Hash functions are a one-way function, when properly implemented provides protection against collision. They however are susceptible to man-in-the-middle attack.
2. Hash functions
● Suppose, you need an identifier
that uniquely identifies a
document or an installation file,
and any change (even a single
bit) to the content of the file
should completely change the
identifier… then you are looking
for a Hash function.
● HASH is a one-way function. I.e, you can
create a HASH from a message, but you
can’t recover (or decipher) the message
from the HASH value.
● No two separate message would ever
produce the same HASH value. If it does,
don’t use that HASH algorithm.
● There are many popular Hash functions.
Some of them are: RC4, MD5, SHA1,
SHA2, SHA3 etc.
● This document will describe some
properties of SHA-2, and explain how a
simple HASH function works.
3. HASH Value Creation
Hash
Algorithm #1
Message Hash
(Message Digest)
Hello World!
#1Hash
(Message Digest)
MD5 ed076287532e86365e841e92bfc50d8c
Hash value of the message “Hello World!” is
“ed076287532e86365e841e92bfc50d8c”. If
there is a slight change in the message, it
will produce a totally separate hash value.
4. HASH Value Verification
Hash
Algorithm #2
Message Hash
(Message Digest)
Note that both the message and its
corresponding hash value could be replaced
by someone in the middle. To protect such
‘man-in-the-middle’ attacks, use HMAC,
CBC-MAC, Digital Signatures etc.
Repeat the Hash Value Creation process
(as before), and then check against the
Hash Value received along with the
message. If both hash value matches (i.e.
#1 = #2), then it is the hash value
corresponds to the original message.
5. HASH function (SHA-256) - A very good one!
Algorithm SHA-256
Length of hash value 256 bits
Operates on 512 bits block
Maximum message size (2^64) - 1 (i.e. works on pretty big message sizes)
Hash operations A combination of AND, XOR, Rotation, ADD (Mod 2^64), OR, SHR
Rounds of operation 64
6. Hash Algorithms (very bad ones, of course!)
unsigned xor_hash(void *key, int len)
{
unsigned char *p = key;
unsigned h = 0;
int i;
for (i = 0; i < len; i++)
{
h ^= p[i];
}
return h;
}
unsigned add_hash(void *key, int len)
{
unsigned char *p = key;
unsigned h = 0;
int i;
for (i = 0; i < len; i++)
{
h += p[i];
}
return h;
}
XOR each of the values together to derive the hash ADD each of the values together to derive the hash
These methods are
just for illustration
purposes only.
They are susceptible
to collision, as you
can imagine, if you
jumble up the
message, and
processed (XOR or
ADD), it will yield the
same hash value.
Therefore, these
algorithms are very
poor hash functions.