Use 6 Cryptographic Hash Functions in Your Next Mule application

We live in an age where security is a must and cyber security is equally important as our physical security. Cyber security breaches can cost companies millions, identity theft can devastate lives and cyber warfare can be a National nightmare.

As developers it is imperative to consider security upfront rather than make it an afterthought. This post will be the first of a series of posts that focuses on securing Mule applications and messages in transmission. This post will discuss hash functions and demo its use in the DataWeave Crypto library.

A Note About Hash Functions

You may have heard of hash functions in your computer science course and may have used hash tables or hash maps in your projects. Hash functions are also applicable in cryptography. Hash functions are functions that take a message and return an unique value. This is called a message digest (Secure Cryptography, 106). When describing hash functions, Jean-Philippe Aumasson states in his book, Serious Cryptography on page 105

Now onto the Mule Stuff

DataWeave 2.0 for Mule 4 ships with a Crypto library that consists of the following hash functions:

• HMACBinary

• HMACWith

• MD5

• SHA1

• hashWith

To enable the Crypto library use the following line of code:

import * from dw::Crypto

Read on for information about each hash function and how to use it in Mule.

Hash-Based Message Authentication Code (HMAC)

HMAC is used to calculate message authentication codes. These codes are generated by using a cryptographic key and hashing function. HMACs can be used for authentication and to check data integrity.

DataWeave offers two functions for HMAC (HMACBinary and HMACWith).

As depicted above HMACBinary takes a cryptographic key and message (both as Binary) and returns a HMAC hash code. The default hashing algorithm is HMACSHA1.

The HMACWith function is similar to the HMACBinary function, however you can choose the hashing function. The available options are HMACSHA1, HMAC256 and HMAC512.

Message-Digest Algorithm 5 (MD5)

MD5 is a hashing function that returns a 128-bit value. This function is currently used for validating data integrity. DataWeave offers the MD5 function that takes in a binary input and returns a hexadecimal all lower case string.

Secure Hash Algorithm 1 (SHA-1)

SHA-1 is another hashing function that returns a 160-bit value. However this algorithm is deemed insecure and was deprecated in 2011 by NIST. In, CWI and Google announced its first collision. Since then technology companies have been slowly migrating away from SHA 1.

DataWeave offers the SHA1 function.

Other Hashing Functions

MD5 and SHA1 are only two of many hashing functions. Understanding that, our friends at MuleSoft have created the hashWith function. The available options are MD2, MD5, SHA-1, SHA-256, SHA-384, and SHA-512.

Want to know more about hash functions?

HMAC

• https://searchsecurity.techtarget.com/definition/Hash-based-Message-Authentication-Code-HMAC

• https://dev.to/restoreddev/what-is-an-hmac-2f09

• https://docs.aws.amazon.com/AmazonSimpleDB/latest/DeveloperGuide/HMACAuth.html

• https://www.geeksforgeeks.org/what-is-hmachash-based-message-authentication-code/

SHA-1

• https://www.computerworld.com/article/3173616/the-sha1-hash-function-is-now-completely-unsafe.html

• https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

MD5

• http://www.digitizationguidelines.gov/term.php?term=md5checksum