Reference
Glossary
The terms that recur across the algorithm catalog, defined once.
- Preimage resistance
- Given h, it is hard to find any m such that H(m) = h. For an n-bit hash, the generic attack costs 2^n.
- Second-preimage resistance
- Given m1, it is hard to find a different m2 such that H(m1) = H(m2). Generic cost 2^n.
- Collision resistance
- It is hard to find any pair (m1, m2) with m1 != m2 and H(m1) = H(m2). Generic cost is 2^(n/2) by the birthday paradox.
- Avalanche effect
- Flipping a single bit of the input should flip roughly half the bits of the output, with no detectable pattern.
- Strict avalanche criterion (SAC)
- Every output bit should flip with probability exactly 1/2 when any one input bit is flipped.
- Merkle-Damgård construction
- Build a hash from a fixed-size compression function: pad the message, split into blocks, and chain the compression of each block. Used by MD5, SHA-1, SHA-2. Susceptible to length-extension.
- Sponge construction
- Absorb input into a fixed permutation state in fixed-size chunks (the rate), then squeeze output of any desired length. Used by SHA-3 / Keccak. Immune to length-extension.
- Length-extension attack
- Given H(m) (and the length of m) for a Merkle-Damgård hash, an attacker can compute H(m || pad || m') for chosen m' without knowing m. Avoid by using HMAC, SHA-512/256, SHA-3, or BLAKE2/3.
- HMAC
- Hash-based MAC. HMAC(K, m) = H((K xor opad) || H((K xor ipad) || m)). Defined in RFC 2104, FIPS 198-1. Defeats length-extension when used with Merkle-Damgård hashes.
- Salt
- A unique, non-secret random value mixed into a password hash so identical passwords produce different digests. Defeats precomputed rainbow tables.
- Pepper
- A secret value (often the same across all users) mixed in alongside the salt. Stored separately from the database so a database leak alone does not reveal it.
- KDF (Key Derivation Function)
- Stretches a low-entropy input (like a password) into one or more cryptographic keys. Modern KDFs deliberately use CPU, memory, and parallelism cost to slow brute-force attacks. Examples: Argon2, scrypt, PBKDF2.
- Birthday paradox
- Among 23 random people there is a >50% chance two share a birthday. For an n-bit hash, you expect a collision after ~2^(n/2) random samples.
- Random oracle model
- An idealization where a hash function is treated as a function that returns truly random outputs, consistent across queries. Used in security proofs; not literally true of any real hash.
- MAC (Message Authentication Code)
- A keyed function producing a tag that lets a verifier confirm both integrity and authenticity. HMAC, KMAC, Poly1305, GMAC are common.
- PRF (Pseudorandom Function)
- A keyed function indistinguishable from a random function to anyone without the key. HMAC, AES-CMAC, and Poly1305 are PRFs in practice.