- A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value.
- A “good” hash function has the property that the results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random.
- In general terms, the principal object of a hash function is data integrity.
- A change to any bit or bits in results, with high probability, in a change to the hash code.
- Hash function used for security applications is referred to as a cryptographic hash function.
- A cryptographic hash function is an algorithm for which it is computationally infeasible to find either o A data object that maps to a pre-specified hash result (the one-way property) or o Two data objects that map to the same hash result (the collision-free property).
- Because of these characteristics, hash functions often used to determine whether or not data has changed.
The figure depicts the general operation of a cryptographic hash function.
- The message plus concatenated hash code encrypted using symmetric encryption. Because only A and B share the secret key, the message must have come from A and has not been altered. The hash code provides the structure or redundancy required to achieve authentication. Confidentiality is also provided.
- Only the hash code encrypted, using symmetric encryption. This reduces the processing burden for those applications that do not require confidentiality.
- It is possible to use a hash function but no encryption for message authentication. Two communicating parties share a common secret value S. A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. Because B possesses, it can recompute the hash value to verify. An opponent cannot generate a false message.
- Confidentiality can add to the approach of a method (c) by encrypting the entire message plus the hash code.
- Another important application, which is similar to the message authentication application, is the digital signature.
- The operation of the digital signature is similar to that of the MAC.
- Moreover, In the case of the digital signature, the hash value of a message encrypted with a user’s private key.
- Anyone who knows the user’s public key can verify the integrity of the message that associated with the digital signature.
- In this case, an attacker who wishes to alter the message would need to know the user’s private key.
- The hash code encrypted, using public-key encryption with the sender’s private key. This provides authentication. It also provides a digital signature, because only the sender could have produced the encrypted hash code.
- If confidentiality, as well as a digital signature, desired, then the message plus the private-key-encrypted hash code can encrypt using a symmetric secret key.
- Hash functions commonly used to create a one-way password file.
- Hash functions can use for intrusion detection and virus detection.
- A cryptographic hash function can use to construct a pseudorandom function (PRF) or a pseudorandom number generator (PRNG).