A cryptographic hash function, or cryptologic hash function, is a hash function that satisfies certain properties that make it suitable for cryptographic applications. A hash function efficiently generates a fixed-length output value from an input value, such as a message or a file: the hash value. For cryptographic use, further properties are required: a cryptographic hash function is a one-way function, offers collision resistance and generates a pseudo-random hash value.
Cryptographic hash functions are used to check the integrity of files or messages. To do this, the function is applied to the file to be checked and compared to a known hash value. If the new hash value deviates from this, the file has been modified. To prevent an attacker from altering both the file and the hash value, a key-based cryptographic method can be used, such as a digital signature or a message authentication code. Cryptographic hash functions are also used to securely store passwords. When a system verifies a password entered, it compares its hash value with a hash value stored in a database. If both values match, the password is correct. In this way, it can be avoided to store the password in plain text. An attacker who has read access to the database will not obtain the password. In addition, cryptographic hash functions can be used as pseudo-random number generators and to construct block ciphers.
There are many cryptographic hash functions. Some of them, such as the MD5 or SHA-1, are no longer considered safe because they do not provide strong collision resistance. Among the functions often used in practice that are still considered secure today are the SHA-2 and SHA-3 algorithm families.
---
Using SHA-256 with OpenSSL (Linux/macOS):
1 | echo -n "Hello, World!" | openssl sha256 |
This command will calculate the SHA-256 hash value of the string “Hello, World!”. The -n option ensures that a newline character is not included in the input.
Using SHA-256 with PowerShell (Windows):
1 | echo -n "Hello, World!" | Get-FileHash -Algorithm SHA256 |
In PowerShell, you can use the Get-FileHash cmdlet to compute the hash value. This command calculates the SHA-256 hash value of the string “Hello, World!”.
Using MD5 with OpenSSL (Linux/macOS):
1 | echo -n "Hello, World!" | openssl md5 |
Similarly, you can use OpenSSL to calculate the MD5 hash value:
Using MD5 with PowerShell (Windows):
1 | echo -n "Hello, World!" | Get-FileHash -Algorithm MD5 |
These commands demonstrate how to calculate cryptographic hash values from the command line using popular hashing algorithms like SHA-256 and MD5. Remember to replace “Hello, World!” with the input data you want to hash.
Hash functions can be divided into keyless and key-dependent hash functions. A keyless hash function receives only the message as the input value, while a key-dependent hash function receives a secret key as the second input value next to the message. According to its intended use, a keyless hash function is also called a Modification Detection Code and a key-dependent hash function is called a Message Authentication Code (MAC). MACs include constructs such as HMAC, CBC-MAC, or UMAC.
Keyless hash functions are further divided into one-way hash functions (OWHF) and collision resistant hash functions (CRHF). A one-way hash function satisfies the one-way property and weak collision resistance, while a collision-resistant hash function additionally satisfies the strong collision resistance. The hash value is also called a fingerprint because it identifies a message or file almost unambiguously. Another term for the hash value is message digest.
