Do you ever send files or data over the internet that are confidential? Chances are, we all send passport data, passwords or medical information from time to time. Often you want someone other than the intended recipient to be able to view this information. You can never be 100% sure, but there is a technique that can help you.
Hashing algorithms can be used to send data securely. When you protect information with a hashing algorithm, you can assume that the data arrives unchanged at the intended recipient.
Yet we see that few people consciously use hashing. However, we often unconsciously use hashing. For example, when we send cryptocurrencies over the blockchain network. So, let’s take a look at what hashing is, but especially at what the most important and (un)secure hashing algorithms are.
What is a hashing algorithm? #
A hashing algorithm is a technology that converts data into cryptographic output. What this output looks like depends entirely on the content. When one bit of this content changes, the output already looks completely different. This makes it easy to see if the content has changed in transit: if the hash looks different when received than when it was sent, the data has been modified.
When hashing data, a string of any length is converted to a string of a fixed length. By a string we mean a series of numbers/letters, which at first glance appear to be in a random order.
Yet the outcome is not at all as random as we might think. There is an algorithm behind the hashing that provides the logic. We call this a hashing algorithm, of which there are many different ones. For example, Bitcoin (BTC) uses the SHA-256 algorithm. Another well-known algorithm is MD5.
How does hashing work on the blockchain? #
You could think of a hashing algorithm as a sort of machine for creating a cipher. Below you can see what such a hash looks like, using the SHA-256 hashing algorithm.
| Input | Hash output |
| Hello. | 753692ec36adb4c794c973945eb2a99c1649703ea6f76bf259abb4fb838e013e |
| How are you doing? | 815cbea3d1a07b54f7eb75ad237234bf1e2996c23d94b60c50663ede13374e26 |
| I’m doing well. | c5c96770ac7745c653d73bf03e42ef1b5babfc3d58839d33dbe80d20340286e5 |
Hashing is widely used on the blockchain. For example, a transaction is often represented as a hash, such as on the Bitcoin blockchain. We call this a transaction hash, and can be seen as a transaction receipt.
You can use the hash within the blockchain explorer. When you make a transaction on a crypto exchange, you will see the transaction hash here. You can copy and paste this into the block explorer, after which you will see more information about the transaction. This information is converted into a hash using a hashing algorithm. The storage of this data is done by means of a Merkle Tree.
What is a Merkle Tree? #
A Merkle Tree is a data structure that stores data on the blockchain. This data structure resembles a tree, as you can see in the image below.
A hash is made of every transaction (the transaction hash). In the image you can see that there are four different hashes at the bottom. Then each hash is merged with another hash, after which these two hashes are merged into a master hash.
We call the root hash the Merkle Root, or also the Root Hash, and is therefore the hash of all transactions contained in a block. Does a transaction at the bottom of the Merkle Tree change? Then the outcome of all the above hashes will look completely different. This means that the use of hashes contributes to the security of blockchain technology.
Can a hashing algorithm break? #
It is possible for a hashing algorithm to break. With a secure algorithm it is possible to go only one way. Suppose we secure the passwords in a database by converting them to a hash. When a hacker gains access to the database, he can’t do anything with the passwords listed here. The hacker only sees the hash.
When a user wants to log in, he enters his password. The password is then converted to a hash via the hashing algorithm used. The website then checks whether the hash matches the hash in the database. So the hash in the database is not reset to the password. That would be unsafe.
This is only possible if the algorithm has not been cracked. That means no one should know the logic behind the algorithm. This also applies to the developers of the algorithm. When someone has cracked the logic, it is possible to revert hashes to its contents. That would mean that all passwords in the database (from the example above) can be viewed by people who should not be allowed to see them.
What are the best-known hashing algorithms? #
Below we see an overview of the best-known and most used hashing algorithms. Not all of these hashing algorithms are equally secure, as we’ll discuss. Later in the article I will tell you what the safest hashing algorithm in the world is and which hash functions are currently broken.
MD5 #
MD5, created in 1991, is perhaps the best-known hashing algorithm, although it is hardly used anymore. Why? Because the algorithm is broken!
