Why is hash function security crucial ?
Hash functions are used in a very large scope nowadays. Data security, data integrity, authentication, crypto-currencies...
Many cryptocurrencies relies on hash functions to secure transactions. Bitcoin for example mainly relies on SHA-256 hash function (which is part of the SHA-2 hash functions family).Learn more
Consequently, breaches in hash functions used for cryptocurrencies exchanges can have a huge impact on these technologies.
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.Learn more
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity).
Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.Learn more
The passwords’ storage is unencrypted in a database, where a file can be a security flaw. Indeed, if someone can access to all passwords, they are compromised. To prevent this case, we can hash all passwords so we will not store unencrypted passwords. Then the user authentication will be done with the hash sent compared with hash stored. The authentication will be even more secured because the strength of the hash function is that they are almost impossible to reverse.Learn more
Checking the file or message integrity
A possible way to check is an integrity control which means that the message’s print will be computed and send with the message. However, it’s not secured because if someone intercept the message, he can change and produce another hash.Learn more
Pseudorandom number generator
Hash functions are sometimes considered as pseudorandom generator.
In fact, it’s impossible to predict what will be the hash of a message knowing the hash of a very similar other message. Functions like Yarrow, Fortuna or Blum Blum Shub are generators which use or come from cryptographic functions.Learn more