Hash Functions
박서경🔐 Hash Functions Explained: The Backbone of Modern Cryptography
Cryptographic hash functions are the unsung heroes of security. They're not just for password storage—they power digital signatures, secure messaging, software integrity, blockchain, intrusion detection, and much more.
🧠 What Is a Hash Function?
A hash function is a deterministic algorithm that takes any-length input and produces a fixed-length output, typically 256 or 512 bits.
Input (any size) → Hash() → Output (fixed size)
Properties of good hash functions:
Fast
Deterministic
Avalanche effect (small change → drastic output change)
Irreversible (preimage resistance)
Collision-resistant
⚙️ Real-World Use Cases of Hash Functions
| Domain | Use |
| ✅ Digital Signatures | Sign the hash of a document instead of the full document for speed and integrity |
| ✅ Password Storage | Store Hash(password) with salt, not the raw password |
| ✅ Blockchain / Bitcoin | Use SHA-256 for mining and block integrity |
| ✅ TLS/SSL, SSH, IPSec | Ensure message integrity in encrypted communications |
| ✅ Software Updates | Verify update integrity with signed hash |
| ✅ Version Control (e.g., Git) | Identify commits and files by hash (SHA-1 or SHA-256) |
| ✅ Forensics | Prove files haven't changed using hashes |
| ✅ Deduplication | Cloud storage systems use hashes to detect identical files |
| ✅ Digital Certificates | Certificates contain hashes for data verification |
| ✅ Proof-of-Work (e.g., Bitcoin) | Find a nonce such that `Hash(data |
🛡️ Key Security Properties
1️⃣ Preimage Resistance
Given H, it’s hard to find M such that
Hash(M) = H
🔒 Used for:
Secure password verification
Proof-of-knowledge schemes
Commitment schemes
2️⃣ Second Preimage Resistance
Given M₁, it’s hard to find M₂ ≠ M₁ such that
Hash(M₁) = Hash(M₂)
🔒 Used for:
- Digital signature integrity (forged messages must not have same hash)
3️⃣ Collision Resistance
Find M₁ ≠ M₂ with
Hash(M₁) = Hash(M₂)→ very hard
🔒 Used for:
Signing software
Preventing file forgery
Blockchain consistency
⏱ Collision attack complexity: ~2ⁿ⁄² for n-bit hash (e.g., 128-bit security needs 256-bit hash)
⚔️ How Can Hash Functions Go Wrong?
🚨 Length-Extension Attack
Affects Merkle–Damgård constructions (e.g., SHA-1, SHA-2)
- Attacker knows
Hash(M)and can computeHash(M || pad || X)
💡 Solution: Use HMAC, or SHA-3 / BLAKE2 which are safe
🏗️ Hash Function Families
🔷 SHA-1 (Don’t use ❌)
160-bit output
Broken in 2005; real collision in 2017 (SHAttered.io)
🔷 SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)
Still widely used
Strong security
Used in TLS, Bitcoin, certificates
🔷 SHA-3 (Keccak)
Sponge construction
No length-extension issue
Includes SHA3-256 and SHAKE128/256 (XOFs)
🔷 BLAKE2 (⚡ Faster and Safer)
Faster than SHA-2
Resistant to length-extension
Supports keyed hashing
Used in Argon2 (password hashing), IPFS, libsodium
🔬 Internal Designs
| Design | Explanation |
| 🔁 Merkle–Damgård | Processes message blocks iteratively using a compression function |
| 🧽 Sponge (e.g., SHA-3) | Absorbs message into a state, permutes, then squeezes output |
| 🔐 Davies–Meyer | Compression based on block cipher + XOR |
🧪 Attacks Recap
| Attack | Affects | Solution |
| Length Extension | SHA-1, SHA-2 | Use HMAC or SHA-3 |
| Collision Attack | MD5, SHA-1 | Use SHA-2/3, BLAKE2 |
| Preimage Attack | Rare | SHA-256 still secure (2²⁵⁶ complexity) |
| Proof-of-Storage bypass | MD / SHA | Use `Hash(C |
✅ What Should You Use?
| Use Case | Recommended Hash |
| General purpose | SHA-256 or BLAKE2 |
| HMAC-based auth | HMAC-SHA-256 |
| Secure key derivation | BLAKE2b or Argon2 |
| New protocols | SHA-3, SHAKE128/256 |
| High-speed hashing | BLAKE2bp (multi-core) |
📌 Summary
Hash functions are everywhere: from secure messaging to cryptocurrency.
Understand the security properties and use the right hash.
Prefer SHA-2, BLAKE2, or SHA-3 in modern systems.
Don’t use MD5 or SHA-1 for security.
Subscribe to my newsletter
Read articles from 박서경 directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by