Strong and secure hash functions

In its broadest sense, a hash function takes some data and turns it into a hash code which in some sense "represents" that data. A common use that we looked at is creating a hash map (or hash table), whereby the hash code allows us to efficiently "narrow down the search" for an item. Java's hash maps use 32-bit hash functions. This is what we might call a weak hash function:

In this section we will look at two other categories of hash code:

Secure hash codes are also strong hash codes, though not necessarily vice versa. In reality, the notion of "strength" is a continuum rather than a distinct category, and "security" refers to the upper end of this continuum. The strength and security of a hash code are dictated by a combination of its width (the number of bits that a hash code has), and by its quality: the ability of the function to distribute bits "randomly". But even if we can't find patterns in the hash codes that would allow us to calculate two items with identical hash codes, if the number of possible hash codes is small enough, we can just try hashing a huge number of items until we find a collision by trial and error. Thus, for a hash function to be secure generally implies that it is wide enough that finding a collision by trial and error is not feasible.

If you enjoy this Java programming article, please share with friends and colleagues. Follow the author on Twitter for the latest news and rants.

Editorial page content written by Neil Coffey. Copyright © Javamex UK 2021. All rights reserved.