Zephyr Hash Algorithm

ZHA (Zephyr Hash Algorithm) is a program to hash passwords, or any file, into a 256-bit hash value. The program can accept either an 8 byte salt value or a 28 byte key value. The program uses Multiply With Carry pseudo random number generators. The design criteria are:

The algorithm should be one-way. This means it should be easy (fast) to calculate the hash value from the input, but very difficult to determine the input from the hash value. In fact, the fastest method to find an input that hashes to a particular value should be brute force guessing.
It should be difficult to find collisions, that is, more than one input that hashes to the same value.
The algorithm should produce values that appear to be random.
Even very small changes in the input should result in very different hash values. This requires a good avalanche effect, where small changes in the input rapidly propagate to modify many bits of the output.
Small changes in either the salt or key value should result in very different hash values.
Given any number of input messages and corresponding keyed hash values, it should be very difficult to find any other message and valid corresponding keyed hash value without knowing the value of the key.
The algorithm should be relatively fast.

The algorithm is implemented in the module ZHash.dll. This can be used by any application to hash any input. The user can supply a salt value or the program will determine a pseudo random salt value. The output includes a 2 byte header and the 8 byte salt value followed by the 32 byte (256-bit) hash value. The 256-bit hash value is output as either 64 hexadecimal characters or 44 Base64 characters followed by an "=" character. Alternatively, the user can supply a 28 byte key value, in which case the key is not included as part of the output.

A Classification Request was submitted to the Bureau of Industry and Security (BIS) to determine if ZHash.dll can be exported without a license. The response is linked above in the button labeled "Export Restrictions". ZHash.dll is offered as shareware with the option to purchase a license. To request a license, click the button above labeled "ZHash License".

Program to install ZHash.dll:

ZHashSetup.exe

ReadMe document for the setup program:

ReadMe.pdf

How to use ZHash.dll:

ZHA.pdf

Summary description of the Zephyr Hash Algorithm:

Zephyr Hash Algorithm.pdf

A detailed description of the Zephyr Hash Algorithm:

ZHA_Algorithm.pdf

A document describing how the Zephyr Hash Algorithm avoids a common weakness of iterative hash algorithms:

HashWeaknessAvoided.pdf

A discussion of Multiply With Carry pseudo random number generators as one way functions:

One Way Functions.pdf

Documentation of the Compression function used in the Zephyr Hash Algorithm:

Compression.pdf

Example code using ZHash.dll:

Example Code.pdf