Hash: what it is, what it is used for and why it is so important to know hashing

Hash: what it is, what it is used for and why it is so important to know hashing

By Roberto D. | CryptoFarm | 14 Feb 2020

Hash functions are one of the most overlooked aspects by newbies when they begin to deepen the study of cryptocurrencies and this is undoubtedly strange if we consider that hash functions are the beating heart of cryptography.

Normally when you approach the study of a cryptocurrency such as bitcoin (but it also applies to any altcoin) we focus on the use cases and the consent protocol, but all cryptography relies on hash functions and this aspect does not should never be overlooked.

It is certainly true that a new project rarely relies on a new hash function, almost always we tend to use functions whose security has already been proven.

But hash functions, and this is another aspect of the issue that often eludes us, find numerous other applications even outside of encryption; in this article, therefore, I will try to explain not only what these functions are and what they are used for, but we will also provide concrete use cases aimed at demonstrating that the knowledge of these tools can be useful to any user even outside the development environment of the crypto.


What is a hash function

A hash function, very simply, is a mathematical function that allows you to reduce any text string (regardless of its length) to a new string with specific characteristics including a predefined number of characters.

In other words, starting from an X input, it will be possible to generate an Y input that will have well-defined characteristics; This mechanism is now commonly used to protect the databases on which the passwords that allow users to authenticate (in practice login) on the major websites are kept.

Even google, for example, uses hash functions; let's activate a new email on google, what happens is that we define a password (for example "pizza_pasta_tortellini", I'm Italian, really nice) but then physically our password must be kept on a database so that when we go again to authenticate us on the site, this can verify that the password entered during the login coincides perfectly with the one stored on the database (which is also the one we established during the registration phase).

Physically on the google database attached to our username, we do not end up with the password "wheelchair" in the clear but an alphanumeric string that is the result of what has been produced by the hash function, in practice the fingerprint of our password.

This is done because even if the database is violated, the hacker would be in a position to decrypt the hashed password if he wishes to actually manage to access our account.


Features of the hash functions

There are different types of hashing functions, from the oldest (such as MD5) to the most modern and commonly considered unassailable (as in the case of the SHA-256 which is the same used by bitcoin and the American NSA); regardless of the type of hashing function, all have common basic characteristics that we will briefly summarize below:

Constancy: for the same input, the same hash function will always return the same alphanumeric string; to every input, in other words, the same output always and inevitably corresponds.

Irreversibility: while it is always possible to reproduce the output knowing the original input with which the output was generated, however, it is not possible to do the reverse path, therefore it is not possible, starting from an alphanumeric string, to go back to the initial content of the input which generated it.

Determinism: regardless of how long the input is, the hash function will always return an alphanumeric string of a specified number of characters; if I took the divine comedy, for example, and subjected it to a hash function, the result would always be a string of 32, 64 (etc) characters (the length of the output depends on the hashing function used).

Avalanche effect: no matter how long and complex the input is, an infinitesimal variation of the input is sufficient to generate a completely different output; if I subjected the divine comedy to a hash function and then redone the same operation by removing a single space from the original text, the output that would be generated in this second case would be radically different from that generated in the first

Describing all this in words is quite complicated, so to clarify your ideas I recommend you visit this site http://onlinemd5.com/ and play with the hash functions.



Hashing vulnerabilities

A hash function like the SHA-256 does not have real vulnerabilities, however it is still possible to trace the initial input that generated the output provided that you know the type of hash function used.

In fact, there are tables that encode the possible inputs by returning the relative output for each; these tables are called "rainbow" but are very rudimentary tools and can only be used in the presence of very short passwords.

We have said that sites such as google do not keep plaintext passwords on their database but submit them as a hash function, but if I use a trivial and short password, such as "1234", it will be easy that there is one in circulation table that has encoded all possible outputs for inputs up to 4 characters.

Precisely for this reason it is important to use long and complex passwords, because "rainbow tables" cannot be generated for unlimited numbers of characters, a good password that contains at least 18 characters and hashed before being stored on a database remains substantially armored even if the data base that holds it is punctured.

In reality the developers have created a very simple system to get around this problem which is called "salt and pepper", in practice the passwords defined by users are "seasoned" with a small addition before being subjected to the hash function, of Consequently, when I define a password of the "1234" type, the system transforms it into something of the "blablebliolb1234" type, making it longer before submitting it to the hash code and every time I log in on that particular site by entering my password "1234" on system automatically adds the "salt" (ie the portion of string "blablebliolb") before comparing it with the password stored in the database.


Concrete uses of hash functions in everyday life for ordinary users

Even if you are not a developer, you can still benefit from the knowledge and use of the hash functions; the most common use you can make of it is to generate strong passwords for site access credentials and at the same time easy to remember.

In this way you can also keep track of them in writing (in case you ever have a head injury and lose your memory), remaining perfectly sure that even if they steal the sheet of paper on which you keep your passwords nobody could be able to access your accounts.

Suppose the case of an average user who has an email on google, an account on twitter, one on facebook and one on instagram; on a piece of paper we take note of our passwords and then write something like:

password twitter: matrix 1999 film by the brothers andy and larry wachowski

facebook password: clear dawn of vasco rossi song of 1979

password instagram: botticelli's spring painted in 1477

password gmail: the invisible cities of italo calvino novel of 1972

What do we have here? We have four things that are easy to remember, because they are (it is an example) my film, my song, my painting and my favorite book; to avoid making mistakes when entering the input, I write everything in lowercase and without punctuation.

What I will do is subject each of these inputs to a hash function (for example we use the MD5 which has a shorter output) to derive my passwords.

On my piece of paper I keep the passwords in clear text but then to log in I use the alphanumeric string obtained from the hash function, so I will have for:

"1999 matrix film by the brothers andy and larry wachowski" my password MD5


"Clear dawn of vasco rossi song of 1979" my password MD5


"The spring of botticelli painted in 1477" my password MD5


"The invisible cities of italo calvino novel of 1972" my password MD5


It is impossible to forget the input used to generate our strong password because they are things that concern us intimately (my favorite movie, my song, my novel, etc); and to log in, I just need to have the hash function that I used to get the output handy.

In this way I generate strong passwords that are impossible to forget at the same time.



For those working in the IT field, it is unthinkable not to have even superficial knowledge of the hash functions, but nowadays, with IT security becoming increasingly important for everyone, even ordinary people can take advantage of these tools.

Obviously, just as there are different needs, there are different hash functions that we can use according to our purposes; if we need to increase security then the SHA-256 is definitely the best function ever, but to generate unique alphanumeric codes, an MD5 is enough and also advances.

With a little imagination it is easy to discover that the applications of these tools are many, an aspect that we have not considered for example are the integrity checks of the documents downloaded online; but the fields in which a correctly used hash function can greatly simplify our lives are many and only those who know these tools can understand how to use them to meet their needs.

Once again, therefore, it emerges how cryptography is capable of impacting in every area of ​​human knowledge, revolutionizing the processes through which we manage complex models and simplifying, in certain cases even a lot, our operations while guaranteeing the best standards of security possible.




Useful link ALL TRUSTED:

My Exchange:



Cloud Mining:


Roberto D.
Roberto D.

Born, and still living, in Italy. Passionate about cryptocurrencies since I discovered ethereum in 2016 Telegram channel: https://t.me/freewaystoearn


All about crypto and airdrop

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.