Flutter: Overview of hashing algorithms based on crypto plugin

This article will tell you what hashing is and what hashing algorithms are used in the crypto plugin, and a comparison table will be provided in which you can see and compare the characteristics of certain hashing algorithms supported by this plugin.

Hash (hash) is a cryptographic function, which is a mathematical algorithm that converts an arbitrary array of data (information) into a fixed-length string consisting of numbers and letters.

First, determine the integrity of which files need to be controlled. For each file, the value of its hash is calculated according to a special algorithm, and the result is saved. After the necessary time, a similar calculation is made and the results are compared. If the values are different, then the information contained in the file has been changed.

The main feature of hash functions is that they cannot be dehashed, it is impossible to return a once hashed data string to a reverse readable form.

Analysis using hash functions is often used to control the integrity and verify the uniqueness of important files of the operating system, programs, as well as to protect personal data on the Internet, such as a password, key or other value that does not require reverse decryption, but requires control/comparison of values.

- Must be able to perform arbitrary to fixed length data conversions.
- Must have an open algorithm so that its cryptographic strength can be investigated.
- It should be one-sided, that is, there should not be a mathematical possibility to determine the initial data from the result.
- Must "resist" collisions, i.e. should not produce the same values for different inputs.
- Should not require large computing resources.
- With the slightest change in the input data, the result should change significantly.

To see the hashing process in all its glory, we'll use the companion plugin for the Flutter framework: crypto is a collection of cryptographic hash functions written in the pure Dart language, supporting platforms such as Android, iOS, Linux, macOS, Windows, Web.

The plugin supports the following algorithms:

- SHA-1
- SHA-224
- SHA-256
- SHA-384
- SHA-512 (in addition to SHA-512/224, SHA-512/256)
- MD5
- HMAC (including HMAC-MD5, HMAC-SHA1, HMAC-SHA256)

SHA ("Secure Hash Algorithm") is one of the most, if not the most popular family of hashing algorithms.

There are 3 main categories in total:

- SHA-1 is the second cryptographic hashing algorithm in the family, the predecessor is SHA-0, which was withdrawn citing an error and later replaced with an improved version, this is SHA-1. Developed and published by the US National Security Agency in 1995 as a standard for secure hashing. The algorithm is based on the idea of a compression function.
- SHA-2 is a subfamily of cryptographic hash functions (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256), also created and published by the US National Security Agency, this In addition, the SHA-1 function, developed in 1995, was added to the standard. SHA-2 algorithms are based on the Merkle-Damgaard structure.
- SHA-3 - Keccak, a hashing algorithm, was the winner of the 2012 new standard competition to replace SHA-1 and SHA-2, but Since no major attacks on the SHA-2 algorithm have been proposed so far, switching to SHA-3 is not necessary. The algorithm is built on the principle of a cryptographic sponge. Because in the plugin in question there is no implementation of this algorithm, I can bring to your attention the sha3 plugin, written in the pure Dart language and implementing the necessary functionality.

MD ("Message-Digest") is a widely used family of hash algorithms.

Includes 6 versions:

- MD1 is a proprietary algorithm whose specification has not been published.
- MD2 - was developed in 1989 for use as one of the cryptographic algorithms, and in 1990 was proposed as a replacement for BMAC (Bidirectional MAC).
- MD3 - never published, most likely development was abandoned.
- MD4 - developed in 1990, from the features used in the MS-CHAP authentication protocol, developed by Microsoft to perform authentication procedures for remote Windows workstations.
- MD5 - developed in 1991, is the most popular algorithm of the entire family, and is widely used to this day for checking the integrity of information and hashing passwords.
- MD6 - developed in 2008, is not very popular due to the shortcomings declared by the developer himself and the loss in the competition in 2008-2012, in which the new SHA-3 algorithm won, later the algorithm was improved, but this did not add popularity to it .

HMAC ("Hash-based Message Authentication Code") is one of the mechanisms for checking the integrity of information to ensure that data transmitted or stored in an untrusted environment has not been modified by unauthorized persons.

MAC is a standard that describes how to exchange data and how to check the integrity of transmitted data using a secret key.

Two clients using a MAC typically share a shared secret. HMAC is an add-on for MAC, a mechanism for exchanging data using a secret key. The name may specify the hash function used: HMAC-MD5, HMAC-SHA1, HMAC-RIPEMD160...

In HMAC, the data is "mixed" with the key, and the hash function is applied twice.

Advantages of HMAC:

- the possibility of using hash functions already available in the software product.
- no need to make changes to the implementation of existing hash functions (making changes can lead to performance degradation and deterioration of cryptographic strength).
- the ability to replace the hash function if a safer or faster hash function becomes available.

The performance data was taken from this hash function performance article.

Summing up, we can say one thing that the SHA family, in particular the new SHA-3 Keccak standard, which is a pioneer in terms of protection, has shown itself to be the most cryptographic algorithms throughout its existence. However, the choice of hashing algorithm to use will still depend not only on its security, but also on its speed, choose wisely.