Codepath

Cryptographic Hash Algorithms

Cryptographic Hash Algorithms are one-way algorithms which are used when data does not need to be decrypted. Because there will be no decryption, there is no need for a key. The common expression for the application of the algorithm is the verb "to hash". (As in, "I am going to hash this string.") The results of these one-way algorithms are commonly called "hashes". (As in "I stored the hash in the database.")

A cipher text which cannot be decrypted might not seem useful, but it is because of a simple principle:

Same input + same algorithm = same output

This concept allows us to compare two outputs string (hashes) in order to know if the input matches. Hash algorithms are especially useful for ensuring data integrity (Checksums) and for secure password storage.

There are many hash algorithms but four stand out as popular choices.

CRC32 ("Cyclic Redundancy Check") returns a 32-bit integer hash. It can be computed very quickly which makes it useful for data error detection and correction especially during transfer. It is widely used in communication software. If data sent does not match the expected CRC32 hash, the software would ask for the data to be resent.

MD5 is a popular hash function. ("MD" = "Message Digest"). It returns a 128-bit hexadecimal string which is 32 characters long. It was popular for secure encryption from 1991 to 2004, but since a number of weaknesses were discovered it has been used mostly for data integrity.

SHA-1 is a hash function designed by the N.S.A. ("SHA" = "Secure Hash Algorithm"). It returns a 160-bit hexadecimal string which is 40 characters long. It was used for secure encryption from 1996 to 2010, largely as a replacement for MD5, but now it is used mostly for data integrity.

bcrypt is a hash algorithm which is based on the Blowfish Symmetric-Key Algorithm. Unlike Blowfish, bcrypt is a one-way hash and offers no decryption. It returns a 184-bit base-64 encoded string which is 31 characters long (but it also includes prepends information to the encrypted string, making it 60 characters total). It has been used for secure encryption since it was created in 1999. bcrypt is the default hash algorithm on many Unix and Linux operating systems. It remains a recommended algorithm to use for password hashing.


More on Cryptographic Hash Algorithms when used for:

Fork me on GitHub