2

Truncating a hash function's output should, in theory, not increase the likelihood of a collision more than you would expect based on the truncated output size. This makes sense when thinking about the the ideal hash function, a random function.

Since real-world hashes are not random functions, what properties of algorithms like sha2 make us comfortable with truncating, and what (popular) hashes exist out there that are known to have issues?

Anthony Kraft
  • 521
  • 3
  • 10

1 Answers1

-2

You really should never be truncating a hash. Really you're talking about the difference between traditional hashing algorithms and cryptographic hashing algorithms. A cryptographic hash algorithm has to not be predictable, while a traditional hash algorithm doesn't have that concern. You aren't guaranteed perfect random distribution, so really you shouldn't ever be truncating a hash in any situation.

Could you specify a situation where people "feel comfortable truncating a SHA2 hash"? I don't know what you're referring to.

Daisetsu
  • 97
  • 3
  • 3
    I feel comfortable truncating SHA2 as long as the truncated size is sufficient for my desired security level. NIST does so as well (consider SHA-512/256 as an example) – CodesInChaos Apr 25 '16 at 07:30
  • Then there you go. While cryptographic hashes don't create a perfect uniform distribution, they do a 'good enough' job where it's not a concern, and truncation is acceptable. – Daisetsu Apr 25 '16 at 07:33