It is often suggested that hashing of long character columns can be used for indexing in databases, but the possibility of collisions is an issue for Unique indexes. Whilst I know that both MD5 and SHA-256 can (rarely) produce collisions, I was wondering what the possibility of them both clashing at the same point with the same input? In other words, if I produce a Unique key by running both MD5 and SHA-2 against the same character field and combining them to make the Unique key, is this collision free.
Asked
Active
Viewed 509 times
1 Answers
3
Currently no collisions are known for SHA-256 and it can be used safely to hash long texts and you can be confident you won't happen to get a collision by chance.
Generally speaking if we have two different hash functions and $f$ and $g$ and you hash some input $x$ with both and use the concatenation $f(x)||g(x)$ the collision resistance of this will be better than either function individually and in some cases much better. If the functions are unrelated and you are only worried about chance collision the likelihood of a collision will be the product of the likelihood of collision in each function individually. However this last statement will not hold in face of an attacker exploiting weakness in these function. It's still harder that either individually but may not be noticeably harder to find a collision than finding a collision in just one of the two.
Other techniques of combining the functions such as $f(g(x))$ are ill advised and won't add security, since any collision of $g$ is also a collision in the composition.
Meir Maor
- 12,053
- 1
- 24
- 55