Hash function security summary

From Infogalactic: the planetary knowledge core
Jump to: navigation, search

This article summarizes publicly known attacks against cryptographic hash functions. Note that not all entries may be up to date. For a summary of other hash function parameters, see comparison of cryptographic hash functions.

Table color key

  No known successful attacks — attack only breaks a reduced version of the hash
  Theoretical break — attack breaks all rounds and has lower complexity than security claim
  Attack demonstrated in practice

Common hash functions

Collision resistance

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Main article: Collision attack
Hash function Security claim Best attack Publish date Comment
MD5 264 218 time 2013-03-25 This attack takes seconds on a regular PC. Two-block collisions in 218, single-block collisions in 241.[1]
SHA-1 280 260.3 ... 265.3 2012-06-19 Paper.[2] Attack is feasible with large amounts of computation power.[3]
SHA256 2128 31 of 64 rounds (265.5) 2013-05-28 Two-block collision.[4]
SHA512 2256 24 of 80 rounds (232.5) 2008-11-25 Paper.[5]

Chosen prefix collision attack

Hash function Security claim Best attack Publish date Comment
MD5 264 239 2009-06-16 This attack takes hours on a regular PC.[6]
SHA-1 280 277.1 2012-06-19 Paper.[2]
SHA256 2128
SHA512 2256

Preimage resistance

<templatestyles src="Module:Hatnote/styles.css"></templatestyles>

Main article: Preimage attack
Hash function Security claim Best attack Publish date Comment
MD5 2128 2123.4 2009-04-27 Paper.[7]
SHA-1 2160 45 of 80 rounds 2008-08-17 Paper.[8]
SHA256 2256 43 of 64 rounds (2254.9 time, 26 memory) 2009-12-10 Paper.[9]
SHA512 2512 46 of 80 rounds (2511.5 time, 26 memory) 2008-11-25 Paper,[10] updated version.[9]

Less common hash functions

Collision resistance

Hash function Security claim Best attack Publish date Comment
GOST 2128 2105 2008-08-18 Paper.[11]
HAVAL-128 264 27 2004-08-17 Collisions originally reported in 2004,[12] followed up by cryptanalysis paper in 2005.[13]
MD2 264 263.3 time, 252 memory 2009 Slightly less computationally expensive than a birthday attack,[14] but for practical purposes, memory requirements make it more expensive.
MD4 264 3 operations 2007-03-22 Finding collisions almost as fast as verifying them.[15]
PANAMA 2128 26 2007-04-04 Paper,[16] improvement of an earlier theoretical attack from 2001.[17]
RIPEMD (original) 264 218 time 2004-08-17 Collisions originally reported in 2004,[12] followed up by cryptanalysis paper in 2005.[18]
RadioGatún 2608 * 2704 2008-12-04 For a word size w between 1-64 bits, the hash provides a collision security claim of 28.5w. For any value, the attack can find a collision in 211w time.[19]
RIPEMD-160 280 48 of 80 rounds (251 time) 2006 Paper.[20]
SHA-0 280 233.6 time 2008-02-11 Two-block collisions using boomerang attack. Attack takes estimated 1 hour on an average PC.[21]
Streebog 2256 9.5 rounds of 12 (2176 time, 2128 memory) 2013-09-10 Rebound attack.[22]
Whirlpool 2256 4.5 of 10 rounds (2120 time) 2009-02-24 Rebound attack.[23]

Preimage resistance

Hash function Security claim Best attack Publish date Comment
GOST 2256 2192 2008-08-18 Paper.[11]
MD2 2128 273 time, 273 memory 2008 Paper.[24]
MD4 2128 2102 time, 233 memory 2008-02-10 Paper.[25]
RIPEMD (original) 2128 35 of 48 rounds 2011 Paper.[26]
RIPEMD-128 2128 35 of 64 rounds
RIPEMD-160 2160 31 or 80 rounds
Streebog 2512 2266 time, 2259 data 2014-08-29 The paper presents two second-preimage attacks with variable data requirements.[27]
Tiger 2192 2188.8 time, 28 memory 2010-12-06 Paper.[28]

See also

References

  1. Lua error in package.lua at line 80: module 'strict' not found.
  2. 2.0 2.1 Lua error in package.lua at line 80: module 'strict' not found.
  3. Lua error in package.lua at line 80: module 'strict' not found.
  4. Lua error in package.lua at line 80: module 'strict' not found.
  5. Lua error in package.lua at line 80: module 'strict' not found.
  6. Lua error in package.lua at line 80: module 'strict' not found.
  7. Lua error in package.lua at line 80: module 'strict' not found.
  8. Lua error in package.lua at line 80: module 'strict' not found.
  9. 9.0 9.1 Lua error in package.lua at line 80: module 'strict' not found.
  10. Lua error in package.lua at line 80: module 'strict' not found.
  11. 11.0 11.1 Lua error in package.lua at line 80: module 'strict' not found.
  12. 12.0 12.1 Lua error in package.lua at line 80: module 'strict' not found.
  13. Lua error in package.lua at line 80: module 'strict' not found.
  14. Lua error in package.lua at line 80: module 'strict' not found.
  15. Lua error in package.lua at line 80: module 'strict' not found.
  16. Lua error in package.lua at line 80: module 'strict' not found.
  17. Lua error in package.lua at line 80: module 'strict' not found.
  18. Lua error in package.lua at line 80: module 'strict' not found.
  19. Lua error in package.lua at line 80: module 'strict' not found.
  20. Lua error in package.lua at line 80: module 'strict' not found.
  21. Lua error in package.lua at line 80: module 'strict' not found.
  22. Lua error in package.lua at line 80: module 'strict' not found.
  23. Lua error in package.lua at line 80: module 'strict' not found.
  24. Lua error in package.lua at line 80: module 'strict' not found.
  25. Lua error in package.lua at line 80: module 'strict' not found.
  26. Lua error in package.lua at line 80: module 'strict' not found.
  27. Lua error in package.lua at line 80: module 'strict' not found.
  28. Lua error in package.lua at line 80: module 'strict' not found.

External links

  • 2010 summary of attacks against Tiger, MD4 and SHA-2: Lua error in package.lua at line 80: module 'strict' not found.
Retrieved from "https://infogalactic.com/w/index.php?title=Hash_function_security_summary&oldid=4950669"