What kind of attack would a 128 bit SHA-2 be vulnerable to and why?

Asked Apr 13 '20 at 18:20

Active Apr 13 '20 at 18:37

Viewed 498 times

With SHA-2 for hashing, using only the first 128 bits to create a 128 bit hash, what kind of attack would this be vulnerable to and why?

Since 128 bit encryption keys are secure, shouldn't a 128 bit hash also be secure?

Would this be insecure against a brute force attack?

edited Apr 13 '20 at 18:37

asked Apr 13 '20 at 18:20

Brooney

4

This sounds like a homework question. Think of the birthday problem, for which situation would the birthday problem be an issue? How many bits of security would remain if the birthday problem applies? – Maarten Bodewes Apr 13 '20 at 18:35
4

There was a question about What are the consequences of removing a single byte from a sha256 hash?. The same problem with different values. plug and play. – kelalaka Apr 13 '20 at 18:46
What is better, brute force attack or the birthday attack? – Brooney Apr 14 '20 at 17:10
1

Sometime, birthday attack is considered brute force. But if the problem explicitly asks about brute force attack versus birthday attack, then likely it considers brute force (preimage) attack as: try messages until hitting a given target hash. What is the likelihood of success of that strategy? Is it high enough that it is not doomed in practice? How does it compare to a birthday attack (see my Birthday problem for cryptographic hashing, 101). – fgrieu Apr 15 '20 at 04:29
@fgrieu after talking with some people we decided bday attack (kind of brute force) is the correct, but which kind of bday attack specifically? – Brooney Apr 15 '20 at 14:06
1

The classic reference for implementation of birthday attacks using a practical amount of memory is Paul C. van Oorschot and Michael J. Wiener, Parallel Collision Search with Cryptanalytic Applications, in Journal of Cryptology, 1999. – fgrieu Apr 15 '20 at 14:10
@fgrieu can you point me to the specific section? can't find bday attack anywhere in there – Brooney Apr 15 '20 at 14:17
2

Birthday attack = collision search. See section 4.1 with "small" = 1. – fgrieu Apr 15 '20 at 14:45

What kind of attack would a 128 bit SHA-2 be vulnerable to and why?

0 Answers0