7

My understanding is that both a fingerprint and a hash are functions that take as input some arbitrarily long bitstring, and output a bitstring of a fixed size. The Wikipedia page for Hash Functions says:

Hash functions are related to (and often confused with) ... fingerprints

But try as I may, I can't find any sources that mention the difference between the two. Do you know what the difference between a hash function and a fingerprinting function is?

Christopher Shroba
  • 237
  • Fingerprint or digest is the result of a hash fucntion, not the function. – gammatester Nov 09 '17 at 16:37
  • Thanks for the comment. I'm asking about the difference between hashing functions and fingerprinting functions. Or alternatively, the difference between a hash and a fingerprint. The wikipedia page implies that there is a difference between the two, though you're right in that it uses the wrong terminology (it should say hash functions are related to fingerprinting functions). – Christopher Shroba Nov 09 '17 at 16:42
  • When comparing both descriptions I see a difference in the length of the result, for hash functions it is fixed but there is no such restriction of fingerprinting functions. But I am no expert, if you need a definite answer you may ask at https://crypto.stackexchange.com. – gammatester Nov 09 '17 at 16:49
  • A hash function is something which assign a shorter bit string for each item in a large pool of items. For practical purposes, the hash values for different items should seldom to collide but there is no guarantee they won't collide at all. A fingerprint is supposed to be something that uniquely identifies the original item for all practical purposes. – achille hui Nov 09 '17 at 16:52
  • @gammatester A "hash" is the result of a hash function, too. – Geremia May 20 '18 at 03:26

2 Answers2

3

It is my understanding that cryptographic hash functions need to be resistant to reversing. I.e. One should not be able to calculate possible messages from a hash value. If this were not the case, hashing passwords wouldn't be (as) secure.

Fingerprint functions, on the other hand, are fine even if you can calculate possible messages from a fingerprint. They just need to identify a file/object.

ispiro
  • 161
  • I'd agree this is the difference between "cryptographic hash functions" (like you said) and fingerprints, but I think it's just as true to say it's the difference between "cryptographic hash functions" and "hash functions", so I think this answers a slightly different question than the one I asked. Thanks nonetheless for the input! – Christopher Shroba Mar 23 '23 at 19:31
2

I had the same question, it looks like the difference is the same as the difference between $P \Rightarrow Q$ and $P \iff Q$. Strictly speaking if $h$ is a hash function then it must be a fingerprinting function however the converse is not true, i. e., if $h$ is a fingerprinting function then we don't know if it is a hash function or not.

Notice that here by a hash function we mean what is colloquially referred to as a cryptographic hash function. If the context differentiates between a cryptographic hash function and just a hash function, that function may be a fingerprinting function and not a hash function. The Wikipedia article: Fingerprint (computing) says:

Mainstream cryptographic grade hash functions generally can serve as high-quality fingerprint functions, are subject to intense scrutiny from cryptanalysts, and have the advantage that they are believed to be safe against malicious attacks.

Therefore it feels like a set of all hash functions $\mathcal{H}$ is a smaller subset of the set of all fingerprinting functions $\mathcal{F}$. Therefore, we may write:

$$ f \in \mathcal{H} \Rightarrow f \in \mathcal{F} $$

scribe
  • 576