Skip to main content

Cryptographic Hash Functions

A cryptographic hash function is a special class of hash function that has certain properties which make it suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash) and is designed to be a one-way function, that is, a function which is infeasible to invert. The only way to recreate the input data from an ideal cryptographic hash function's output is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes.Bruce Schneier has called one-way hash functions "the workhorses of modern cryptography". The input data is often called the message, and the output (the hash value or hash) is often called the message digestor simply the digest.

The ideal cryptographic hash function has five main properties:

  • it is deterministic so the same message always results in the same hash
  • it is quick to compute the hash value for any given message
  • it is infeasible to generate a message from its hash value except by trying all possible messages
  • a small change to a message should change the hash value so extensively that the new hash value appears uncorrelated with the old hash value
  • it is infeasible to find two different messages with the same hash value

Cryptographic hash functions have many information-security applications, notably in digital signatures, message authentication codes(MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. Indeed, in information-security contexts, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or justhash values, even though all these terms stand for more general functions with rather different properties and purposes.

Variable Cost Algorithm

PBKDF2

PBKDF2(Password Based Key Derivation Function 2) is typically used for deriving a cryptographic key from a password. It may also be used for key storage, but an alternate key storage KDF such as Scrypt is generally considered a better solution.

In cryptography, PBKDF1andPBKDF2(Password-Based Key Derivation Function 1and2) are key derivation functions with a sliding computational cost, used to reduce vulnerabilities of brute-force attacks.

PBKDF2 applies a pseudorandom function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce aderived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.

https://en.wikipedia.org/wiki/PBKDF2

Scrypt

Scrypt is a KDF designed for password storage by Colin Percival to be resistant against hardware-assisted attackers by having a tunable memory cost. It is described in RFC 7914.

Hashing Algorithms - SHA256 vs Scrypt

SHA256 vs Scrypt: How Comparing Hash Rates is Misleading | NKMAG

Fixed Cost Algorithm

ConcatKDF

ConcatKDFHash (Concatenation Key Derivation Function) is defined by the NIST Special Publication NIST SP 800-56Ar2 document, to be used to derive keys for use after a Key Exchange negotiation operation.

Warning - ConcatKDFHash should not be used for password storage.- HKDF

HKDF(HMAC-based Extract-and-Expand Key Derivation Function) is suitable for deriving keys of a fixed size used for other cryptographic operations.

Warning - ConcatKDFHash should not be used for password storage.- KBKDF

X963KDF

https://en.wikipedia.org/wiki/Key_derivation_function

https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions

Cryptographic Hash Functions

MD5

Was commonly used for password hashing, but now considered insecure for cryptographic purposes due to some vulnerabilities that were discovered in it

SHA-1 (Secure Hash Algorithm)

Originally designed by the NSA for various purposes, now considered deprecated and insecure

  • RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest)
  • bcrypt

A slow hash function that is resistant to brute-force cracks. Commonly used in some Linux distributions. Considered very secure.

import bcrypt

from models import db, User
def insert_user_into_db(username, password):

password_hash = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(12))

user = User(password=password_hash, username=username)

db.session.add(user)

db.session.commit()

https://auth0.com/blog/hashing-in-action-understanding-bcrypt

  • Whirlpool
  • SHA-2
  • SHA-3

Better than SHA-1, considered both safe and flexible

  • BLAKE2
  • NTLM

Commonly used in Windows active directory, but easy to crack. Use NTLMv2 instead.

SHA-1 - Wikipedia

SHA-2 (Secure Hash Algorithm 2)

SHA-2 is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle-Damgård construction, from a one-way compression function itself built using the Davies-Meyer structure from a specialized block cipher.

SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. SHA-256 and SHA-512 are novel hash functions computed with eight 32-bit and 64-bit words, respectively. They use different shift amounts and additive constants, but their structures are otherwise virtually identical, differing only in the number of rounds. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values. SHA-512/224 and SHA-512/256 are also truncated versions of SHA-512, but the initial values are generated using the method described in Federal Information Processing Standards (FIPS) PUB 180-4.

SHA-2 - Wikipedia

Argon2

A complicated but extremely secure hash function, resistant to brute force attacks. Can be difficult to implement.

Argon2 is a key derivation function that was selected as the winner of the Password Hashing Competition in July 2015.It was designed by Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich from the University of Luxembourg.The reference implementation of Argon2 is released under a Creative Commons CC0 license (i.e.public domain) or the Apache License 2.0, and provides three related versions:

  • Argon2d maximizes resistance to GPU cracking attacks. It accesses the memory array in a password dependent order, which reduces the possibility of time--memory trade-off(TMTO) attacks, but introduces possible side-channel attacks.
  • Argon2i is optimized to resist side-channel attacks. It accesses the memory array in a password independent order.
  • Argon2id is a hybrid version. It follows the Argon2i approach for the first half pass over memory and the Argon2d approach for subsequent passes. The Internet draftrecommends using Argon2id except when there are reasons to prefer one of the other two modes.

All three modes allow specification by three parameters that control:

  • execution time
  • memory required
  • degree of parallelism

https://en.wikipedia.org/wiki/Argon2

Performance-wise, a SHA-256 hash is about 20-30% slower to calculate than either MD5 or SHA-1 hashes.

References

https://en.wikipedia.org/wiki/Cryptographic_hash_function

https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e