Hashing Algorithms
Technology has ushered into a new era in which low-cost communication between humans and computers is the norm. This Widespread implementation of communication services requires some way of validating and authenticating users. Hash functions are the most common method for establishing these Data transfers. Hash functions today have an integral part of the hyper-connected internet world, defending against many cyber threats daily.
Let’s look at a familiar example. When you create a password for a website account, the password is not saved in the database as it is. It is first encrypted using a cryptographic hash function, and the resulting hash is then stored in the database. When a user attempts to log in to your account again, the entered password is hashed, and the resulting encrypted data is compared to your password. If a match is found, the system provides the specified user access to your account.
What is hashing?
Hashing is a method of cryptography that converts any form of data into a unique string of text. Any piece of data can be hashed, no matter its size or type.
Cryptographic Hash function
A cryptographic hash function (CHF) is a mathematical function that maps arbitrary-sized data to fixed-size values. It is generally intended to be a one-way function. Put another way, you can put data into a hash function and get a unique string, but you can’t decrypt a hash string back to the original data it represents. Furthermore, the hash function is designed so that it always produces the same hash for unique data.
For a hash function to be cryptographically secure, it must be resistant to the following three attacks:
Pre-image attacks: Given the result of a hash function x = hash(m), finding a message m1 such that hash(m1) = x must be practically hard. This is another way of stating that the hash function must be one-way.
Pre-image resistance: Given a message m1, finding a message m2 such that hash(m1) = hash(m2) must be virtually difficult.
Collision resistance: Finding two hash functions resulting in the same hash value should be difficult. It’s worth noting that, unlike the pre-image attack, we can change both m1 and m2.
Unfortunately, a hash function can’t be totally secure against these attacks. Even for a flawless one-way function, there will be infinitely many inputs that yield a particular output as the output of a hash function is of fixed length. The goal of a cryptographic hash function is to have algorithms that make the following difficulties “sufficiently” difficult, provided an attacker has sufficient computing power.
Working with Hashing Algorithms
There are many hashing algorithms; however, some are more commonly employed than others. MD5, SHA-1, SHA-2, NTLM, and SHA3 are some common hashing algorithms.
Let’s take a look at the SHA1 hashing algorithm to see how things work in the real world. SHA stands for the secure hash algorithm (which is interesting given that it has just kind of been broken). SHA1 was developed by the NSA and released and published in 1995
SHA1 accepts messages in blocks of 512-bit length and outputs a 160-bit value.The SHA1 algorithm starts with an internal state which is 160-bit long divided into five words of 32-bit length, known as H values. We copy these H values into A, B, C, D, and E and perform several rounds of the SHA1 compression function on every bit of our 512-bit message .The compression function combines and shuffles the bits of A B C D E with our message and return new ABCDE values. In the end we add these new values with our original H values and output the hash.
The below Diagram describes SHA1 algorithm -
Here H0 H1 H2 H3 H4 are the internal states.
We can extend the above algorithm on a string of arbitrary length by executing the algorithm on message in blocks of 512-bits and adding are H values on each turn.
Now, if our message is not a multiple of 512 bits we have to do some padding. The padding scheme is described below.
This padding system ensures that messages of the same length and finish in the same or very similar ways do not share the same padding.
This updating of the internal state with a compression function, in essence, is called a Merkle–Damgård construction. Essentially,if your compression function is good and has excellent pseudo-random characteristics; then, your SHA1 algorithm is good as well.
Applications of hashing Algorithms
Verifying the integrity of messages and files
Comparing message digests (hash digests over the message) calculated before and after transmission can determine whether changes have been made to the message or file.
MD5, SHA-1, or SHA-2 hash digests are sometimes published on websites or forums to verify the integrity of downloaded files, including files retrieved using file sharing such as mirroring.
Password verification
The passwords in a site’s database are stored in the form of a hash. To authenticate a user, the password entered by the user is hashed and compared with the stored hash.
Identifying malwares
Hashing is a common method used to identify malware uniquely. The malicious software is run through a hashing program that produces a unique hash that identifies that malware (a sort of fingerprint). The Message-Digest Algorithm 5 (MD5) hash function is most commonly used for malware analysis, though the Secure Hash Algorithm 1 (SHA-1) is also popular.
Proof of work in blockchain
Proof of work is a concept used by Bitcoin and other blockchains. It’s critical for those technologies to be able to demonstrate that they’ve invested a specific amount of computational power on an issue. It must be difficult to solve the problem, yet simple to create problem instances. Using a cryptographic hash function and asking for an input that generates a hash result with a specific pattern is typical for proof of work. The more confined this pattern is, the more difficult this assignment becomes to complete.
Conclusion
The hashing algorithms are crucial to the security of today’s information technology systems because they act as an access barrier for cyber attackers. A strong Cryptographic Hash Function is necessary to withstand any significant threat that might compromise the entire security system. As a result, the global cybersecurity industry must devise new ways to resist this danger by using more robust and more innovative technologies. In the latest wave of blockchain technology, hashing algorithms are now frequently employed.
Dive further into the world of Cryptography
About me :)
I am Shreyansh Saxena, 2nd-year B.Tech IT student at IIIT Allahabad, Member, Cyber Security Wing, at Geekhaven IIIT Allahabad.
Reach me at LinkedIn
Happy Hacking !!!