## Hashing Algorithms

A cryptographic hash function is a mathematical formula or algorithm that creates a one way encryption process. By “one-way”, this means the information that is encrypted by a hash function can not be decrypted. The purpose for using these one-way hashing algorithms is two-fold:

1. to provide a check of integrity
2. to protect some important piece of information like a password or encryption key

Most hashing algorithms take variable length input and output a fixed length string that is always unique when the input is changed. The output is similar to a summary or “message digest”. This “digest” output is called, the hash. If any piece of the input is changed, the hash is also changed. This provides the integrity check. Information is input into the hashing algorithm which calculates the hash. The information is then transmitted or sent to another location or stored for some time. Then the integrity of the information needs to be confirmed, so the hash is calculated again and compared to the original hash value. This is more simple than comparing the original information because the hash strings are a fixed length and usually shorter than the original information. If the hashes are identical, the information has not been changed, and if the hashes are not identical, the information has been changed.

In many systems, the password that provides access control is protected by being hashed. Once it has been hashed, the process cannot be reversed to expose the password. But when the user logs in, the password entered is hashed and compared to the hash stored on the system. If they match, the user is granted access. If password hashes are exposed, they can be attacked by a “brute force” guessing attack that tries to compose every possible variation of a password, then hash it and compare the hashes to see if the guess has discovered the password. This takes time and computing power and if the password is sufficiently long and complex, it will take too long to be worthwhile. On the other hand, short and simple passwords can be discovered rapidly with good computing power.

Cryptography I Stanford University – [coursera.org]