Content deleted Content added
m Dating maintenance tags: {{Cn}} |
|||
Line 28:
* [[Collision resistance|Collision-resistance:]] It should be hard to find any two different inputs that compress to the same output i.e. an attacker should not be able to find a pair of messages m1 ≠ m2 such that ''hash''(''m1'') = ''hash''(''m2''). Due to the [[Birthday problem|birthday paradox]] (see also [[birthday attack]]) there is a 50% chance a collision can be found in time of about 2<sup>n/2</sup> where n is the number of bits in the hash function's output. An attack on the hash function thus should not be able to find a collision with less than about 2<sup>n/2</sup> work.
Ideally one would like the "unfeasibility" in preimage-resistance and second preimage-resistance to mean a work of about 2<sup>n</sup> where n is the number of bits in the hash function's output. Recent results indicate that in the case of second preimage-resistance this is more difficult than has been expected {{Cn|date=October 2013}}.
== The Merkle–Damgård construction ==
| |||