A cryptographic hash function is a mathematical function that takes an arbitrary length message and returns a fixed-size bit string, referred to as hash value or message digest, such that an accidental or intentional change to the message will, with very high probability, changes the hash value.
Cryptographic hash functions play a significant role in secure and efficient digital information processing. Therefore, the cryptographic hash functions are employed by various corporate sectors in many information processing applications, such as efficient digital signature generation and verification, message integrity, password protection, signcryption mechanism, cryptographic commitment protocols, key derivation functions (KDFs), and message authentication codes (MACs).
The cryptographic hash functions generally have three security properties, namely, collision resistance, preimage resistance, and second preimage resistance. The requirement of these properties depends on an application in which the cryptographic hash function is used. This implies, a security attack that weakens any of these properties could undermine the security of the application which needs that property. For example, a collision attack on a hash function defeats the security of the digital signatures and a preimage attack on a hash function compromises the security of applications, such as password protection and MACs. Thus, the cryptographic hash functions are designed to prevent any such attack that compromises on security of an application.
The cryptographic hash functions, such as message digest algorithm (MD5) and secure hash algorithm-1 (SHA-1) are widely used by various corporate sectors to have secure and efficient implementation of the information processing applications. However, certain cryptographic hash functions, such as MD5 and SHA-1 are susceptible to the security attacks, such as collision attacks. Further, cryptographic libraries of some licensed software frameworks may not support stronger hash functions for application security and until the time they start supporting stronger hash functions these frameworks may use susceptible hash functions for application security.