Solved

avoiding collisions with SHA1

Posted on 2006-07-05
4
411 Views
Last Modified: 2010-04-11
I wasn't sure which section I should ask this question in, because it isn't a true security question, but it is a question about using the SHA1 algorithm, so I figured that I'd have the best luck in the security section.

I'm using SHA1 as a hash function in my application,  I was wondering if anybody knew what factors to use (or not to use) when giving data to the function to compute the hash for avoiding collisions.   For example is there a range of optimal input lengths that reduce collisions?  Is it bad to use a limited range of input values (ie. only ascii chars).  If anybody has any insight on this it would be very useful.

Thanks,
Nick
0
Comment
Question by:spikey_nick
  • 2
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
chandrasuresh earned 250 total points
ID: 17049599
SHA1, as far as ascii data is considered is very secure and collision free. You can safely use SHA1 in any of your normal applications.
As you would have known, no two strings will produce the same or nearly same hashes even if they both differ by a bit.
0
 
LVL 32

Expert Comment

by:jhance
ID: 17049882
It _is_ possible to have two different plaintexts produce the same hash with SHA or with any other hash but the probability is extremely low.  The best ways to ensure that you don't get a collision is to:

1) Use a strong key.  SHA1 has some weak keys for seeding the hash.  Avoid any of these.
2) Use a long enough hash size.  Obviously, shorter hashes, while faster to generate, are more likely to produce a collision.
0
 
LVL 2

Expert Comment

by:chandrasuresh
ID: 17050150
SHA1 does not use any key. It just produces  a message digest of the input data given. Also, SHA1 produces a fixed length hash of 20 bytes, whatever is the input length.

jhance, Can you please detail about the key and the hash length which you have specified?
0
 
LVL 32

Expert Comment

by:jhance
ID: 17054818
chandra,

Yes, you are correct.  I was thinking HMAC-SHA1 but this question is about SHA-1.

Regardless, the probability of a collision with 20 bytes of hash is quite low.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
forensics for web activity 4 94
Folder NTFS Permissions 14 95
Restrict RDP Remote Access through SonicWall 3 96
Office 365 setting for security 4 64
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now