I have one honestly question: How can we are so confident with the use of the common hash algorithms (nowadays there are so many pages with cracking tools: crackstation, gpuhash, etc) ? Are we lost with our goverments behind us? Does anybody got some new idea of one new possible secure algorithm? Why if someone got an algorithm, like I, all the community close the door? Thank you for your time. Sincerely one lost crypto hash programmer.
Asked
Active
Viewed 280 times
-5
-
https://github.com/jmedina2099/HashUniforme1.0/blob/master/src/c/azrael.c – Jorge Alberto Medina Rosas Oct 12 '20 at 12:53
-
1You can start reading a good book on Cryptography. You confuse with the password cracking and Cryptographic hash algorithms. See Merkle-Damgard, and its fix HAIFA design and Sponge constructions. Read their documents see the reasoning there. Also, see the SHA-1 shattered, lenght extension attacks, herding attacks, generic pre-sec image resistance, collision resistance, multi collisions,... – kelalaka Oct 12 '20 at 12:58
-
1SHA2 is not broken yet for collision, SHA3, Blake2, etc. For a good password can you crack the the Argon2? – kelalaka Oct 12 '20 at 13:00
-
Close the door? our community decided to do this. You can ask about the common attacks if you fail to understand, that I've listed above and not limited to there. Then apply it to your hash function and convince yourself and publish it. Even in the new hash competitions, some of the candidates are easily eliminated by simple attacks that the designer(s) could not see. – kelalaka Oct 12 '20 at 13:03
-
It's all the same jargon talking, the question remains: How could we are so confident? I mean you said that SHA2 and SHA3 is not broken? When would that be posible for normal people? There is some trouble with your affirmations, can you prove me that the goverments all around the world aren't fooling us? Thank you for your time. – Jorge Alberto Medina Rosas Oct 12 '20 at 13:10
-
We cannot talk about three-word agencies as long as they not revealed. Confident, no since the attacks always get better. We can talk about known attacks by the open literature. If SHA2 is broken in some way the TWA, I'm pretty sure that they will inform the NIST to update. If we do it, others can do it. Backdoors are better... – kelalaka Oct 12 '20 at 13:16
-
I think we are just truly confident with our personal jobs. I think the tree or two word agencies play with us. I'm truly confident that in the future our work will pay. Greetings. – Jorge Alberto Medina Rosas Oct 12 '20 at 13:34
-
And also one personal note: could we definetely conclude that circular shifting of bits (rotation) on a hash algorithm produces better crypto properties? Greetings. – Jorge Alberto Medina Rosas Oct 12 '20 at 15:41
-
https://softwareengineering.stackexchange.com/questions/416849/testing-uniform-insertion-on-a-fixed-length-hash-table – Jorge Alberto Medina Rosas Oct 13 '20 at 01:47
2 Answers
5
MD5 and SHA-1 are broken, since we can make collisions and even chosen-prefix collisions with these.
But no, hash functions like SHA-2 and SHA-3 are not dead. On the contrary, they are alive and well.
The fact (alluded to in the question) that it is quite (and increasingly) easy to find a common password from its hash, or a ciphertext using that hash as key, is not an issue with the hash. It's an issue with poorly designed systems directly hashing a password and counting on this for security. This is a gross design error that was often made. In 1990 that was already a poor choice, today that's a disastrous one (the capacity of human to choose good passwords has not improved, computers have). The appropriate primitive for password hashing is not a cryptographic hash like SHA-2 or SHA-3, but a purposely slow entropy-stretching memory-hard password-based key derivation function or hash (such as Argon2 or the earlier scrypt) with salt, and ample workfactor.
SHA-3 meets all the criteria for a modern cryptographic hash usable as an instance of a random oracle, which simplified goals are: fast, publicly computable and otherwise behaving like a random function of $\{0,1\}^*\to\{0,1\}^w$, where $w$ is the output width of the hash. SHA-2 also meets this, with the exception of exhibiting the well-known and rarely concerning length-extension property, and we can live with that. The variants with $k=512$-bit are likely safe even from hypothetical quantum computers usable for cryptanalysis.
Who decided the criteria of a modern hash?
The cryptographic community.
These criteria have evolved over time. Initially (late 1980's and early 1990's) the main criteria were speed, collision-resistance, and first+second preimage resistance, with application to RSA signature. MD2, MD4, MD5, SHA, SHA-1, and even SHA-2 (which essentially is SHA-1 with improvements and more margin against known attacks) are from this era. Then the notion of random oracle appeared. (See Mihir Bellare and Phillip Rogaway's seminal Random oracles are practical: A paradigm for designing efficient protocols, originally in proceedings of CCS 1993; or for an introduction, this rightly popular answer). The goal of a hash function became being a concrete implementation of a random oracle. This goal implies the earlier concepts of collision-resistance and preimage resistance.
Importantly, the speed goal of a cryptographic hash (like SHA-512) is directly antagonist with the goals of a password hash or key derivation function (like Argon2), which includes enforced slowness. It's unfortunate the names are so similar, this leads to much confusion.
And who can prove the randomness of SHA-3?
SHA-3 is deterministic (as any hash must be). Thus it's at best behaving like it was a random function. And we don't know how to prove that it does, or has collision-resistance, etc. However, starting with SHA-2, the art of designing hashes seems to have improved to the point where their principle and parametrization is sound. This allows to make reasoned forecasts. By 2020, a 200-bit hash might be breakable using brute force (with ASIC technology, as in bitcoin mining). That's been growing roughly 5 bit/year for decades. At that rate, a 512-bit hash would be safe for 60 years, and almost no observer of the trends in electronics is betting on that rate being sustainable for so long.
fgrieu
- 140,762
- 12
- 307
- 587
-
Thank you for your answer, I also have one more question: Who decided the criteria of a modern hash? And who can prove the randomness of SHA-3? I think that there is to much popularity for the SHA family algorithms. You said 512 bits are safe, but for how many years? Thank you for your time. – Jorge Alberto Medina Rosas Oct 12 '20 at 17:57
-
1SHA is not a family of hash algorithms. SHA3 is unrelated in construction to SHA2, though SHA2 is similar to SHA1. It's the name of the US National Institutes of Standards and Technology's standardized hash algorithms. That's also why they're popular: they're well-audited, selected via public contest from submissions of the cryptographic community, and approved for use by the US government (and required by the US government for some uses). – SAI Peregrinus Oct 12 '20 at 21:07
-
1512 bits are safe for the next few billion years, assuming quantum computers work the way we think they do, and that nobody converts more than a few dozen entire solar systems into quantum computers dedicated to finding a single collision in such a hash. – SAI Peregrinus Oct 12 '20 at 21:09
-
I think that if we could manage to deform space-time the safeness of computing is not well aware of time. Greetings. – Jorge Alberto Medina Rosas Oct 13 '20 at 00:07
-
https://softwareengineering.stackexchange.com/questions/416849/testing-uniform-insertion-on-a-fixed-length-hash-table – Jorge Alberto Medina Rosas Oct 13 '20 at 01:49
-1
Ok, so I take that for advise, the community judges the algorithm, and the randomness is for the eye to believe.
So I'm going to post my own results of testing some randomness of a hash function, I provided you the link:
Thank you so much for your time.
Regards.
-
https://softwareengineering.stackexchange.com/questions/416849/testing-uniform-insertion-on-a-fixed-length-hash-table/417851#417851 – Jorge Alberto Medina Rosas Oct 13 '20 at 01:51