Omni Calculator logo

Cryptographic Hash Functions: Guardians of Your Secrets

Welcome to Omni Calculator’s article that explains the essential theoretical properties of secure hash functions. If you want an overview of modern hash types, check Omni’s hash identifier, and to learn more about the most widespread hash functions in cryptography, like MD5 or SHA-256, visit our page dedicated to the examples of cryptographic hash functions.

After a brief refresher on what a cryptographic hash function is from a mathematical perspective, we shall discuss:

  • The key properties of cryptographic hash functions; and
  • Applications of cryptographic hash functions.

The first part of the definition of a cryptographic hash function is the same as for a generic hash function. The key mathematical properties are as follows:

  • Deterministic map;
  • Arbitrary-length input; and
  • Fixed-length output.

Moreover, hash values should be computed efficiently, even for large inputs and in real-time systems. This aspect is especially important for hash tables. Cryptographic hash functions do not need to be extremely fast to compute, but they must remain practical: we would rather not hash a password for two hours! (Though some password-hashing functions are slower than they could be to resist brute-force attacks.)

A more detailed discussion of this part of the definition of cryptographic hash functions (together with some examples) can be found on a dedicated page explaining how hash functions work.

The cryptographic properties that distinguish cryptographic hash functions are:

  • Preimage resistance;
  • Second-preimage resistance;
  • Collision resistance; and
  • Avalanche effect.

The most crucial properties of cryptographic hash functions are the three kinds of resistance:

  • Preimage resistance
    It ensures that for a given hash, it is computationally infeasible to determine the original input that produced this hash. This property makes cryptographic hash functions effectively one-way, meaning there is no practical way to invert them. It protects sensitive information such as private messages, preventing attackers from discovering the original content even if they have the hash.

  • Second-preimage resistance
    It guarantees that, given a specific input and its hash, it is computationally infeasible to find another input that generates the same hash. This feature prevents attackers from finding a password that produces the same hash as your actual password, making second preimage resistance a critical security requirement.

  • Collision resistance
    It ensures that it is computationally infeasible to find any two distinct inputs that produce the same hash. This property is vital for digital signatures, certificates, and file integrity.

🙋 While second-preimage resistance focuses on one specific input, collision resistance considers all possible inputs.

Breaking second preimage resistance is harder than breaking collision resistance in the same way that finding another person with the same birthday as you is much less likely than finding a pair of people who share a birthday. This reasoning is linked to the birthday paradox.

The avalanche effect is a property of cryptographic functions that says that every secure hash function should be very sensitive to small changes in input: flipping even a single bit should result in a completely different hash output.

This behavior ensures that similar inputs do not produce similar hashes, thereby reinforcing security by preventing patterns or correlations in the output.

Cryptographic hash functions are essential for ensuring security, integrity, and authenticity in modern computing systems:

  1. Password security

    • Password hashing: Passwords are stored in hashed form rather than plaintext, protecting credentials even if a database is compromised.
    • Salting: Random data combined with passwords before hashing defeats precomputed attacks (such as rainbow tables) and increases resistance to brute-force attacks.

  2. Data integrity

    • Checksums: Hash values are used to verify that data has not been altered by comparing hashes computed before and after storage or transmission.
    • File integrity: Hashes make it possible to confirm that downloaded or updated files remain unchanged, allowing detection of corruption or unauthorized modification.

  3. Digital signatures

    • Signing: A hash of the data is created and encrypted with a private key, binding the signature to the exact content of the message or file.
    • Verification: Recomputing and comparing hashes ensures both integrity and authenticity when validating digital signatures.

  4. Blockchain and cryptocurrencies

    • Transaction verification: Hash values link blocks together in a chain, making unauthorized modifications computationally infeasible.
    • Proof of Work: Hash-based computational puzzles are used to validate transactions and secure the network.

As you can see, the humble cryptographic hash functions form the bedrock of many crucial elements in our modern society. Thank you, cryptographic hash functions!

A non-cryptographic hash function maps data to a fixed-size output (a hash) prioritizing speed and good data distribution over the strong collision resistance and preimage resistance required for security.

Collision resistance is a stronger property than second-preimage resistance. To break the latter, the attacker must find another input that produces the same hash, while in the former, they have the freedom to choose two inputs that produce the same hash. So if a hash function is collision-resistant, it is also second-preimage resistant.

This article was written by Anna Szczepanek and reviewed by Steven Wooding.