What are cryptographic hash functions?

A cryptographic hash function is an algorithm that takes an arbitrary amount of data input—a credential—and produces a fixed-size output of enciphered text called a hash value, or just “hash.” That enciphered text can then be stored instead of the password itself, and later used to verify the user.

Certain properties of cryptographic hash functions impact the security of password storage.

• Non-reversibility, or one-way function. A good hash should make it very hard to reconstruct the original password from the output or hash.
• Diffusion, or avalanche effect. A change in just one bit of the original password should result in change to half the bits of its hash. In other words, when a password is changed slightly, the output of enciphered text should change significantly and unpredictably.
• Determinism. A given password must always generate the same hash value or enciphered text.
• Collision resistance. It should be hard to find two different passwords that hash to the same enciphered text.
• Non-predictable. The hash value should not be predictable from the password

The good of cryptographic hashes

Cryptographic hashes take cleartext passwords and turn them into enciphered text for storage. Attackers who access your database are forced to decipher those hash values if they want to exploit them. In other words, hashes slow down attackers.

The bad of cryptographic hashes

Simple cryptographic hashes can slow down attackers, but ultimately attackers will be able to overcome them.

• Attackers equipped with fast hardware can easily “crack” hashed credentials.
• Good hash algorithms are designed to be collision-resistant, but collisions are impossible to eliminate completely. MD5 and SHA-1 have been proven to contain known collisions—that is, produce the same hash value from different credentials.
• Rainbow tables are “optimized lookup tables” that can be used to reverse-engineer one-way hash functions. A rainbow table is basically a pre-computed set of plaintext strings and their corresponding hashes. Large rainbow tables are publicly available, and attackers can use one of these tables to retrieve cleartext data that has been hashed.

Power up your cryptographic hashes

There are variations that can improve your hash function and provide a greater barrier against attacks.

Salted hashes

Salting adds random data to each plaintext credential. The result: two identical plaintext passwords are now differentiated in enciphered text form so that duplicates cannot be detected.

Keyed hash functions

A keyed hash function (also known as a hash message authentication code, or HMAC) is an algorithm that uses a cryptographic key AND a cryptographic hash function to produce a message authentication code that is keyed and hashed.

Adaptive hash functions

An adaptive one-way function is any function that is designed to iterate on its inner workings, feeding the output back as input, in a manner that causes it to–ultimately–take longer to execute. It is adaptive because the developer can adjust how many iterations occur. To protect stored passwords, architects have applied the adaptive design to hash functions (such as PBKDF2) and to encryption schemes (such as bcrypt).

The trade-off of cryptographic hash functions

Cryptographic hash functions do provide barriers to attackers, like speed bumps slowing down a speeding motorcycle. But it’s critical to remember that eventually the motorcycle will still make it down the street. However, these barriers will slow down your defenders as well—normal users and your server. Set the speed bump too high, and you run the risk of annoying your user—and overtaxing your server.

But no matter how high you build your speed bump, an attacker WILL ultimately be able to overcome it. The ongoing challenge is to slow down attackers while balancing the needs and satisfaction of your users.