A one-way hash function, also known as a message digest, fingerprint or compression
function, is a mathematical function which takes a variable-length input string
and converts it into a fixed-length binary sequence. Furthermore,
a one-way hash function is designed in such a way that
it is hard to reverse the process, that is, to find a string that
hashes to a given value (hence the name one-way.)
A good hash function also makes it hard to find two strings that would produce the same hash value.
All modern hash algorithms produce hash values of 128 bits and higher.
Even a slight change in an input string should cause the hash value
to change drastically. Even if 1 bit is flipped in the input string,
at least half of the bits in the hash value will flip as a result. This
is called an avalanche effect.
Since it is computationally infeasible to produce
a document that would hash to a given value or find two documents
that hash to the same value, a document's hash can serve as
a cryptographic equivalent of the document. This makes a one-way
hash function a central notion in public-key cryptography. When
producing a digital signature for a document, we no longer
need to encrypt the entire document with a sender's private key (which
can be extremely slow). It is sufficient to encrypt the document's hash value instead.
Although a one-way hash function is used mostly for generating digital signatures,
it can have other practical applications as well, such as secure password storage,
file identification and message authentication code (MAC.)
See Chapter 3 of the User Manual for more information.
