top of page
  • Writer's pictureA&P

Hashing


When we talk about hashing we are not talking about making a form of potatoes. Hashing is a mathematical algorithm that changes the input data into a fixed-length output called a hash. The input data, also known as the key, can be in just about any format — a string of text, a list of numbers, an image, or even an application file. The final output of the hash function is the hash value, which ideally should be unique to each input. Hashing has many cyber uses such as in authentication, digital signatures and more.


Have you ever seen a checksum when you go to download a file? That is a hash. If you hash what you downloaded and it doesn't match, it tells you there might be a problem. Why is this important? One of attackers favorite new attacks is to go on to a common download page and substitute their own code for the code that's there. However, if the code changes then the hash will change. It can also be used to detect if the files are corrupted.


There are different algorithms that can be used for hashing.



SHA-2 (Secure Hash Algorithm 2) is a widely used cryptographic hash function designed by the United States National Security Agency. It is a family of six different hash functions that generate hash values of varying lengths — 224, 256, 384, or 512 bits. SHA-2 is more secure the the algorithm it replaced. SHA-1. SHA-1 was deprecated because today’s more powerful computers can create fraudulent messages that result in the same hash as the original, potentially compromising the authentic message. SHA-1 produces a 160-bit hash value which is too small in modern times. These “collision” attacks have been used to undermine SHA-1 in recent years.


SHA-3, also known as Keccak, is starting to gain some traction as a supplement to SHA-2. SHA-3 makes the following improvements:

  • Resistance to Length Extension Attacks: With SHA-2, given the hash of a message but not the message itself, it’s easy to find the hash of the message concatenated with certain suffixes. This is not the case with any of the SHA-3 functions. This means that SHA-3 is more secure when used in certain cryptographic constructions .

  • Performance: The SHA-2 functions generally have higher performance than the SHA-3 functions3. However, there are faster variants of SHA-3, such as BLAKE2 and KangarooTwelve.

  • Internal Design: SHA-2 uses the Merkle–Damgård structure, while SHA-3 uses the sponge structure. This difference in design increases confidence in their security, as a breakthrough in cryptanalysis against one is less likely to affect the other.

  • Security: SHA-3 is considered more secure than SHA-2 for the same hash length. For example, SHA3-256 provides more cryptographic strength than SHA-256 for the same hash length (256 bits).


4 views0 comments

Recent Posts

See All

Comments


bottom of page