Stack Overflow
Stack Overflow

Questions tagged [cryptographic-hash-function]

A cryptographic hash function is a function that takes a string of bytes of variable length and returns a fixed-length digest such that it is extremely difficult to find two inputs that yield the same output or find the original input given an output. It is also desirable for a small change in input to yield a large change in output. Common hash functions include MD5, SHA-1, SHA-256, SHA-512, and RIPEMD.

A cryptographic hash function is a function that takes a string of bytes of variable length for input and returns a fixed number of bytes (the exact number depending on the function) such that:

  • It is extremely difficult to find an input given an output.
  • It is extremely difficult to find another input that gives the same output.
  • Preferably, a small change in input results in a large change in output. (the avalanche effect)

Common hash functions include:

There are also some other notable hash functions which are less mature:

Applications

While there are many uses for cryptographic hash functions, here are a selected few:

  • In combination with a salt, it can be used to store passwords. (tag: )
  • It can be used as part of an HMAC. (tag: )

Related Questions

Usage in Various Languages

In Python, one can use the hashlib module:

import hashlib
hashlib.md5(b'Stack Overflow').hexdigest()     # => fcb3cd0c1efd8afe09d0505e46cefa4c
hashlib.sha1(b'Stack Overflow').hexdigest()    # => 47dd9a3d44ce99e3bbd366c9c91a60fc96281e66
hashlib.sha256(b'Stack Overflow').hexdigest()  # => 37a04a3fbe1f4424d5ed539c213b8f56ff07dcf9d94a360fa8b4efb69d22c1ede93e1dc4928760bf84ffe5b176babb60344b1a10bda218aaa35eb6388a9db3ec

In Ruby, one can use digest:

require 'digest'
Digest::MD5.new.update('Stack Overflow').hexdigest        # => fcb3cd0c1efd8afe09d0505e46cefa4c
Digest::SHA1.new.update('Stack Overflow').hexdigest       # => 47dd9a3d44ce99e3bbd366c9c91a60fc96281e66
Digest::SHA2.new(512).update('Stack Overflow').hexdigest  # => 37a04a3fbe1f4424d5ed539c213b8f56ff07dcf9d94a360fa8b4efb69d22c1ede93e1dc4928760bf84ffe5b176babb60344b1a10bda218aaa35eb6388a9db3ec
Digest::RMD160.new.update('Stack Overflow').hexdigest     # => 4a275d3d6a77a69a7e0bd06241d35378348b7438

In C#, one can use System.Security.Cryptography.HashAlgorithm:

using System.Security.Cryptography;

byte[] input = /* ... */;
HashAlgorithm.Create("MD5").ComputeHash(input);        // => array of bytes
HashAlgorithm.Create("SHA1").ComputeHash(input);       // => array of bytes
HashAlgorithm.Create("SHA512").ComputeHash(input);     // => array of bytes
HashAlgorithm.Create("RIPEMD160").ComputeHash(input);  // => array of bytes

In Java, one can use java.security.MessageDigest:

import java.security.MessageDigest;

byte[] input = /* ... */;
// getInstance can throw NoSuchAlgorithmException if the algorithm is unsupported
MessageDigest md = MessageDigest.getInstance("MD5" /* or any other algorithm */);
md.digest(input);  // => array of bytes

Many other languages have mechanisms for hashing; see Rosetta Code for more:

101 questions
297
votes
18 answers

How to hash some String with SHA-256 in Java?

How can I hash some String with SHA-256 in Java?
Ivana
  • 2,981
  • 2
  • 15
  • 4
200
votes
14 answers

How can I hash a password in Java?

I need to hash passwords for storage in a database. How can I do this in Java? I was hoping to take the plain text password, add a random salt, then store the salt and the hashed password in the database. Then when a user wanted to log in, I could…
Chris Dutrow
  • 48,402
  • 65
  • 188
  • 258
151
votes
9 answers

Which cryptographic hash function should I choose?

