Editing Cryptographic hash function (section)

== Use in building other cryptographic primitives ==
Hash functions can be used to build other [[Cryptographic primitive|cryptographic primitives]]. For these other primitives to be cryptographically secure, care must be taken to build them correctly.

[[Message authentication code]]s (MACs) (also called keyed hash functions) are often built from hash functions. [[HMAC]] is such a MAC.

Just as [[block cipher]]s can be used to build hash functions, hash functions can be used to build block ciphers.  [[Luby-Rackoff]] constructions using hash functions can be provably secure if the underlying hash function is secure.  Also, many hash functions (including [[SHA-1]] and [[SHA-2]]) are built by using a special-purpose block cipher in a [[One-way compression function#Davies–Meyer|Davies–Meyer]] or other construction.  That cipher can also be used in a conventional mode of operation, without the same security guarantees; for example, [[SHACAL]], [[BEAR (cipher)|BEAR]] and [[LION (cipher)|LION]].

[[Pseudorandom number generator]]s (PRNGs) can be built using hash functions.  This is done by combining a (secret) random seed with a counter and hashing it.

Some hash functions, such as [[Skein (hash function)|Skein]], [[Keccak]], and [[RadioGatún]], output an arbitrarily long stream and can be used as a [[stream cipher]], and stream ciphers can also be built from fixed-length digest hash functions. Often this is done by first building a [[cryptographically secure pseudorandom number generator]] and then using its stream of random bytes as [[keystream]]. [[SEAL (cipher)|SEAL]] is a stream cipher that uses [[SHA-1]] to generate internal tables, which are then used in a keystream generator more or less unrelated to the hash algorithm.  SEAL is not guaranteed to be as strong (or weak) as SHA-1. Similarly, the key expansion of the [[HC-256|HC-128 and HC-256]] stream ciphers makes heavy use of the [[SHA-256]] hash function.