Cryptographic hash function: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 21:20, 2 April 2025 edit MrOllie (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 255,644 edits m Reverted 1 edit by 103.97.242.120 (talk) to last revision by Tule-hog Tags: Twinkle Undo ← Previous edit		Latest revision as of 06:42, 21 August 2025 edit undo UmbyUmbreon (talk \| contribs) Extended confirmed users 4,003 edits Reverted 1 edit by 178.73.75.172 (talk): Unexplained removal of references and links Tags: Twinkle Undo
(10 intermediate revisions by 10 users not shown)
Line 31: In practice, collision resistance is insufficient for many practical uses. In addition to collision resistance, it should be impossible for an adversary to find two messages with substantially similar digests; or to infer any useful information about the data, given only its digest. In particular, a hash function should behave as much as possible like a [[random function]] (often called a [[random oracle]] in proofs of security) while still being deterministic and efficiently computable. This rules out functions like the [[SWIFFT]] function, which can be rigorously proven to be collision-resistant assuming that certain problems on ideal lattices are computationally difficult, but, as a linear function, does not satisfy these additional properties.{{sfn\|Lyubashevsky\|Micciancio\|Peikert\|Rosen\|2008\| pp=54–72}} Checksum algorithms, such as [[~~CRC32~~CRC-32]] and other [[cyclic redundancy check]]s, are designed to meet much weaker requirements and are generally unsuitable as cryptographic hash functions. For example, a CRC was used for message integrity in the [[Wired Equivalent Privacy\|WEP]] encryption standard, but an attack was readily discovered, which exploited the linearity of the checksum. === Degree of difficulty ===