A cryptographic hash function is one of a group of hash functions that are suitable for cryptographic applications like SSL/TLS. Like other hash functions, cryptographic hash functions are one-way mathematical algorithms used to map data of any size to a bit string of a fixed size. Cryptographic hash functions are widely used in information security practices, such as digital signatures, message authentication codes, and other forms of authentication.
Cryptographic hash functions should have the following properties (source: wikipedia):
1. The same message always results in the same hash value (i.e. the function is deterministic).
2. The hash value is computed quickly.
3. It is infeasible to have two messages with the same hash value (known as a “collision”).
4. It is infeasible to intentionally create a message that yields a given hash value.
5. Slight changes to the message should change the resulting hash value extensively, so that it appears uncorrelated with the original hash.
The most commonly used cryptographic hash functions include MD5, SHA-1, and SHA-2.
The uniqueness of each hash is vital to the integrity of the cryptographic hash function. This is what truly distinguishes cryptographic hash functions from other hash functions – the assurity that a particular message is identified in a unique and unfeasibly duplicatable way.
Digital signature schemes (such as for document signing, code signing, or S/MIME email) generally require that a cryptographic hash be calculated of the message and included in the signature. The recipient’s software then independently calculates the hash to verify the message’s integrity.
Websites also often publish a hash value for downloadable files. When a user downloads the file, they can use their own software to independently calculate the hash, verifying the file’s integrity.
Password security also relies on cryptographic hashes. Passwords presented by users are hashed and then compared with the stored hash.
Cryptographic hash functions are widely used in security protocols like SSL/TLS and SSH, and in other applications that rely on data integrity. Cryptocurrencies use hashing algorithms to update a blockchain with new blocks of secure and verifiable transaction data. (BitCoin, for example, uses SHA-2 for transaction verification.)
SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function that can convert an arbitrarily long string of data into a digest with a fixed size of 160 bits. This digest is commonly displayed as a 40 character hexadecimal number.
The SHA-1 algorithm is now considered insecure. SHA-1 certificates are no longer in compliance with the CA/B Forum Baseline Requirements, or supported by the current versions of major web browsers.
The Secure Hash Algorithm (SHA) series of hash functions is comprised of different sets (SHA-0, SHA-1, SHA-2, SHA-3).
SHA-2 (Secure Hash Algorithm 2) refers to a family of cryptographic hash functions that can convert arbitrarily long strings of data into digests of a fixed size (224, 256, 384, or 512 bits). 256-bit SHA-2, also known as SHA-256, is the most often-used version. The digest is commonly displayed as a fixed value hexadecimal number. (SHA-256, for instance, returns a 64 character code.)
SHA-2 has supplanted SHA-1 in security protocols like SSL/TLS.