Any crypto-active, the expression “hash function”, necessarily explained before talk about bitcoin. Contrary to what the name suggests, hashing has nothing to do with steak. And the same goes for salting, which has nothing to do with salt.
Indeed, these terms designate mathematical and computer processes.
Hash functions are in fact an essential part of the “crypto” aspect of crypto-assets. But what are we talking about exactly?
General principles of hash functions
Hash functions are sequences of mathematical and cryptographic operations producing a result, which is also called fingerprint or signature. They are generally used to secure a transfer of information between two computer systems.
The hash functions make it possible in particular to confirm certain properties of a computer message, such as its origin or its context, or else to differentiate between two similar elements, without however revealing their entire content.
How do they work exactly?
As for the purely mathematical aspect, everything depends on the hash function in question: there are dozens, some more secure than others. All existing functions are based on different procedures from each other: substitutions, permutations, additions of content, or withdrawals of content. Each function therefore leads to different results.
The hash functions, however, have the particularity that they are designed for computer use. And unlike the aforementioned encryption systems, the point is not to be able to find the original message from the result of the function.
Hash functions are therefore supposed to meet several specific criteria:
Determinism: the result of the function must be invariable in all circumstances. No matter when the function is used, who uses it, or how many times the function is used, if the starting message is the same, then the result should be the same.
Efficiency: the hashing function must allow an immediate result to be obtained; otherwise it risks excessively slowing down the computer systems which depend on it.
Resistance to attack: it should not be possible to recreate the original message from the result of the function, except by trying all the possible results one by one. The ease of distinction: two extremely similar messages must generate two easily differentiated results.
The uniqueness of the results: it must be impossible to generate two identical results with two different messages.
Obviously, these criteria evolve over time. The ultimate security of yesterday represents only the most total mediocrity in today’s security systems, and some computing tasks that were once considered colossal have become ridiculously easy for modern processors.
For example, there is a technique slightly slowing the hash functions, which is that of salting . The principle is simple: rather than directly calculating the footprint of the original message, a series of characters will be generated randomly and mixed with the text of the message. Then, it is the result of this operation which sees its calculated footprint. This technique makes it possible to avoid allowing an attacker to calculate what the message is by observing its fingerprint. So, unlike our beloved French cuisine, we can say that there is never too much salt in crypto-active ingredients.
The humor of cryptographers dictates that another similar method exists, but whose associated code is called pepper. The latter is in fact a series of secret, non-random characters, like a sort of additional password, which is added to the message before calculating its fingerprint. However, the principle remains the same: it is an additional step in the hash function, which adds complexity to the latter and slows down the computer that will execute it.
Fortunately, the power of modern computers means that these two functions have an absolutely laughable impact on the hash functions that use them. While these operations were time-consuming in 1980, today they represent only an obstacle so insignificant that since they increase the security of the function.
And these two methods aren’t the only ones: this link will allow cryptographers to improve security in one way or another. Finally, be aware that the criteria mentioned above do not all apply in the same way to hash functions, depending on the objectives sought. Most hash functions will need to produce a result instantly, but in some contexts, a ten second delay is perfectly acceptable if it improves security.