What Exactly is a Hash Function?

[baltoro]

I managed to buy a copy of: "Secrets and Lies, Digital Security in a Networked World", by Bruce Schneier 2000,...and for someone who knows nothing about security, it is excellent. Since, most of you guys are spies, you've probably read it, and know what I'm talking about.
If you've ever implemented a hash function, can you describe it? Of course, I've read the description in Bruce's book,...but, seeing a little code would really be fantastic.
Thanks.
(By the way, Bruce Schneier has a blog: Schneier on Security A blog covering security and security technology)
A General Description from Secrets and Lies:   
"Hash functions have an enormous range of applications in cryptography and computer security. Almost every Internet protocol uses them to process keys, chain a sequence of events together, or authenticate events. They are essential for digital signature algorithms. They are probably the single most useful tool in a cryptographer's toolbox."
"One-way hash functions are like digital fingerprints: small pieces of data that can serve to identify much larger digital objects. They are public functions; no secret keys are involved."
"Hash functions can provide a measure of authentication and integrity. A bunch of one-way hash functions are in use today: SHA-1 is the U.S. Government's standard hash function. The acronym stands for: Secure Hash Algorithm, and is specified in the Secure Hash Standard."

[redskull]

It depends if you are talking about a 'normal' hash function, or a 'cryptographic' has function.  Since you referenced the latter, it's essentially a "one way" mathmatical equation.  You can easily calculate the result based on an input, but can't easily figure out the input given the result.  As a VERY simple example, a fourth grader can computer 2^4, but most grown adults can't compute the 4th root of 16 without a calculator (or memorizing it).  This way, you can "hash" a password, and then pass the hashed version over the internet in plain text, and no one will be able to tell what the original one was.

-r

[baltoro]

Red,
thanks.
So, the complexity of an algorithm varies, I assume, based on your needs? It's not a standardized protocol, but, just a computation (or series of computations) that produces a unique value? And, in order to be useful, all parties using the resultant hash must know the original algorithm?

[redskull]

The "perfect" crytographical hash would be one where no two values produce the same result, and that can't be "undone" by any means, and such a beast has yet to be found.  But you are correct in saying that it is nothing but a series of computations, and that both parties must know the algorithm (at least, at one point)

-r

[baltoro]

The "perfect" crytographical hash would be one where no two values produce the same result.

...That's a pretty clear way to describe it. Thanks.

[donkey]

It's not a standardized protocol, but, just a computation (or series of computations) that produces a unique value? And, in order to be useful, all parties using the resultant hash must know the original algorithm?

Well, there are some standard hash algorithms such as SHA etc... for those you can use the Crypto API. Its slower than a hand written algorithm but it can be easier to set up where speed is not an issue. I usually only use a HASH for password functions so speed isn't an issue and I use the Crypto API. Generally I have the user enter a password then use the hash as the key to encrypt the password using AES in order to store it in the registry, in this case even though it is a one way procedure the hash can be used to verify an entered password but it is difficult to rebuild the password given just the registry data.

Code Select Expand

GetKey FRAME pszKey,pHashKey
uses edi,esi,ebx
LOCAL dwStatus :D
LOCAL bResult :D
LOCAL hProv :D
LOCAL hHash :D
LOCAL cbRead :D
LOCAL rgbHash[64] :B
LOCAL cbHash :D
LOCAL rgbDigits[16] :B

// Generate an SHA HASH from the password
// Note only 32 bytes are used for the encrypt/decrypt key
mov [rgbDigits],"0123"
mov [rgbDigits+4],"4567"
mov [rgbDigits+8],"89ab"
mov [rgbDigits+12],"cdef"

invoke lstrlen,[pszKey]
test eax,eax
jz >>.ERRORCONTEXT
mov [cbRead],eax

invoke CryptAcquireContext,offset hProv,NULL,NULL,PROV_RSA_FULL,CRYPT_VERIFYCONTEXT
test eax,eax
jz >>.ERRORCONTEXT

invoke CryptCreateHash,[hProv], CALG_SHA, NULL, NULL, offset hHash
test eax,eax
jz >>.ERRORHASH

invoke CryptHashData,[hHash], [pszKey], [cbRead], NULL
test eax,eax
jz >>.ERROROTHER

mov D[cbHash],64
invoke CryptGetHashParam,[hHash], HP_HASHVAL, offset rgbHash, offset cbHash, NULL
test eax,eax
jz >>.ERROROTHER

// convert the hash to an SHA string using a lookup table
xor eax,eax
xor edx,edx
mov ebx,[pHashKey]
mov edi,offset rgbHash
mov ecx,[cbHash]
mov esi,offset rgbDigits
:
mov al,[edi]
shr al,4
mov dl,[esi+eax]
mov [ebx],dl
inc ebx
mov al,[edi]
and al,0fh
mov dl,[esi+eax]
mov [ebx],dl
inc edi
inc ebx
dec ecx
jnz <
mov B[ebx],0

invoke CryptDestroyHash [hHash]
invoke CryptReleaseContext, [hProv], NULL
xor eax,eax
ret

.ERROROTHER
invoke CryptDestroyHash [hHash]

.ERRORHASH
invoke CryptReleaseContext, [hProv], NULL

.ERRORCONTEXT
invoke VirtualFree,[pHashKey],NULL,MEM_RELEASE
xor eax,eax
dec eax
RET
ENDF

[hutch--]

baltoro,

Ita a trade between speed versus complexity, at one end you have the crypto style of hash where you pursue as close to a unique result from a given data as possible, at the other end with something like a hash table data structure, speed is the factor at the price of uniqueness and you rely on the speed of collision detection to make up for it. "collision" in this context is 2 or more pieces of data that produce the same hash result.

[Magnum]

Bruce Schneier has some interesting articles.

It looks like he has trouble sleeping at night.

The Safe Cracking Robot was pretty interesting.  :U

[baltoro]

Thanks for the information. Especially the code, Edgar. It almost looks like fun.