A function on bit strings in which the length of the output is fixed. Approved hash functions (such as those specified in FIPS 180 and FIPS 202) are designed to satisfy the following properties:
1. (One-way) It is computationally infeasible to find any input that maps to any new pre-specified output
2. (Collision-resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.
A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties:
i. (Collision resistance) It is computationally infeasible to find any two distinct inputs that map to the same output.
ii. (Preimage resistance) Given a randomly chosen target output, it is computationally infeasible to find any input that maps to that output. (This property is called the one-way property.)
iii. (Second preimage resistance) Given one input value, it is computationally infeasible to find a second (distinct) input value that maps to the same output as the first value.
This Recommendation uses the strength of the preimage resistance of a hash function as a contributing factor when determining the security strength provided by a key-derivation function.
A function that maps a bit string of arbitrary length to a fixed-length bit string. Depending upon the relying application, the security strength that can be supported by a hash function is typically measured by the extent to which it possesses one or more of the following properties
1. (Collision resistance) It is computationally infeasible to find any two distinct inputs that map to the same output.
2. (Preimage resistance) Given a randomly chosen target output, it is computationally infeasible to find any input that maps to that output. (This property is called the one-way property.)
3. (Second preimage resistance) Given one input value, it is computationally infeasible to find a second (distinct) input value that maps to the same output as the first value.
This Recommendation uses the strength of the preimage resistance of a hash function as a contributing factor when determining the security strength provided by a key-derivation method.
Approved hash functions are specified in [FIPS 180] and [FIPS 202].