Sie sind auf Seite 1von 18

HASHING FUNCTION

CHERRY A. DIERGOS
M.A.Ed Mathematics
DEFINITION:
Hashing is the transformation of a string
of characters into a usually shorter
fixed-length value or key that represents
the original string. Hashing is used to
index and retrieve items in
a database because it is faster to find
the item using the shorter hashed key
than to find it using the original value. It
is also used in
many encryption algorithms.
As a simple example of the using of
hashing in databases, a group of people
could be arranged in a database like
this:

Abernathy, Sara Epperdingle, Roscoe
Moore, Wilfred Smith, David (and many
more sorted into alphabetical order)
Each of these names would be the key in
the database for that person's data. A
database search mechanism would first
have to start looking character-by-
character across the name for matches
until it found the match (or ruled the other
entries out). But if each of the names
were hashed, it might be possible
(depending on the number of names in
the database) to generate a unique four-
digit key for each name.
For example:
7864 Abernathy, Sara 9802
Epperdingle, Roscoe 1990 Moore,
Wilfred 8822 Smith, David (and so
forth)
A search for any name would first consist
of computing the hash value (using the
same hash function used to store the
item) and then comparing for a match
using that value. It would, in general, be
much faster to find a match across four
digits, each having only 10 possibilities,
than across an unpredictable value length
where each character had 26
possibilities.
The hashing algorithm is called the hash
function-- probably the term is derived
from the idea that the resulting hash
value can be thought of as a "mixed up"
version of the represented value.
A HASHING FUNCTION
is typically a mathematical function which
takes a key value and determines a
position in an array. For instance, we
might have a table which contains
employee names. If we needed to find out
if an employee is in the table, we would
have to search the entire table
. It would be nice if we had an idea of
where that employee record might be.
So a hash function can be used to
determine, based on the employee's
name, the position in the array, or table.
Check the array in that position and see
if the record is there.
HASH FUNCTIONS
take a block of data as input, and
produce a hash or message digest as
output. The usual intent is that the hash
can act as a signature for the original
data, without revealing its contents.
Therefore, it's important that the hash
function be irreversible - not only should
it be nearly impossible to retrieve the
original data, it must also be unfeasible
to construct a data block that matches
some given hash value
Randomness, however, has no place in a
hash function, which should completely
deterministic. Given the exact same input
twice, the hash function should always
produce the same output. Even a single bit
changed in the input, though, should produce
a different hash value. The hash value
should be small enough to be manageable in
further manipulations, yet large enough to
prevent an attacker from randomly finding a
block of data that produces the same hash.
Hash functions can't be used directly for
encryption, but are very useful for
authentication. One of the simplest uses
of a hash function is to protect
passwords. UNIX systems, in particular,
will apply a hash function to a user's
password and store the hash value, not
the password itself.
To authenticate the user, a password is
requested, and the response run
through the hash function. If the
resulting hash value is the same as the
one stored, then the user must have
supplied the correct password, and is
authenticated.

Since the hash function is irreversible,
obtaining the hash values doesn't reveal
the passwords to an attacker. In
practice, though, people will often use
guessable passwords, so obtaining the
hashes might reveal passwords to an
attacker who, for example, hashes all
the words in the dictionary and
compares the results to the password
hashes.
Another use of hash functions is for
interactive authentication over the
network. Transmitting a hash instead of
an actual password has the advantage of
not revealing the password to anyone
sniffing on the network traffic
. If the password is combined with some
changing value, then the hashes will be
different every time, preventing an
attacker from using an old hash to
authenticate again. This approach is
used in PPP's CHAP authentication
scheme.
The server sends a random challenge to
the client, which combines the challenge
with the password, computes the hash
value, and sends it back to the server.
The server, possessing both the stored
secret password and the random
challenge, performs the same hash
computation, and checks its result
against the reply from the client
. If they match, then the client must
known the password to have correctly
computed the hash value. Since the
next authentication would involve a
different random challenge, the
expected hash value would be different,
preventing an attacker from using a
replay attack.