Yet we see that many applications still use MD5. These are mainly old applications and websites that have not had an update for a long time. But since it was broken, MD5 is no longer considered a secure algorithm. It is therefore not advisable to use MD5 for creating an application, let alone for password protection.
Since MD5 is broken, it is possible to easily roll back the hash. With a secure algorithm, it is only possible to go one way. This means that the content must match the content of the hash. Only then can one gain access.
When you see an MD5 hash, you can view its contents within seconds. There are special websites where you can do that, such as www.md5online.org, where you can also create MD5 hashes. MD5 produces a 128-bit hash.
SHA-1 #
The SHA-1 algorithm produces a 160-bit hash and originated in 1995, when the NSA designed it. The algorithm is part of the SHA family, where SHA stands for Secure Hashing Algorithm. Despite its name, SHA-1 is no longer as secure as it once was. The algorithm is vulnerable to brute force attacks, and is therefore hardly used anymore. Also, Microsoft, Google and Mozilla no longer accept SSL certificates signed with the SHA-1 hashing algorithm.
You can encrypt and decrypt data with SHA-1 on various websites, such as www.md5decrypt.nl/en/Sha1. Security experts recommend that you stop using the algorithm.
SHA-256 #
Many applications and websites use the SHA-256 hashing algorithm on a daily basis for its security. It is a variant of the SHA-2 function and part of the SHA family. The National Institute of Standards and Technology (NIST) even recommends using this hashing algorithm.
Safety is guaranteed because it works very complicated. The algorithm is 30% slower than its predecessor (SHA-2), but this makes it all the more difficult to crack. The algorithm has not been broken so far, and is therefore safe to use.
You can use various websites, like this one, to encrypt data with SHA-256. It is not possible to decrypt SHA-256 hashes. SHA-256 produces a 256-bit hash.
Whirlpool #
Whirlpool is a well-known hashing algorithm among techies, although chances are it may not mean anything to you. The Belgian Vincent Rijmen designed Whirlpool in 2000 and is recommended by many authorities, such as ISO and IEC. It complies with the established safety standards.
The algorithm is widely used within applications, also because the algorithm has been adopted within programming languages such as C and Java. The cryptographic programs FreeOTFE, TrueCrypto and VeraCrypt have also added the algorithm to their application.
There are several websites where you can encrypt data with the Whirlpool hash function, such as this website. When you use Whirlpool, you receive a 512-bit output hash.
PBKDF2 #
The PBKDF2 hashing algorithm is recommended by the NIST. According to this organization, it is a secure algorithm that can be used by applications and websites to protect passwords. The algorithm works slower than SHA, making it extra secure. Salt is also used. This is a technique in which hashes are re-hashed several times. Before a new hash takes place, an extra string is added, making the value extra dependent on this extra string. PBKDF2 generates a 256-bit output.
What is the safest hashing algorithm? #
SHA-256 is considered by many experts to be the most secure hashing algorithm. The NIST recommends using this algorithm due to its high level of security. Many governments use the SHA-256 algorithm, including those of the United States and Australia.
Many cryptocurrencies also use the SHA-256 hashing algorithm, of which Bitcoin is the best known.
What is the most insecure hashing algorithm? #
Any algorithm that is broken is insecure. These are all hashing algorithms that are broken and insecure:
- MD2;
- MD4;
- MD5;
- Message Authenticator Algorithm;
- SHA-1;
- GOST;
- LAN Manager;
- Panama;
- Snefru.
Many organizations and experts advise developers and users to stop using these algorithms. When you protect sensitive data with these features, others can see the content quite easily.
Conclusion #
A hashing algorithm is used to convert data into a hash. You could think of a hash as a kind of cipher that only works one way. It is not possible to revert a hash to its original content, as long as the hash function is not broken. The moment a hashing function is broken, it is possible to reverse the outcome.
There are several hashing functions that are no longer secure, including MD2, MD4, MD5, and SHA1. Currently, SHA-256 is considered by many experts to be the most secure hashing algorithm.
