📌
Software Security
  • README
  • Prerequisites
    • Prerequisites
  • Introduction
    • Cyber security principles
    • Basic web concepts
      • HTTP
      • JavaScript
      • Cookies
      • SQL
      • DOM
      • APIs and the multitier architecture
    • Basic browser security concepts
      • Same-Origin Policy (SOP)
      • Cross-Origin Resource Sharing (CORS)
      • Cookies
      • Tracking
    • Basic security concepts
      • Hashing
  • Access Control: Basics
    • Authentication
      • Passwords
      • Password managers
      • Attacking passwords - online
      • Attacking passwords - offline
    • Authorization
      • Insecure direct object references
    • Session Management
    • CSRF
      • CSRF: why & how it works
      • Protecting against CSRF attacks
    • SSRF
      • SSRF: how it works and how we can protect against it
  • Access Control: Advanced
    • Authentication
      • Federation
      • Alternative authentication mechanisms
      • FIDO2 and WebAuthn
  • Injection attacks
    • Injection attacks
    • SQL Injection
    • Command Injection
    • Cross-site scripting
      • Input validation
      • Context sensitive output encoding
      • About the HttpOnly flag
      • Content Security Policy
    • Subresource integrity
    • Sandboxing
  • HTTPS
    • HTTPS
    • Introduction to cryptography
    • PKI
    • Setting up HTTPS
    • References
  • HTTP Headers for security
    • HTTP Headers
  • Threat Modeling
    • Threat modeling introduction
    • Threat modeling basics
    • Inspiration for threats
  • Bringing it all together
    • A comprehensive overview of controls
Powered by GitBook
On this page
  • Hashes
  • Examples
  • Properties
  • Source attribution

Was this helpful?

  1. Introduction
  2. Basic security concepts

Hashing

PreviousBasic security conceptsNextAuthentication

Last updated 3 years ago

Was this helpful?

Hashes

A cryptographic hash function (CHF) is a mathematical algorithm that maps data of arbitrary size (often called the "message") to a bit string of a fixed size (the "hash value", "hash", or "message digest") and is a one-way function, that is, a function which is practically infeasible to invert.

Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match (or use a rainbow table of matched hashes).

The ideal cryptographic hash function has the following main properties:

  • it is deterministic, meaning that the same message always results in the same hash

  • it is quick to compute the hash value for any given message

  • it is infeasible to generate a message that yields a given hash value

  • it is infeasible to find two different messages with the same hash value

  • a small change to a message should change the hash value so extensively that the new hash value appears uncorrelated with the old hash value (avalanche effect)

Examples

  • The SHA-256 hash of 'Artesis Plantijn' is b2391de099591f09f4f4f5654fe4c4e55201e8af3027e62186698c9e45a7846c

  • The SHA-256 hash of 'Artesis Plantijk' is 4cddeee07650864a4fb27c146e5b20f8d5a14735a14fe3e7aab2c2822813d39d

Properties

A cryptographic hash function must be able to withstand all known types of cryptanalytic attack. In theoretical cryptography, the security level of a cryptographic hash function has been defined using the following properties:

  • Pre-image resistance: Given a hash value b2391de099591f09f4f4f5654fe4c4e55201e8af3027e62186698c9e45a7846c it should be difficult to find the message Artesis Plantijn. This concept is related to that of a one-way function. Functions that lack this property are vulnerable to preimage attacks.

  • Second pre-image resistance: Given a message Artesis Plantijn, it should be difficult to find a different message such that hash(Artesis Plantijn) = hash(<different message>) Functions that lack this property are vulnerable to second-preimage attacks.

  • Collision resistance: It should be difficult to find two different messages m1 and m2 such that hash(m1) = hash(m2) Such a pair is called a cryptographic hash collision.

Weak hashing functions such as MD5 and SHA1 have been proved vulnerable to collision attacks, and sometimes even to second pre-image attacks. Currently, the guideline is to use SHA256 or higher.

Source attribution

Some parts of this page are based on by Wikipedia, which is licensed under .

SHA256Sum of the Kali Linux installer
Cryptographic hash function
CC-BY-SA 3