A hash chain is constructed by repeated hashing from an initial value. While it finds applications for network protocol design it also poses threats to hash function one-way and collision-free properties. We investigate the complexity of breaking hash function security properties by hash chain attacks using probabilistic algorithms. We show that each hash function has a vulnerability index that measures its inherent vulnerability against hash chains attacks. The vulnerability index is invariant with respect to different types of hash chain attacks using probabilistic algorithms with or without an oracle. It provides a criterion for the evaluation of the prevalent hash functions and also be used as a guide for the design of new hash functions. We analyze the properties of the vulnerability indices and estimate their values of the commonly used hash functions: MD5, SHA1, RIPEMD128 and RIPEMD160. Preliminary experiments indicate that their vulnerability indices are rather low; that is, it is hard to break their security properties by hash chain attacks with probabilistic algorithms.