I have one honestly question: How can we are so confident with the use of the common hash algorithms (nowadays there are so many pages with cracking tools: crackstation, gpuhash, etc) ? Are we lost with our goverments behind us? Does anybody got some new idea of one new possible secure algorithm? Why if someone got an algorithm, like I, all the community close the door? Thank you for your time. Sincerely one lost crypto hash programmer.
Asked
Active
Viewed 397 times
2 Answers
5
MD5 and SHA-1 are broken, since we can make collisions and even chosen-prefix collisions with these.
But no, hash functions like SHA-2 and SHA-3 are not dead. On the contrary, they are alive and well.
The fact (alluded to in the question) that it is quite (and increasingly) easy to find a common password from its hash, or a ciphertext using that hash as key, is not an issue with the hash. It's an issue with poorly designed systems directly hashing a password and counting on this for security. This is a gross design error that was often made. In 1990 that was already a poor choice, today that's a disastrous one (the capacity of human to choose good passwords has not improved, computers have). The appropriate primitive for password hashing is not a cryptographic hash like SHA-2 or SHA-3, but a purposely slow entropy-stretching memory-hard password-based key derivation function or hash (such as Argon2 or the earlier scrypt) with salt, and ample workfactor.
SHA-3 meets all the criteria for a modern cryptographic hash usable as an instance of a random oracle, which simplified goals are: fast, publicly computable and otherwise behaving like a random function of $\{0,1\}^*\to\{0,1\}^w$, where $w$ is the output width of the hash. SHA-2 also meets this, with the exception of exhibiting the well-known and rarely concerning length-extension property, and we can live with that. The variants with $k=512$-bit are likely safe even from hypothetical quantum computers usable for cryptanalysis.
Who decided the criteria of a modern hash?
The cryptographic community.
These criteria have evolved over time. Initially (late 1980's and early 1990's) the main criteria were speed, collision-resistance, and first+second preimage resistance, with application to RSA signature. MD2, MD4, MD5, SHA, SHA-1, and even SHA-2 (which essentially is SHA-1 with improvements and more margin against known attacks) are from this era. Then the notion of random oracle appeared. (See Mihir Bellare and Phillip Rogaway's seminal Random oracles are practical: A paradigm for designing efficient protocols, originally in proceedings of CCS 1993; or for an introduction, this rightly popular answer). The goal of a hash function became being a concrete implementation of a random oracle. This goal implies the earlier concepts of collision-resistance and preimage resistance.
Importantly, the speed goal of a cryptographic hash (like SHA-512) is directly antagonist with the goals of a password hash or key derivation function (like Argon2), which includes enforced slowness. It's unfortunate the names are so similar, this leads to much confusion.
And who can prove the randomness of SHA-3?
SHA-3 is deterministic (as any hash must be). Thus it's at best behaving like it was a random function. And we don't know how to prove that it does, or has collision-resistance, etc. However, starting with SHA-2, the art of designing hashes seems to have improved to the point where their principle and parametrization is sound. This allows to make reasoned forecasts. By 2020, a 200-bit hash might be breakable using brute force (with ASIC technology, as in bitcoin mining). That's been growing roughly 5 bit/year for decades. At that rate, a 512-bit hash would be safe for 60 years, and almost no observer of the trends in electronics is betting on that rate being sustainable for so long.
fgrieu
- 149,326
- 13
- 324
- 622
-1
Ok, so I take that for advise, the community judges the algorithm, and the randomness is for the eye to believe.
So I'm going to post my own results of testing some randomness of a hash function, I provided you the link:
Thank you so much for your time.
Regards.