Revision as of 11:02, 19 August 2019 edit 130.233.97.85 (talk) →Provably secure hash functions ← Previous edit		Revision as of 08:23, 2 September 2019 edit undo Annie Yousar (talk \| contribs) 28 edits m Added the pseudo-randomness functionality as a property Next edit →
Line 4: ==Types of security of hash functions== Generally, the ''basic'' security of [[cryptographic hash functions]] can be seen from ~~three~~ different angles: pre-image resistance, second pre-image resistance, ~~and~~ collision resistance, and pseudo-randomness. * '''Pre-image resistance''': given a hash <math>h</math> it should be ''hard'' to find any message <math>m</math> such that <math>h = hash(m)</math>. This concept is related to that of the [[one-way function]]. Functions that lack this property are vulnerable to [[pre-image attack]]s. * '''Second pre-image resistance''': given an input <math>m_1</math>, it should be ''hard'' to find another input, <math>m_2</math> (not equal to <math>m_1</math>) such that <math>hash(m_1) = hash(m_2)</math>. This property is sometimes referred to as weak collision resistance. Functions that lack this property are vulnerable to [[second pre-image attack]]s. * '''Collision resistance''': it should be ''hard'' to find two different messages <math>m_1</math> and <math>m_2</math> such that <math>hash(m_1) = hash(m_2)</math>. Such a pair is called a (cryptographic) hash collision. This property is sometimes referred to as strong collision resistance. It requires a hash value at least twice as long as what is required for pre-image resistance, otherwise collisions may be found by a [[birthday attack]]. * '''Pseudo-randomness''': it should be ''hard'' to distinguish the pseudo-random number generator based on the hash function from a random number generator, e.g., it passes usual [[randomness tests]]. ===The meaning of "hard"===

Security of cryptographic hash functions: Difference between revisions