Cryptographic hash functions are hash functions that meet cryptographic requirements and can be used in encryption, signature or authentication processes.
Hash functions are functions that convert an input of any length into an output of a predetermined size. Hash functions always deliver the same output with two identical inputs. This is referred to as deterministic behavior.
Cryptographic hash functions are used in a large number of cryptographic methods.
The strength, i.e. the resistance to attacks on cryptographic methods such as e.g. B. an encryption protocol depends heavily on the hash functions used in these algorithms. Therefore, high demands are placed on hash functions that are to be used in cryptographic processes.
Such a hash function must be able to withstand all known cryptanalytic attacks, which would be used, among other things, in a vulnerability analysis. To do this, the function must have the following three properties.
It must be difficult to find another input for a concrete input and its corresponding hash function output that delivers the same output.
Again, it must be difficult to find two different inputs that produce the same output from the hash function. Hash functions that have a high collision resistance also consequently have a high second pre-image resistance.
These three requirements mean that a good hash function fulfills the property of the so-called avalanche effect. This property states that even small changes in the input will change the generated output very much. As a result, it is not possible to draw conclusions about the associated inputs by analyzing different outputs.
ProSec =
per sec =
58e769d6dede714bcfa1e3953b31d 8e575420fd10e9e187e77166dfd4 72173a2
6e085d38614a1b999dece462a1767 80b675dffd07de2f6381ec8400c5b 66e344
=
ac8192b8f83f38b89762f747c9171849 eaaaaeb24c4fcfc532db6cfcf5403e06
Methods for checking and confirming passwords require cryptographic hash functions. It is not secure to store passwords in clear text for direct comparison with an entered password. There is a risk that the database in which such passwords are stored is hacked and the passwords are publicly available. As a result, these passwords could be exploited directly.
To prevent this, passwords must be stored as hash values. Because the passwords used cannot be recalculated from these hashes (property of the one-way function), the actual password cannot be calculated in a realistic time when using a secure hash function and a good password.
Methods for securely hashing passwords are called key derivation functions. With this method, passwords are repeatedly hashed using a hash function, usually in conjunction with a so-called salt. Here, the output of the previous hash function is hashed again by the same function. For example, 10.000 repetitions of this process are usual. The use of a salt is necessary to increase the security of the passwords and e.g. B. to prevent rainbow table attacks.
When creating a password, this process is run through and the result and the corresponding salt value are stored. If a user now logs in with the assigned password, this is first combined with the saved salt and then goes through the same process again. If the correct password is used, the hash value obtained from the process corresponds to the previously stored hash value and the password entered is correct. Examples of common key derivation functions that are currently considered secure are PBKDF2 or scrypt.
Using the key derivation function PBKDF2 with the password "hunter22" and the salt "salt" at 10000 iterations:
hunter22 =
787a933636cf2ffcb383b99365245ee 639db5a5a833e757c05fe36ac7b9a 1ff7
This value would then be stored in a password database.
Using "simple" cryptographic hashing methods is not secure for password confirmation. Passwords that are hashed with the MD5 algorithm can e.g. For example, you can link the hash value to your inputs by simply doing a Google search.
MD5 hash for hunter22 = cb95015a436fe976eb38e45455372032
The confirmation of the authenticity and integrity of messages and files is made possible by cryptographic hash functions and their hash values. Hashing a transmitted message makes it possible to verify that the message when transmitted matches the message that is received.
In this case we are talking about so-called HMAC (Hashed Message Authentication Codes). Here, the sender of a message forms the hash value for this message with a previously determined hash function and also transmits this. Using the received message and the same hash function, the recipient also forms the hash value of the message and compares this hash value with the transmitted hash value.
If both values are identical, it can be assumed that the message was not changed during transport. This method assumes that the transmitted HMAC cannot be changed by an attacker.
When using asymmetric cryptosystems, hash values of the messages to be signed are usually created. These are then encrypted with the private key of the signing communication partner.
By decrypting the hash value with the public key of the signing partner and comparing it with the self-generated hash value of the message, it can be confirmed that the message actually comes from this communication partner if the hash values are identical.
Known hashing methods that currently correspond to the state of the art and can therefore be used in cryptographic methods are SHA-2 and SHA-3. SHA stands for Secure Hash Algorithm. Since SHA-2 is based on the same design principle as SHA-1 and SHA-1 is no longer considered secure, it can be assumed that it will also be possible to successfully attack the SHA-2 method in the near future. As a result, SHA-2 will probably no longer correspond to the current state of the art. This suspicion does not exist with SHA-3 because the Keccak algorithm standardized in SHA-3 is based on a fundamentally different design principle and is therefore not susceptible to the same attacks.
The widespread algorithms MD5 and SHA-1 are considered insecure because successful attacks have been published for both methods. In 2012 a so-called Chosen-prefix collision attack was released for MD5. With such an attack it is possible to generate the same hash value for two different documents or messages by combining them with certain pre-calculated values. The method is therefore no longer resistant to collisions, because attackers are able to exchange documents or messages without this being noticed when checking the hash values (e.g. the HMAC).
In January 2020, a chosen-prefix collision attack on SHA-1 was published, which can be carried out with comparatively little computing effort. With a computing power that is currently associated with costs of around USD 45.000, different inputs can be calculated with the same resulting hash value. This means that collision resistance is no longer available for SHA-1 either. The developers of the attack were able to forge the digital signature for a key used in GnuPG and thus show that signatures based on SHA-1 can no longer be considered secure.
SHA-1 can also be used in cipher suites in the TLS 1.2 standard. These suites should definitely be deactivated. TLS 1.3 no longer allows SHA-1.
The Git version control system also uses SHA-1 for file verification. The possibility of the chosen-prefix collision attack thus theoretically offers the possibility of sneaking malicious code into Git repositories unnoticed, which is not noticed by a check of the hash values.