Java Cryptographic Hash Functions

A cryptographic hash function is an algorithm that can be run on data such as an individual file or a password to produce a value called a digest.

The main purpose of the cryptographic hash function is to verify the authenticity of a piece of data.

SHA-0, SHA-1, SHA-2, and SHA-3 are some common Secure Hash Algorithm (SHA) family of cryptographic hash functions designed by the National Security Agency. Apart from the SHA family of hash functions, there are MD2, MD4, MD5 and MD6 common Message-Digest Algorithm family of cryptographic hash functions.

The term “hash function” is generic which can refer to cryptographic hash functions and the cyclic redundancy check (CRC) hash functions.

Among the SHA family of hash functions and MD family of hash functions, only a few cryptographic hash functions like SHA-256 (SHA-2 family),
SHA-512 (SHA-2 family), MD5 are the widely used ones.

The SHA-2 family of cryptographic hash functions consists of 6 hash functions.

  1. SHA-224, with 224-bit hash values
  2. SHA-256, with 256-bit hash values
  3. SHA-384, with 384-bit hash values
  4. SHA-512, with 512-bit hash values
  5. SHA-512/224, with 512-bit hash values
  6. SHA-512/256, with 512-bit hash values

Among these, SHA-256 and SHA-512 are the most commonly accepted and used hash functions computed with 32-bit and 64-bit words, respectively. SHA-224 and SHA-384 are truncated versions of SHA-256 and SHA-512 respectively, computed with different initial values.

In this article let’s explore implementing SHA-1, SHA-256, SHA-512 and MD5 cryptographic hash functions in Java.

Java provides MessageDigest Class under the java.security package to calculate the cryptographic hash value of a text using one of the following hash functions:

  • MD2
  • MD5
  • SHA-1
  • SHA-224
  • SHA-256
  • SHA-384
  • SHA-512

The JavaHash class is a generic implementation to invoke the MessageDigest class instance with the desired input text and the cryptographic algorithm. The following different hash codes are generated for the input text “InputMessage”.

As you can see from the above output

MD5 hash takes 32 characters — 128 bits length
SHA1 hash takes 40 characters — 160 bits length
SHA256 hash takes 64 characters — 256 bits length (As the name implies)
SHA512 hash takes 128 characters — 512 bits length (As the name implies)

Choosing a cryptographic hash function

There are a few key aspects we need to consider when choosing a cryptographic hash function.

All the cryptographic hash functions are one-way functions. Which means they are irreversible. So it is impossible to reverse the input text from the hash code generated. But still there can be dictionary attacks performed based on the list of popular hashes against the input texts to guess the input text. This can be avoided by selecting an input text which is strong enough.

Hash Collision

The only way a cryptographic hashing can be broken is by creating hash collisions in the hashing algorithm. The attacker forges a fake input text which could create the same cryptographic hash code to match the actual input text. Due to the lesser amount of bits, SHA-1 and MD5 hash algorithms are found to be vulnerable to hash collisions thus leaving a backdoor to the attackers. So, when choosing a hashing algorithm always consider the hash collision (for how long this algorithm will be safe from a hash collision)

Computational Complexity

Some hashing algorithms might provide better security but might be resource-intensive and take longer times to compute the hash values.

Hope you enjoyed the blog, Thanks for reading. Cheers!!!

Senior Software Engineer @WSO2, B.Sc.(Hons).Computer Engineering

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store