Today we’re going to take a quick look at hashing functions, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between hashing, encryption, and encoding, so one of the purposes of this article is to help differentiate between them.
To start , a hash function is defined as a one-way operation that accepts an input message (of any length) and generates a fixed-length output. The output that gets generated from the original message is typically referred to as a message digest, or hash.
In other words, take any message, run it through the hashing function, and the output should result in a fixed-length hash.
Also, in order to clarify an item in the definition above. When a hash function is defined as “one-way”, that means it’s highly unlikely (or virtually impossible) that anyone would be able to find what the input text was when only provided with a hashed output. This is different from either encryption or encoding, which are two-way operations where something can be both encrypted and decrypted, or encoded and decoded.
The CISSP material references five basic requirements which, according to RSA Security, are needed to form a basic cryptographic hash function:
- Input can be any length
- Output has a fixed length
- The hash function is reasonably easy to compute for any input
- The hash function is one-way (meaning it’s very difficult or impossible to determine the input when provided with only the output)
- The hash function is collision free (meaning that it is also extremely difficult to find two messages that produce the same hash value)
Below is a list of example algorithms. You may recognize a few of these, such as MD5, HMAC, or SHA-1:
- MD2 Message Digest 2
- MD4 Message Digest 4
- MD5 Message Digest 5
- HAVAL Hash of Variable Length (an MD5 variant)
- HMAC Hash Message Authenticating Code
- SHA Secure Hash Algorithm
- SHA-1 Secure Hash Algorithm
Finally, if you’re wondering about the differences between the different SHA2 and SHA3 algorithms listed above, here’s a brief explanation to help keep them straight. When you see something that uses SHA 256 or 512, it’s related to the output and means that the hash function produces a 256-bit or 512-bit message digest. Whereas when you see SHA 224 or 384, it indicates that a truncated version of SHA 256 or 512 is being used to produce a 224-bit or 384-bit message digest.
This has been a quick look at hashing functions. There is an audio/video version of this material here, for anyone who prefers that format. If you’re interested in security fundamentals, we have a Professionally Evil Fundamentals (PEF) channel that covers a variety of technology topics. We also answer basic questions in our Knowledge Center. Finally, if you’re looking for a penetration test, training for your organization, or just have general security questions please Contact Us.