Hashing functions

Overview

A hashing function is an algorithm that maps large data sets of variable length to smaller data sets of a fixed length. Common uses of hashing functions include:

Determining if two objects are equal
Generating checksums for large volumes of data
Generating key values for finding database entries
Cryptography

HMAC functions

The HMAC family of functions accept two arguments—a key, and the message to hash— and produce a hash or "digest" of the input data combined with the key. The functions are designed so that it is very improbable that two different {key,message} pairs will produce the same hash code, and they also make it very difficult to forge an authentic hash code. The functions differ in the algorithm used to the generate the hash, and the resulting length of the hash. The functions were developed in response to vulnerabilities in other mechanisms for combining a key with a hashing function.

These hashing functions help to ensure security of data transmission. If a sender and receiver possess the same secret key, the sender can hash the message using one of these functions, and then send both the message and its hash to the receiver. Assuming that the key has not been compromised, the receiver can assume several things about an incoming message:

Only an authorized sender originated the message
The message was not tampered with during transmission
The message was not corrupted by transmission

This approach does not prevent eavesdropping, since the message itself is not obscured.

In Data Management, you might use these functions for several reasons:

You are calling a web service that requires a hash code for authentication purposes
You receive a message via a web service call, and you want to authenticate the sender of the message
You want to ensure that transmitted data has not been corrupted

These functions come in two forms: those that accept binary arguments (such as HmacSHA256Binary), and those that accept string arguments (such as HmacSHA256String). The functions are binary in nature, so the string versions of the functions perform three steps:

Input arguments are converted to binary by encoding the strings as UTF-8.
The corresponding binary function is called.
The result is converted to a string by formatting the bytes in hexadecimal notation.

For example, calling the function HmacSHA256String("The quick brown fox jumps over the lazy dog","key") will produce the result: f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8

Binary HMAC functions

These functions accept and return binary values using the MD5, SHA1, SHA256, SHA384, and SHA512 cryptographic hash algorithms respectively.

HmacMD5Binary( value, key )
HmacSHA1Binary( value, key )
HmacSHA256Binary( value, key )
HmacSHA384Binary( value, key )
HmacSHA512Binary( value, key )

The required argument value must be of type binary. The required argument key may be either a binary or a string.

String HMAC functions

These functions accept and return String values using the MD5, SHA1, SHA256, SHA384 and SHA512 cryptographic hash algorithms respectively. Because the underlying hashing functions are defined in terms of bytes, not characters, the Strings are converted to and from bytes using the UTF-8 encoding.

HmacMD5String( value, key )
HmacSHA1String( value, key )
HmacSHA256String( value, key )
HmacSHA384String( value, key )
HmacSHA512String( value, key )

The required argument value must be of type binary. The required argument key may be either a binary or a string.

MD5

Implements the MD5 message-digesting algorithm.

Syntax

MD5( text )

The required argument text must be of type Text.

Remarks

The MD5 function accepts a single text input, and produces a binary result that is always 16 bytes long. This can be used to create "signatures" from long input strings for later comparison.

Example

MD5(NAME) produces the MD5 signature of a NAME field and presents it as a 16-byte binary field. If this value is assigned to a field of type text, it will automatically be converted to its 32-character hexadecimal representation.

MD5Record

Applies the MD5 message-digesting algorithm to an entire record.

Syntax

MD5Record( )
MD5Record has no arguments.

Remarks

This function computes the MD5 hash of an entire record by converting each field to text, separated with a | character, and then executing the MD5 function on the resulting string. This creates a key that uniquely represents the contents of the record. This key can be used to uniquely identify records based on the contents of every field, or to quickly compare the local record to the record stored in a database.

Mod10

Generates the mod10 checksum for an input number.

Syntax

Mod10( value )

The required argument value must be a number.

Remarks

The Mod10 function accepts a number as input, generates the mod10 checksum, then appends it to the end of the number and returns it. Use the ValidateMod10 function to test whether the output is a valid mod10.

The modulus 10 or "mod 10" algorithm (also called the Luhn algorithm or Luhn formula), is a checksum formula used to validate a variety of identification numbers. It is designed to protect against accidental errors, and is not intended to be a cryptographically secure hash function. Most credit cards and many government identification numbers use the algorithm as a simple method of distinguishing valid numbers from mistyped or otherwise incorrect numbers.

