A hash function is a mathematical function which maps a character string of any given length onto a character string of fixed length. In this way hash functions can be used to create a characteristic identifier for an extensive plain text. This identifier is referred to as a checksum, message digest or simply digest.

A hash algorithm suitable for cryptographic purposes must satisfy a number of requirements:

• For identical input, a hash algorithm must return the same output.

• Minimal changes to the input must result in a significantly changed message digest.

• Under no circumstances may it be possible to reconstruct the input from the message digest.

• It should be virtually impossible to find two different plain texts for which the hash algorithm returns the same message digest.

Hash functions with these characteristics are known as cryptographic hash functions. Cryptographic hash functions are very suitable for securing data integrity.

Frequently used hash algorithms are MD5, SHA-1, and SHA-2 (generic term for SHA-224, SHA-256, SHA-384, and SHA-512). The digest length is 128 bits for MD5, 160 bits for SHA-1, and 224/256/384/512 bits for SHA-2. For MD5 and now also for SHA-1, security-related deficiencies have been identified, which means that you should use methods from the SHA-2 class if possible.

Message Authentication Code (MAC)

Message Authentication Codes (MACs) are cryptographic hash functions which in addition use a secret key to generate the message digest. MACs secure integrity and authenticity of the data traffic between two communications partners who share one secret key.

The most commonly used MAC is HMAC. HMAC can be used with every cryptographic hash algorithm and is currently the only MAC supported in TLS and OpenSSL. By now there is for e.g. AES also an operation mode GCM (Galois/Counter Mode) with AEAD (Authenticated Encryption with Associated Data) property, i.e. it covers also the MAC functionality, so no hash functions are needed for this.