Solved

which is the best hash algorithm?

Posted on 2007-03-29
7
2,585 Views
Last Modified: 2007-12-19
I am looking for a hash function which will best hold up under the following scenario.

As I am intending to use it, the hashed output and algorithm will be readily available to any attacker. They must not be able to find some other string that will produce the same hash output. Also they must not be able to recover the original text.

I realize that *eventually* if they dedicate enough cpu time to it, they will succeed. That's okay. I'd like to know which function will make this absolutely as difficult as possible for them.

I'm currently leaning towards Tiger, but am not sure if it's my best option. I will award points to somebody who can:

a) identify the best algorithm for the scenario above
b) link to an open source implementation in C code

Thanks in Advance!
0
Comment
Question by:cc16
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Accepted Solution

by:
PowerIT earned 400 total points
ID: 18815652
cc, you just defined what a good hash is all about: no collisions. ;-)

I recommend that you use SHA-2, it's FIPS approved: http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf
SHA-1 will be fased out by the NIST by 2010, to be replaced by SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512).
So stick with SHA-2.

Most open source OS's have an implementation of SHA-2. E.g. Openbsd: http://fxr.watson.org/fxr/source/crypto/sha2.c?v=OPENBSD and http://fxr.watson.org/fxr/source/crypto/sha2.h?v=OPENBSD

J.
0
 
LVL 53

Expert Comment

by:Infinity08
ID: 18816239
After DES (which can be cracked in under 24 hours today), and MD5 (for which some quite important flaws were discovered), their successor SHA-1 is indeed the current "king". SHA-1 is starting to show signs of weakness though, and will probably be unusable in a few years. The other SHA variants (SHA-224, SHA-256, SHA-384 and SHA-512) are a lot harder to break, and are possibly better alternatives to SHA-1.
Further research is being done to find even better (more secure) hash algorithms, but as far as I know, nothing final has been put out.

A lot depends on where your priorities are, and how secure you need the algorithm to be. You could go for MD5 because it's well known and has a lot of supporting code, but you should not be using it on highly sensitive data.
SHA-1 is also pretty well supported today, but as I mentioned it will probably not last longer than a few years in terms of security. That might be sufficient for your purposes though.
The other SHA variants are probably the best (current) alternatives in terms of security. So, that's maybe what you should go for, unless you want to wait for the "next-generation" hash algorithms that are under review/design.
0
 
LVL 84

Expert Comment

by:ozo
ID: 18820514
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 

Author Comment

by:cc16
ID: 18821371
Thanks for replying guys.

Once I put this system into use, there could be serious consequences for me if anybody manages to jimmy the hash open. As such, I don't want to use MD5 and SHA-1 (thanks for the schneier article  ozo).

SHA-2 sounds good. Especially that it's certified by FIPS. I'm guessing that these other variants (SHA-512 etc) are not certified?

I guess my main question is how would SHA-2 compare to Tiger hash?

I will be able to update the algorithm later, so it sounds good to go with SHA-2 now, and then update to SHA-3 or whatever when it gets put into mainstream use.
0
 
LVL 53

Assisted Solution

by:Infinity08
Infinity08 earned 100 total points
ID: 18822012
>> I don't want to use MD5 and SHA-1 (thanks for the schneier article  ozo).

You have to put that article in perspective though.
It only describes a way to find a collision faster than brute-force ... It still requires 2^69 hash operations though, which would take 56 hours on a $25M-38M machine.
That's still quite safe for most applications (except military and the like).

Read this follow-up article for more information :
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html

I don't know what you plan to use this for, but for most applications SHA-1 is still sufficiently safe for a few years.

Furthermore, this attack does not allow to reconstruct the original message from the hash - it just allows to find a collision.


>> SHA-2 sounds good. Especially that it's certified by FIPS. I'm guessing that these other variants (SHA-512 etc) are not certified?

SHA-2 is a common name for the 4 variants SHA-224, SHA-256, SHA-384 and SHA-512. It is indeed probably your best option if you need more security than what SHA-1 offers (see my note in the beginning of this post).


>> I guess my main question is how would SHA-2 compare to Tiger hash?

Tiger is well under way to being cracked in a similar way and speed as SHA-1 :
http://th.informatik.uni-mannheim.de/People/Lucks/papers/Tiger_FSE_v10.pdf

Although the attack has not been tested on the full 24 rounds of Tiger, the authors of that article are pretty confident that it's possible to find a collision faster than brute-force (and probably with a similar amount of operations as for SHA-1).

I couldn't find a direct comparison of SHA-2 and Tiger, but if security is your main concern, then I would still pick SHA-1 over Tiger and SHA-2 over SHA-1.



I'm not convinced that you need SHA-2, and that SHA-1 or Tiger are sufficient. But you're better positioned to make that choice :)

The question is : do your "opponents" have the resources and the time to break the hash (read : find a collision) - I refer to the earlier machine needed to find a collision for SHA-1 ?
And another question : Does finding a collision create any serious problems in your situation ? If the collision can't be exploited, then you can treat SHA-1 as not crackable ...
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 18822014
SHA-2 has several variants: from SHA-224 up to SHA-512. Only SHA-224 is not certified. So you can go with SHA-256, -384 or 512.

Tiger compared to SHA-2:
Bit-sizes of hashes: Tiger: 192, 160, 128. SHA-2 (FIPS): 512,384,256. The less bits the faster but the less secure (greater chance of collision).
Tiger is optimized for speed on 64-bit processors. SHA-2 has no specific optimization.
Tiger is not FIPS certified. SHA-2 is. I think that this should be your major concern when you state something like 'there could be serious consequences for me if anybody manages to jimmy the hash open'. If those encryption experts certify it, then you can pratically bet your life on it that for the moment there is no better choice.
The university of Mannheim (Germany) together with the NIST (the guys begind FIPS) have found ways to attack Tiger/192 (he longest one!). As a result they got near collisions and possible collisions, with reduced rounds. They found that Tiger has not enough rounds and got their results with 16 and 20 rounds (collisions and near collisions respectively). Tiger only has 24 rounds. This means that in the near future Tiger will probably be broken. See this paper:
http://th.informatik.uni-mannheim.de/people/lucks/papers/Tiger_FSE_v10.pdf
I know where I would bet my career on ;-)

J.
0
 

Author Comment

by:cc16
ID: 18822107
I've decided that I'm going to go with SHA-2. I had no idea that Tiger was close to being broken. But then again, I don't exactly keep up to date with the latest and greatest in the crypto world so I suppose that's to be expected.

Thanks for all the helpful information folks. Much appreciated.
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
The goal of this video is to provide viewers with basic examples to understand opening and reading files in the C programming language.
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now