Example

Mod10(7992739871) returns 79927398713.

ValidateMod10

Checks whether an input number is a valid mod10.

Syntax

ValidateMod10( value )

The required argument value should be the output of a Mod10 function.

Remarks

The ValidateMod10 function accepts a single number as input and returns true if the input number it is a valid mod10, otherwise false.

Example

ValidateMod10(79927398713) returns true.
ValidateMod10(79927398719) returns false.

SHA1

Implements the SHA-1 message-digesting algorithm, using the corrected 2005 algorithm.

Syntax

SHA1( text )

The required argument must be of type Text.

Remarks

The SHA1 function accepts a single text input and produces a 20-byte binary SHA1 digest of the input string. This can be used to create "signatures" from arbitrary-sized input strings for later comparison.

Example

SHA1(NAME) produces the SHA1 signature of a NAME field and presents it as a 20-byte binary field. If this value is assigned to a field of type text, it will automatically be converted to its 40-character hexadecimal representation.

SHA256

Implements the SHA-2 256-bit message-digesting algorithm.

Syntax

SHA256( text )

The required argument must be of type Text.

Remarks

The SHA256 function accepts a single text input and produces a 32-byte binary SHA2-256 digest of the input string. This can be used to create "signatures" from arbitrary-sized input strings for later comparison.

Example

SHA256(NAME) produces the SHA2-256 signature of a NAME field and presents it as a 32-byte binary field. If this value is assigned to a field of type text, it will automatically be converted to its 64-character hexadecimal representation.

SHA384

Implements the SHA-2 384-bit message-digesting algorithm.

Syntax

SHA384( text )

The required argument must be of type Text.

Remarks

The SHA384 function accepts a single text input and produces a 48-byte binary SHA2-384 digest of the input string. This can be used to create "signatures" from arbitrary-sized input strings for later comparison.

Example

SHA384(NAME) produces the SHA2-384 signature of a NAME field and presents it as a 48-byte binary field. If this value is assigned to a field of type text, it will automatically be converted to its 96-character hexadecimal representation.

SHA512

Implements the SHA-2 512-bit message-digesting algorithm.

Syntax

SHA512( text )

The required argument must be of type Text.

Remarks

The SHA512 function accepts a single text input and produces a 64-byte binary SHA2-512 digest of the input string. This can be used to create "signatures" from arbitrary-sized input strings for later comparison.

Example

SHA512(NAME) produces the SHA2-512 signature of a NAME field and presents it as a 64-byte binary field. If this value is assigned to a field of type text, it will automatically be converted to its 128-character hexadecimal representation.

SHA1Record

Applies the SHA-1 message-digesting algorithm to an entire record.

Syntax

SHA1Record()

SHA1Record has no arguments.

Remarks

This function computes the SHA1 hash of an entire record by converting each field to text, separated with a | character, and then executing the SHA1 function on the resulting string. This creates a key that uniquely represents the contents of the record. This key can be used to uniquely identify records based on the contents of every field, or to quickly compare the local record to the record stored in the database.

SHA256Record

Applies the SHA-2 256-bit message-digesting algorithm to an entire record.

Syntax

SHA256Record()

SHA256Record has no arguments.

Remarks

This function computes the SHA2-256 hash of an entire record by converting each field to text, separated with a | character, and then executing the SHA256 function on the resulting string. This creates a key that uniquely represents the contents of the record. This key can be used to uniquely identify records based on the contents of every field, or to quickly compare the local record to the record stored in the database.

SHA384Record

Applies the SHA-2 384-bit message-digesting algorithm to an entire record.

Syntax

SHA384Record()

SHA384Record has no arguments.

Remarks

This function computes the SHA2-384 hash of an entire record by converting each field to text, separated with a | character, and then executing the SHA384 function on the resulting string. This creates a key that uniquely represents the contents of the record. This key can be used to uniquely identify records based on the contents of every field, or to quickly compare the local record to the record stored in the database.

SHA512Record

Applies the SHA-2 512-bit message-digesting algorithm to an entire record.

Syntax

SHA512Record()

SHA512Record has no arguments.

Remarks

This function computes the SHA2-512 hash of an entire record by converting each field to text, separated with a | character, and then executing the SHA512 function on the resulting string. This creates a key that uniquely represents the contents of the record. This key can be used to uniquely identify records based on the contents of every field, or to quickly compare the local record to the record stored in the database.