A cryptographic hash function is an algorithm which can be executed on data, like a file or a password, to create a value called a checksum. A hash function takes an input, or a message and returns with a fixed-size string of bytes. Any data can be hashed, regardless of its size or type and length, and the hash which any data generates using a hashing algorithm is always of the same length.
A hash also acts as a one-way function, which means that one can put data in a hashing algorithm, and receive back a unique string — but if a person comes across a new hash, you cannot decipher the input data that was used to hash.
Cryptographic hash functions are designed to prevent the ability to reverse the checksums they create back to the original texts, which includes a lot of things that are secured on the web, ranging from the HTTPS protocol to web payments made and passwords.
SHA-256 (part of SHA-2) is probably one of the most popular ones of all cryptographic hash functions because it’s used widely in securing blockchain networks, particularly the Bitcoin protocol. One of the latest secure hash algorithms, SHA-3, is now being developed for protecting embedded hardware like IoT devices.
Not All Algorithms Are Fool-Proof
One of the most important properties that cryptographic hash functions must possess is something called collision resistance, which means that it must be virtually impossible to find two different inputs that produce the same output. But, if someone encounters the same hash from two different values, then you may have something called a collision—a broken hash function that indicates a vulnerability.
And, that’s precisely what happened with the SHA1 cryptographic hash algorithm which is now considered insecure after researchers performed the world’s first known event of a collision on it. While we know SHA-1 is pretty much useless, the concerning thing in terms of web security is that SHA-1 remains the default hash function for certifying PGP keys in one of the legacy version branches of GnuPG – which is the open-source software for encrypting email and images. And multiple non-Web applications that depend on HTTPS encryption still accept SHA1 certificates.
Everyday Web Security Examples For Cryptographic Hash Functions
The primary use of a cryptographic hash function is to check the authenticity of any data. Two files can be considered to be identical only if the checksums produced from each one of files utilising the same cryptographic hash function are equal, which in turn, has a great use case in data security of files.
An average user encounters cryptographic hashing regularly, particularly in the realm of passwords. For example, when you sign up for an email address and password, your email provider never saves the password but instead runs the password into a hashing algorithm and stores the hash of your password.
So, each time you try to log in to your email, the email service hashes the password which is entered and then matches this hash to the database hash which was collected earlier. You only log in when the two hashes are same which ensures that the hackers and the service provider itself cannot read your encrypted mails; unless you are duped into giving your password in a phishing attack.