A one-way hashing function is a concept in cryptography that is used to provide integrity and nonrepudiation. Hash functions are designed to be relatively easy to compute one way but extremely difficult to undo or reverse. Hashing is designed to provide a unique data fingerprint that will materially change in the event of data alteration or tampering. Hashed values or message digests are the result of a variable amount of data being mapped onto a fixed-length field. Hashes are not used for encryption but rather for authentication and for ensuring integrity and providing nonrepudiation. A one-way hash function is also known as a fingerprint.

Some of the most common current and historical hashing algorithms include the following:

• Message Digest 2 (MD2)—An older one-way hash function used in the privacy-enhanced mail (PEM) protocols along with MD5. It produces a 128-bit hash value for an arbitrary input. It is similar in structure to MD4 and MD5 but is slower and less secure.

• Message Digest 4 (MD4)—A one-way hash function that provides a 128-bit hash of the input message. Although faster and more secure than MD2, it also has been shown to contain vulnerabilities.

• Message Digest 5 (MD5)—An improved and redesigned version of MD4, producing a 128-bit hash. MD5 is the most common cryptographic hashing algorithm in current use.

• HAVAL—A variable-length, one-way hash function and modification of MD5. HAVAL processes the messages in blocks of 1,024 bits, twice that of MD5, and is faster than MD5.

• Secure Hash Algorithm-0/1 (SHA-0/1)—Provides a 160-bit fingerprint. SHA-0 and SHA-1 are no longer considered secure and are vulnerable to attacks.

• Secure Hash Algorithm-2 (SHA-2)—A group of SHA algorithms that each processes messages up to 512-bit blocks and adds padding if needed to get the data to added up to the right number of bits. SHA also includes other versions, including SHA-256 and SHA-512, which are part of the SHA-2 group.

• Secure Hash Algorithm-3 (SHA-3)—Formally known as Keccak, this algorithm was selected in 2012 as the NIST SHA-3 standard. It supports the same key lengths as SHA-2 but is far more secure.

Because the hashing process is a one-way function that produces statistically distinct output for any input, any change to the data being hashed will result in a completely different hash output. To get a better idea of how hashing works, let’s look at an extremely simple (and very insecure) hashing function. In our sample function, we add the ASCII (American Standard Code for Information Interchange) values of the first three characters of the input string, and then we subtract 96. The reason we subtract 96 is that the lowest ASCII value for printable characters is 32 (the space character), and therefore, the lowest value for a string of three spaces would be 96. By subtracting 96, we map our output values to the range of 0 to 282. TABLE 3-3 shows the results of our simple hashing algorithm. (Clearly, this algorithm is too simple to use in a real application because it encounters frequent collisions. Hashing any strings that start with the same three letters will return the same hash value. This is not desired behavior for a good hashing function.