Thanks a lot for this summary @DericEcourcy!
A few weeks ago we had a live session with @nikeshnazareth about this topic. I’ll share my notes here.
Properties of hash functions
- Fixed size output, not dependent on the input.
- Pre-image resistance: It’s a one-way function. The output looks pretty random. Small changes in the input give very different output. Given an output, it shouldn’t be possible to find the input.
- Second pre-image resistance: There is no information to be gained after knowing a few examples of pre-images.
- Collision resistance: It is computationally impossible to find two inputs that map to the same output.
- All properties apply to all degrees: Every bit is equally resistant.
Hash functions can be seen as an oracle that returns random bits, except that when it’s a repeated input it will remember the previous answer and return it.
Use cases
- Passwords: Don’t store the password directly. Store a hash of the password plus a salt.
- Digital signatures: Usually what you sign is a hash of the message.
- Pseudo-random number generator: Use a small random number and hash it to get a new bigger random number. There is an entropy caveat, because they are correlated.
- Hash commitments.