Content deleted Content added
cross ref Hash function security summary |
mention password exception |
||
Line 17:
However, non-existence of a polynomial time algorithm does not automatically ensure that the system is secure. The difficulty of a problem also depends on its size. For example, [[RSA public key cryptography]] relies on the difficulty of [[integer factorization]]. However, it is considered secure only with keys that are at least 2048 bits large.
===Password case===
Also, if the set of inputs to the hash is relatively small or is ordered by likelihood in some way, then a brute force search may be practical, regardless of theoretical security. Likelihood of recovering the preimage depends on the input set size and the speed or cost of computing the hash function. A common example is the use of hashes to store [[password]] validation data. Rather than store the plaintext of user passwords, an access control system typically stores a hash of the password. When a person requests access, the password they submit is hashed and compared with the stored value. If the stored validation data is stolen, the thief will only have the hash values, not the passwords. However most users choose passwords in predictable ways and often passwords are short enough enough so that all possible combinations can be tested if fast hashes are used.<ref>{{cite web
| url=https://arstechnica.com/information-technology/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
| title=25-GPU cluster cracks every standard Windows password in <6 hours
| date=2012-12-10
| first=Dan
| last=Goodin
| publisher=[[Ars Technica]]
| access-date=2020-11-23}}</ref> Special hashes called [[key derivation function]]s have been created to slow searches. ''See'' [[Password cracking]].
==Cryptographic hash functions==
| |||