Security of cryptographic hash functions: Difference between revisions

Content deleted Content added
m hyphenation using AWB
Elryacko (talk | contribs)
Classical hash functions - practical approach to security: deleted subjective sentence, altered some words
Line 19:
 
==Classical hash functions - practical approach to security==
Most hash functions are built on an ad hoc basis, where the bits of the message are nicely mixed to produce the hash. Various [[bitwise operation]]s (e.g. rotations), [[Modular arithmetic|modular additions]] and [[One-way compression function|compression functions]] are used in iterative mode to ensure high complexity and pseudo-randomness of the output. In this way, the security is very hard to prove and the proof is usually not done. Only a few years ago, one of the most popular hash functions, [[SHA-1]], was shown to be less secure than its length suggested: collisions could be found in only 2<sup>51</sup><ref>http://eprint.iacr.org/2008/469.pdf</ref> tests, rather than the brute-force number of 2<sup>80</sup>. The search for a "good" hash function has thus become a hot topic.
 
In other words, most of the hash functions in use nowadays are not provably collision-resistant. These hashes are not based on purely mathematical functions. This approach results generally in more effective hashing functions, but with the risk that a weakness of such a function will be eventually used to find collisions. The famous case is [[MD5]].
 
Meaning of "hard to find collision" in these cases means "almost certainly beyond the reach of any adversary who must be prevented from breaking the system for as long as the security of the system is deemed important." The meaning of the term is therefore somewhat dependent on the application, since the effort that a malicious agent may put into the task is usually proportional to his expected gain. However, since the needed effort usually grows very quickly with the digest length, even a thousandfold advantage in processing power can be neutralized by adding a few dozen bits to the latter.
 
==Provably Secure Hash Functions==