A cryptographic hash algorithm *H* takes a message *M* and produces a *B*-bit digest *D* = *H*(*M*) in such a way that the following properties hold:

- Preimage resistance
- Given a digest
*D*, it is challenging to produce a message*M'*such that*D*=*H*(*M'*). Ideally it would be Ω(2^{B}), the average complexity of a brute-force search. - Second preimage resistance
- Given a message
*M*, it should be challenging to find a different second message*M'*such that*H*(*M*) =*H*(*M'*). Ideally it would require the same as a preimage search for*D*=*H*(*M*), but for many popular algorithms it's not. - Collision resistance
- It is challenging to produce two different messages
*M*and*M'*such that*H*(*M*) =*H*(*M'*). Because of the birthday paradox, ideally it would be Ω(2^{B/2}), the average complexity of a brute-force search.

As their name suggests, they have many uses in cryptography, mostly as part of authentication schemes. They have many other uses as well, including corruption detection, digital fingerprinting, and duplication detection. For more information, see the Wikipedia article on cryptographic hashing.

For uses outside of cryptography, cryptographic hash functions provide advantages against a malicious adversary at a performance cost over specialized techniques. For example, Boost.CRC offers good protection against accidental transmission errors, but it's simple for an attacker to modify the stream without changing its CRC. (That said, even the strongest hash algorithm won't help if the attacker can modify the hash as well as the input.) Similarly, it would be harder for an attacker to induce worst-case behaviour in a hash table if it used a cryptographic hash function. (Typically a cryptographic hash algorithm with a truncated digest is no less secure than is implied by the smaller number of bits.)

Next: Quickstart |

Copyright Scott McMurray 2010

Distributed under the Boost Software License, Version 1.0. (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt).