A cryptographic hash function is a mathematical algorithm that maps data of arbitrary size to a bit array of a fixed size (the “hash). It is a one-way function, that is, a function that is practically infeasible to invert or reverse the computation.
Certain properties of cryptographic hash functions impact the security of password storage.
- Non-reversibility, or one-way function. A good hash should make it very hard to reconstruct the original password from the output or hash.
- Diffusion, or avalanche effect. A change in just one bit of the original content will result in a change to half the bits of its hash. In other words, when the original content is changed slightly, the output of enciphered text will change significantly and unpredictably.
- Determinism. A given original content will always generate the same hash value.
- Collision resistance. It’s almost impossible to find two different source contents that hash to the same enciphered text.
- Non-predictable. The hash value can not be reconstructed from the source content.