition, block hashing is a way to prove the integrity of the blockchain.

Password Hashing: Argon2, bcrypt, scrypt

While regular hash functions like SHA-256 or MD5 are used in various applications, passwords require special attention. For example, a user may choose to use the same password in multiple websites’ registration forms. Therefore, password hashing needs some additional features compared to usual hashing functions.

The primary feature of a good password hashing algorithm is slowness. In particular, if Eve steals a password database, he can try to guess passwords, and a faster hash function makes this process easier.

Currently, Argon2, bcrypt, and scrypt are among the most recommended hashing functions for passwords.

According to OWASP guidelines, Argon2id, bcrypt, and scrypt can serve as password hashing algorithms. Passwords need to have appropriate salt values and work factors.

The Importance of Proper Password Hashing Choice

Choosing the right password hashing function is crucial for an organization’s security.

A poorly selected hashing algorithm leaves an organization vulnerable to attacks. For example, a hacker may obtain many password hashes from a compromised database and then spend some time trying to guess the passwords.

On the contrary, if a good algorithm with appropriate settings was used, attackers will need more resources and time to crack hashes. Thus, hashing helps improve password security.

However, security teams still need to evaluate password hashing schemes regularly to adapt to technological advances.

Why Alice and Bob Need Strong Passwords

It is important for users to realize the importance of password strength and safety. To stay protected, users should:

–   Avoid writing down passwords;

–   Change passwords regularly;

–   Choose strong, unique passwords;

–   Use multi-factor authentication whenever possible.

Future of Hashing: Quantum Computers

While hashing will still play a vital role in cryptography, security needs will evolve further. One such need will come from the emergence of quantum computers that may impact cryptographic functions.

While most quantum computing experts doubt the immediate threat posed to cryptography, quantum computers may undermine security guarantees provided by many currently used algorithms, including RSA and elliptic curve-based functions.

Thus, while the risk seems low now, organizations should prepare for potential problems. NIST published its first finalized post-quantum cryptographic standards in February 2024.

While quantum-resistant hash functions are not the focus of the mentioned NIST publications, organizations should pay extra attention to hash function security margins in the near future.

To mitigate risks, systems can start using hash functions with higher output sizes. In addition, systems may need to implement crypto-agility to allow switching algorithms in the future.

FAQs About Hashing

What is a hash function?

Hash functions take input data and convert it into a fixed-size hash or digest. Cryptographic hash functions are intended for providing security by making reversing and tampering impossible.

What is hashing used for?

Hashing is used for ensuring data integrity, storing passwords securely, validating software downloads, linking blocks in blockchains, and much more.

Is hashing the same as encryption?

No, these techniques have different purposes. Encryption requires keys for reversing the operation, while hashing cannot be reversed using hash values.

Can you reverse a hash?

No. Even in theory, a good hash function provides little chances for reversing hashes into plain input data. However, attackers can try guessing plaintext using brute force.

Why is blockchain hashing necessary?

Blockchain uses hash functions to link blocks together, identify transactions, create proofs of work, and detect alterations in data.

Is SHA-256 secure?

This hashing algorithm is still popular, but users need to ensure they select the appropriate parameters and use it for a reasonable task.

Is MD5 hashing safe?

This hash function was deprecated long ago. It should not be used in any security-related tasks.

Which is the best password hashing algorithm?

There is no absolute answer to this question. However, Argon2id, bcrypt, and scrypt can serve as excellent options.