## Hashing Algorithms

A cryptographic hash function is a mathematical formula or algorithm that creates a one way encryption process. By “one-way”, this means the information that is encrypted by a hash function can not be decrypted. The purpose for using these one-way hashing algorithms is two-fold:

- to provide a check of integrity
- to protect some important piece of information like a password or encryption key

Most hashing algorithms take variable length input and output a fixed length string that is always unique when the input is changed. The output is similar to a summary or “message digest”. This “digest” output is called, the hash. If any piece of the input is changed, the hash is also changed. This provides the integrity check. Information is input into the hashing algorithm which calculates the hash. The information is then transmitted or sent to another location or stored for some time. Then the integrity of the information needs to be confirmed, so the hash is calculated again and compared to the original hash value. This is more simple than comparing the original information because the hash strings are a fixed length and usually shorter than the original information. If the hashes are identical, the information has not been changed, and if the hashes are not identical, the information has been changed.

In many systems, the password that provides access control is protected by being hashed. Once it has been hashed, the process cannot be reversed to expose the password. But when the user logs in, the password entered is hashed and compared to the hash stored on the system. If they match, the user is granted access. If password hashes are exposed, they can be attacked by a “brute force” guessing attack that tries to compose every possible variation of a password, then hash it and compare the hashes to see if the guess has discovered the password. This takes time and computing power and if the password is sufficiently long and complex, it will take too long to be worthwhile. On the other hand, short and simple passwords can be discovered rapidly with good computing power.

To learn more about the mathematics of hashing, use this excellent course on cryptography:

**Cryptography I Stanford University** – [coursera.org]

About this Course

Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two parties generate a shared secret key. Throughout the course participants will be exposed to many exciting open problems in the field and work on fun (optional) programming projects. In a second course (Crypto II) we will cover more advanced cryptographic tasks such as zero-knowledge, privacy mechanisms, and other forms of encryption.

**6 – 3 – The Merkle-Damgard Paradigm-Cryptography-Professor Dan Boneh**

– [youtube.com]

**6 – 4 – Constructing compression functions -Cryptography-Professor Dan Boneh**

– [youtube.com]