A hash function is a function or algorithm that can be used to map data of any size to a set of data of fixed size. So you can for example take various names of various lengths, process them through a hash function and come up with a set of data of fixed size, two digits for example, as shown in the following diagram:
The input of a hash function is called a key and the output is called a hash.
Hash functions can be useful in cryptography if they are a one way function. That is, if it is only possible to determine the hash from the key and not the other way around. Why is this useful? Imagine you and I want to verify each other’s identity. I have a key and you have that same key, but we want to keep that key private. I can verify my identity to you by posting that key on this forum, but that would reveal the key. What I can do is share the hash function with you. Then I can send you the hash of my key on the forum. You can then compare that with the hash of your key to see if it is the same. But I haven’t revealed the key on the forum, and since the hash function is a one way function, no one can reverse engineer the hash to find the key. In this way, I have authenticated my identity to you without actually sending the private key over an insecure link. In cryptography, this is the purpose of a hash.
Does it sound familiar? If so, then it should remind you of the private and public key methodology. The hash is the public key, the key is the private key.
Essentially, hash functions allow a pair of devices to authenticate each other without having to send a private piece of information such as the password over a potentially unsecured link. This is what is happening in Rene’s example. He uses the command
hash sha. This command informs the other side of the hash algorithm that should be used to verify authentication across the IPsec tunnel.
I hope this has been helpful!