Blockchain FAQ #2: What is a Cryptographic hash function?
A hash function is a mathematical algorithm used in contemporary computing technology to map data of arbitrary size to data of fixed size. Hash functions can be of many types, with distinct usages. Consider an example where you have downloaded Firefox browser, from a website other than that of Mozilla’s. You will need to be sure that you have downloaded the correct version, and to do that, you can use a ‘checksum calculator’. ‘Checksum’ is a hash function, using which you calculate a checksum for the version you have downloaded, and compare that with the checksum published on Mozilla’s website. If both are equal, you can be sure that you have downloaded the desired version.
What is cryptographic hash function?
It’s a kind of hash function with characteristics suitable for use in cryptography. The input data is called the ‘message’, and the output, which is the hash value or the hash, is called the ‘message digest’ or ‘digest’. Hash is also known as checksum. The distinguishing characteristics of cryptographic hash function are following:
- Cryptographic hash function is deterministic, i.e. if the message is the same, it will always produce the same hash value irrespective of number of times the algorithm is executed.
- Computing the hash value from a message is very quick.
- Unless one tries out all possible messages, it isn’t possible to generate the message from the hash value. We will see later how good cryptographic hash functions make the number of possible messages a really large one, making it impossible to generate the message from the hash using available computing technology.
- Even a very small change to the message will create a completely different hash value, the new hash value will look completely unrelated to the old one.
- It’s nearly impossible to find two messages with the same hash value.
How does cryptographic hash functions help in information security?
We will answer this question with analysis of where cryptographic hash functions may fail to secure your information, and how to overcome such drawbacks, in a step-by-step manner.
Let’s consider an example of setting a good, strong password for an online account. Assume you have set ‘abcde’ as the password. The cryptographic hash function will convert it into a hash, i.e. checksum.
If a cyber attacker can crack the message, which is ‘abcde’ in this instance, from the checksum value, then it’s not really a strong password. We had mentioned how a good cryptographic hash function shouldn’t allow generating the message from the hash. Technically, the hacker will not actually have to generate the message at all in this instance. He can use a ‘rainbow table’, i.e. a table that stores thousands, millions, or even billions of messages and their corresponding checksum value. The password ‘abcde’ can be easily found in the rainbow table, and hence the attacker can hack your online account easily.
However, no rainbow table can hold all possible checksum values. Hence, if you set a password ‘a1b@c3d$E5f6G&’, or something as hard to guess as that, likelihood is that the checksum value won’t be stored in the rainbow table.
The attack in the above-mentioned example is called a ‘dictionary attack’, where the hacker went through a large list of possible checksum values, and guessed your password. The harder it is to guess your password, the lesser the likelihood of the checksum value being found in a rainbow table. To avoid this type of attacks, simply set a password that’s hard to guess, with many alphabets with upper and lower case mixed up, digits, and special characters.
However, there can be inherent risks in a cryptographic hash function, and we will look at one called ‘collision’. Although a cryptographic hash function shouldn’t produce the same checksum for two different messages, it can sometimes happen, and this occurrence is called a collision. The reason is that the cryptographic hash function always produces a fixed length checksum, irrespective of the length of message. If MD5, a cryptographic hash function, is used, the length of the hash will always be 32 characters. Hence, there is a finite number of checksums that can be created, limited by the length of 32 characters, and a collision can happen. In this case, the attacker can stumble upon a checksum for a different message, and accidentally can crack your message.
The way to avoid collision is to use cryptographic hash functions that generate higher-length value, for e.g. SHA-1 function that generates 40-character checksums, or even better, SHA-2 function that generates 128-character checksums. Higher number of characters in checksum reduces likelihood of collision.
When you pre-empt the use of a rainbow table with your choice of message, and use cryptographic hash functions with high character limit, you are leaving only one choice to the cyber attacker, and that’s using brute force of immense computing power, to try out numbers one after the other, to crack the message. Since today’s computing technology has limits to how fast it can process extremely large numbers, cryptographic hash functions can protect your password or other important information.
Consequently, cryptographic hash functions are used widely in information security applications, for e.g.:
- Digital signatures;
- Message authentication codes (MACs);
- Various forms of authentication.
They can also be used for other purposes, for e.g. to:
- Detect duplicate data;
- Uniquely identify files;
- Detect accidental corruption of data.
______________
Learn more about edChain: An open-source, decentralized library that enables sharing of educational content across apps and organizations. The system allows full attribution to content creator. Their Stellar blockchain platform facilitates governing the relationship and payment transactions between service provider and consumer with smart contracts.
We’ve just launched the edChain Telegram to channel before our ICO Pre-sale. Join to learn more about how we are about to democratize education and how you can earn some edcoin. https://t.me/edChain_io
