an overview of hashing algorithms using the hash plugin

What is hashing and why should it be used? Basic types of hashing.

Complexity: Newbie.

Introduction

This article will tell you what hashing is and what hashing algorithms are used in the plugin hashand a comparison table will be provided in which you can see and compare the characteristics of certain hashing algorithms supported by this plugin.

Content

Section 1: What is hashing and the hash plugin

Hash (hash) is a cryptographic function, which is a mathematical algorithm that converts an arbitrary array of data (information) into a fixed-length string consisting of numbers and letters.

How the hashing process works:
First, determine the integrity of which files need to be monitored. For each file, the value of its hash is calculated according to a special algorithm, and the result is saved. After the necessary time, a similar calculation is made and the results are compared. If the values ​​are different, then the information contained in the file has been changed.

The main feature of hash functions is that they cannot be dehashed, it is impossible to return a once hashed data string to a reverse readable form.

Where is used:
Analysis using hash functions is often used to control the integrity and verify the uniqueness of important files of the operating system, programs, as well as to protect personal data on the Internet, such as a password, key or other value that does not require reverse decryption, but requires control/comparison of values.

What characteristics should a hash function have:

• Must be able to perform arbitrary to fixed length data conversions.

• Must have an open algorithm so that its cryptographic strength can be investigated.

• It should be one-sided, that is, there should not be a mathematical possibility to determine the initial data from the result.

• Must “resist” collisions, i.e. should not produce the same values ​​for different inputs.

• Should not require large computing resources.

• With the slightest change in the input data, the result should change significantly.

To see the hashing process in all its glory, we’ll use the companion plugin for the Flutter framework:

hash is a collection of cryptographic hash functions written in the pure Dart language, supporting platforms such as Android, iOS, Linux, macOS, Windows, Web.

The plugin supports the following algorithms:

Section 2: SHA

SHA (“Secure Hash Algorithm”) – one of the most, if not the most popular family of hashing algorithms.

There are 3 main categories in total:

• SHA-1 – the second cryptographic hashing algorithm in the family, the predecessor is SHA-0, which was withdrawn citing an error and later replaced with an improved version, this is SHA-1. Developed and published by the US National Security Agency in 1995 as a standard for secure hashing. The algorithm is based on the idea of ​​a compression function.

• SHA-2 – a subfamily of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256), also created and published by the US National Security Agency, in addition to this standard was added SHA-1 function developed in 1995. SHA-2 algorithms are built on top of Merkle-Damgor structures.

• SHA-3 – Keccak, a hashing algorithm, winner of a new standard competition in 2012, which was supposed to replace SHA-1 and SHA-2, but because Since no major attacks on the SHA-2 algorithm have been proposed so far, switching to SHA-3 is not necessary. The algorithm is built on the principle cryptographic sponge. Because in the plugin in question there is no implementation of this algorithm, I can bring to your attention the plugin sha3written in pure Dart language and implementing the necessary functionality.

Examples of hash functions using the SHA algorithm (Dart language):

  static String hashSHA1(String text) {
    return sha1.convert(utf8.encode(text)).toString();
  }

  static String hashSHA224(String text) {
    return sha224.convert(utf8.encode(text)).toString();
  }

  static String hashSHA256(String text) {
    return sha256.convert(utf8.encode(text)).toString();
  }

  static String hashSHA384(String text) {
    return sha384.convert(utf8.encode(text)).toString();
  }

  static String hashSHA512(String text) {
    return sha512.convert(utf8.encode(text)).toString();
  }

  static String hashSHA512224(String text) {
    return sha512224.convert(utf8.encode(text)).toString();
  }

  static String hashSHA512256(String text) {
    return sha512256.convert(utf8.encode(text)).toString();
  }

Section 3: MD5

MD (“Message Digest”) is a widely used family of hash algorithms.

Includes 6 versions:

• MD1 is a proprietary algorithm whose specification has not been published.

• MD2 – was developed in 1989 for use as one of the cryptographic algorithms, and in 1990 was proposed as a replacement for BMAC (Bidirectional MAC).

• MD3 – never published, most likely development was abandoned.

• MD4 – developed in 1990, from the features used in the authentication protocol MS-CHAPdeveloped by Microsoft to perform authentication procedures for remote Windows workstations.

• MD5 – developed in 1991, is the most popular algorithm of the entire family, to this day it is widely used to check the integrity of information and hash passwords.

• MD6 – developed in 2008, is not very popular due to the shortcomings declared by the developer himself and the loss in the competition in 2008-2012, in which the new SHA-3 algorithm won, later the algorithm was improved, but this did not add popularity to it.

An example of a hash function using the MD5 algorithm (Dart language):

  static String hashMD5(String text) {
    return md5.convert(utf8.encode(text)).toString();
  }

Section 4: RIPEMD-160

RIPEMD (“RACE Integrity Primitives Evaluation Message Digest”) – the algorithm, developed in 1996, uses the principles of MD4, and is comparable in performance to the SHA-1 algorithm.

There are the following versions of the hash function, they differ only in bitness, which is what their name says:

Support for the RIPEMD-160 algorithm declared by the author is missing.

Section 5: HMAC

HMAC (“Hash-based Message Authentication Code”) – one of the mechanisms for checking the integrity of information to ensure that data transmitted or stored in an unreliable environment has not been changed by unauthorized persons.

MAC is a standard that describes how to exchange data and how to check the integrity of transmitted data using a secret key.

Two clients using a MAC typically share a shared secret. HMAC is an add-on for MAC, a mechanism for exchanging data using a secret key. The name may specify the hash function used: HMAC-MD5, HMAC-SHA1, HMAC-RIPEMD160…

The mechanism itself was developed in 1996, and in 1997 was released standard documentation.

In HMAC, the data is “mixed” with the key, and the hash function is applied twice.

Advantages of HMAC:

• the possibility of using hash functions already available in the software product.

• no need to make changes to the implementation of existing hash functions (making changes can lead to performance degradation and deterioration of cryptographic strength).

• the ability to replace the hash function if a safer or faster hash function becomes available.

Mandatory to implement the protocol IPsec.

Hash function example using HMAC and SHA-256 (Dart language):

  static Hmac hashHMACSHA256(String text, String key) {
    return Hmac(sha256.convert(utf8.encode(text)) as Hash, utf8.encode(key));
  }

comparison table

I would also like to draw your attention to the performance of hash functions (less is better):

Performance data was taken from this hash function performance articles.

Conclusion

Summing up, we can say one thing that the SHA family, in particular the new SHA-3 Keccak standard, which is a pioneer in terms of protection, has shown itself to be the most cryptographic algorithms throughout its existence. However, the choice of hashing algorithm to use will still depend not only on its security, but also on its speed, choose wisely.