Hash Functions and Message

Digests
 Introduction
Hash Functions and Message Digests are cryptographic
tools used to ensure data integrity, authentication, and
security.
They take an input (or "message") and return a fixed-
size string of bytes, usually in a hexadecimal format,
which represents the "message digest" or "hash value."
These functions are widely used in data verification,
digital signatures, and password storage.
1. Hash Function:
A mathematical algorithm that transforms an arbitrary amount of
data (the input) into a fixed-size output (the hash value).
The same input always produces the same hash, but even a tiny
change in input produces a dramatically different hash (avalanche
effect).
Hash functions are one-way functions, meaning the original
data cannot be easily retrieved from the hash.
2. Message Digest:
The result or output of a hash function is called the "message
digest" or "hash value."
It's a condensed representation of the original data.
 Common Hash Algorithms:
MD5 (Message Digest Algorithm 5):

Hash Length: 128 bits (16 bytes).

Developed by: Ronald Rivest in 1991.

Purpose: Initially designed for use in digital signatures and data integrity checks.

Usage: Widely used in the past for checksums, file verification, and password storage.

Vulnerabilities: MD5 is now considered insecure due to vulnerabilities to collision attacks,

where different inputs can produce the same hash.

Example Use: Despite being deprecated for security purposes, MD5 is sometimes still used in non-
cryptographic applications, like checksums for files.

Example Hash (MD5 of "Hello"):

8b1a9953c4611296a827abf8c47804d7
 Common Hash Algorithms:
SHA-1 (Secure Hash Algorithm 1):
Hash Length: 160 bits (20 bytes).
Developed by: National Security Agency (NSA) in 1993.
Purpose: Originally designed for use in digital signatures, SSL certificates, and
cryptographic applications.
Usage: Once a standard for data integrity and authentication, especially in SSL/TLS and
PGP.
Vulnerabilities: SHA-1 is now considered weak and deprecated due to discovered
collision vulnerabilities. Researchers have demonstrated practical attacks, such as the
"SHAttered" attack, which generates two different PDFs with the same SHA-1 hash.
Example Use: Phased out for most cryptographic purposes but still found in legacy
systems.
Example Hash (SHA-1 of "Hello"):
f7c3bc1d808e04732adf679965ccc34ca7ae3441
 Common Hash Algorithms:
SHA-2 (Secure Hash Algorithm 2):
Hash Lengths: 224, 256, 384, and 512 bits.
Developed by: NSA in 2001 as an improvement on SHA-1.
Variants: The most commonly used are SHA-256 (256 bits) and SHA-512 (512
bits).
Usage: SHA-2 is widely adopted for cryptographic applications such as SSL/TLS,
digital signatures, Bitcoin, blockchain, and password hashing.
Security: Currently considered secure and resistant to known collision attacks.
Example Use: Used in modern encryption systems, password hashing, digital
certificates, and secure communication protocols.
Example Hash (SHA-256 of "Hello"):
185f8db32271fe25f561a6fc938b2e264306ec304eda518007d1764826381969
 Applications of Hash
Functions:
Data Integrity: Hash functions are used to verify the integrity of data by
ensuring that it has not been altered (e.g., file checksums).
Digital Signatures: Hashes are part of the process of creating and
verifying digital signatures in encryption systems like PGP and SSL/TLS.
Password Hashing: In password storage, raw passwords are not stored.
Instead, a hashed version of the password is saved, making it harder for
attackers to recover the original password if the database is compromised.
Blockchain: Hashing is fundamental to blockchain technology, as each
block contains the hash of the previous block, ensuring data integrity.
Checksums: Used for file verification to ensure that a file hasn’t been
corrupted during download or transfer.
 Salting
Purpose: Salting is used to strengthen hashed passwords by adding random data
(salt) to them before hashing, making them more resistant to attacks like rainbow
tables or brute-force attacks.
Unique Salt for Each Password: Each password gets a unique salt, ensuring that
even if two users have the same password, their hashed values will be different.
Prevention of Precomputed Attacks: Salting makes it harder for attackers to
use precomputed hash databases to crack passwords.
Stored with Hash: Salt values are typically stored along with the hashed
password, as they are needed for verification during login attempts.
Salting in Modern Security: Salting is essential for securely storing passwords in
modern systems, especially when combined with algorithms like bcrypt or PBKDF2,
which add additional layers of protection by iterating the hashing process multiple
times.
1. Encryption:
Reversible process using a key.
Used to protect data by converting it into unreadable ciphertext.
Symmetric and asymmetric encryption are common types.
Ideal for secure data transmission.
2. Hashing:
Irreversible process that converts data into a fixed-length hash
value.
Even a small change in data results in a completely different hash.
Common in password storage and integrity checks.
3. Salting:
Adds random data (salt) to passwords before hashing.
Helps defend against precomputed attacks like rainbow tables.
Each password gets a unique salt, making brute-force attacks more
difficult.