The .NET framework ships with 6 different hashing algorithms: MD5: 16 bytes (Time to hash 500MB: 1462 ms) SHA-1: 20 bytes (1644 ms) SHA256: 32 bytes (5618 ms) SHA384: 48 bytes (3839 ms) SHA512: 64 bytes (3820 ms) RIPEMD: 20 bytes (7066 ms) Each of…
Sam Saffron
  • 128,308
  • 78
  • 326
  • 506
134
votes
5 answers

MD5 algorithm in Objective-C

How to calculate the MD5 in Objective-C?
Biranchi
  • 16,120
  • 23
  • 124
  • 161
131
votes
9 answers

MD5 is 128 bits but why is it 32 characters?

I read some docs about md5, it said that its 128 bits, but why is it 32 characters? I can't compute the characters. 1 byte is 8 bits if 1 character is 1 byte then 128 bits is 128/8 = 16 bytes right? EDIT: SHA-1 produces 160 bits, so how many…
hash_jr90
  • 1,313
  • 2
  • 9
  • 4
103
votes
16 answers

How come MD5 hash values are not reversible?

One concept I've always wondered about is the use of cryptographic hash functions and values. I understand that these functions can generate a hash value that is unique and virtually impossible to reverse, but here's what I've always wondered: If on…
barfoon
  • 27,481
  • 26
  • 92
  • 138
92
votes
8 answers

Converting a md5 hash byte array to a string

How can I convert the hashed result, which is a byte array, to a string? byte[] bytePassword = Encoding.UTF8.GetBytes(password); using (MD5 md5 = MD5.Create()) { byte[] byteHashedPassword = md5.ComputeHash(bytePassword); } I need to convert…
Blankman
  • 259,732
  • 324
  • 769
  • 1,199
38
votes
6 answers

C# SHA-1 vs. PHP SHA-1...Different Results?

I am trying to calculate a SHA-1 Hash from a string, but when I calculate the string using php's sha1 function I get something different than when I try it in C#. I need C# to calculate the same string as PHP (since the string from php is calculated…
Anand Capur
  • 808
  • 1
  • 9
  • 18
38
votes
5 answers

Why is it not possible to reverse a cryptographic hash?

Why can't you just reverse the algorithm like you could reverse a math function? How is it possible to make an algorithm that isn't reversible? And if you use a rainbow table, what makes using a salt impossible to crack it? If you are making a…
Keavon
  • 6,837
  • 9
  • 51
  • 79
37
votes
7 answers

How do one-way hash functions work? (Edited)

I read the Wikipedia article about md5 hashes but I still can't understand how a hash can't be "reconstituted" back to the original text. Could someone explain to someone who knows very little about cryptography how this works? What part of the…
user94154
  • 16,176
  • 20
  • 77
  • 116
31
votes
3 answers

MD5 Hash and Base64 encoding

If I have a 32 character string (an MD5 hash) and I encode it using Base64, what's the maximun length of the encoded string?
Joaquín L. Robles
  • 6,261
  • 10
  • 66
  • 96
21
votes
1 answer

What's the difference between the hash algorithms SHA-2 and SHA-3?

I know SHA-224, SHA-256, SHA-384 and SHA-512 are all part of the SHA-2 hash function family. But there is now also a new SHA-3 hash algorithm. Could you please tell me the difference between SHA-2 and SHA-3? When and why should I use SHA-3? And…
user1926193
  • 249
  • 1
  • 2
  • 3
20
votes
3 answers

Does any published research indicate that preimage attacks on MD5 are imminent?

I keep on reading on SO that MD5 is broken, bust, obsolete and never to be used. That angers me. The fact is that collision attacks on MD5 are now fairly easy. Some people have collision attacks down to an art and can even us use them to predict…
Sam Saffron
  • 128,308
  • 78
  • 326
  • 506
15
votes
9 answers

Does sha-1 ever produce collisions for input messages less than 160bits?

I have a 128bit ID that I want to perform a one way hash on, but I don't want to ever get the same digest for an input message. Does anyone know if sha-1, or an alternative, is guaranteed not to produce collisions for the set of messages less than…
Malcolm Smith
  • 3,540
  • 25
  • 29
13
votes
3 answers

HMAC security - Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?

Is the security of the HMAC based on SHA-1 affected by the collisions attacks on SHA-1?
Daniel Gartmann
  • 11,678
  • 12
  • 45
  • 60
1
2 3 4 5 6 7