Revision as of 15:10, 30 May 2025 edit Mindmatrix (talk \| contribs) Autopatrolled, Administrators 188,534 edits revert - rm promotional links Tag: Manual revert ← Previous edit		Revision as of 12:37, 4 July 2025 edit undo Connoisseurship (talk \| contribs) Extended confirmed users 596 edits wording: "CRC-32" Next edit →
Line 31: In practice, collision resistance is insufficient for many practical uses. In addition to collision resistance, it should be impossible for an adversary to find two messages with substantially similar digests; or to infer any useful information about the data, given only its digest. In particular, a hash function should behave as much as possible like a [[random function]] (often called a [[random oracle]] in proofs of security) while still being deterministic and efficiently computable. This rules out functions like the [[SWIFFT]] function, which can be rigorously proven to be collision-resistant assuming that certain problems on ideal lattices are computationally difficult, but, as a linear function, does not satisfy these additional properties.{{sfn\|Lyubashevsky\|Micciancio\|Peikert\|Rosen\|2008\| pp=54–72}} Checksum algorithms, such as [[~~CRC32~~CRC-32]] and other [[cyclic redundancy check]]s, are designed to meet much weaker requirements and are generally unsuitable as cryptographic hash functions. For example, a CRC was used for message integrity in the [[Wired Equivalent Privacy\|WEP]] encryption standard, but an attack was readily discovered, which exploited the linearity of the checksum. === Degree of difficulty ===

Cryptographic hash function: Difference between revisions