which is the best hash algorithm?

Posted on 2007-03-29
Last Modified: 2007-12-19
I am looking for a hash function which will best hold up under the following scenario.

As I am intending to use it, the hashed output and algorithm will be readily available to any attacker. They must not be able to find some other string that will produce the same hash output. Also they must not be able to recover the original text.

I realize that *eventually* if they dedicate enough cpu time to it, they will succeed. That's okay. I'd like to know which function will make this absolutely as difficult as possible for them.

I'm currently leaning towards Tiger, but am not sure if it's my best option. I will award points to somebody who can:

a) identify the best algorithm for the scenario above
b) link to an open source implementation in C code

Thanks in Advance!
Question by:cc16
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
LVL 18

Accepted Solution

PowerIT earned 400 total points
ID: 18815652
cc, you just defined what a good hash is all about: no collisions. ;-)

I recommend that you use SHA-2, it's FIPS approved:
SHA-1 will be fased out by the NIST by 2010, to be replaced by SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512).
So stick with SHA-2.

Most open source OS's have an implementation of SHA-2. E.g. Openbsd: and

LVL 53

Expert Comment

ID: 18816239
After DES (which can be cracked in under 24 hours today), and MD5 (for which some quite important flaws were discovered), their successor SHA-1 is indeed the current "king". SHA-1 is starting to show signs of weakness though, and will probably be unusable in a few years. The other SHA variants (SHA-224, SHA-256, SHA-384 and SHA-512) are a lot harder to break, and are possibly better alternatives to SHA-1.
Further research is being done to find even better (more secure) hash algorithms, but as far as I know, nothing final has been put out.

A lot depends on where your priorities are, and how secure you need the algorithm to be. You could go for MD5 because it's well known and has a lot of supporting code, but you should not be using it on highly sensitive data.
SHA-1 is also pretty well supported today, but as I mentioned it will probably not last longer than a few years in terms of security. That might be sufficient for your purposes though.
The other SHA variants are probably the best (current) alternatives in terms of security. So, that's maybe what you should go for, unless you want to wait for the "next-generation" hash algorithms that are under review/design.
LVL 84

Expert Comment

ID: 18820514
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.


Author Comment

ID: 18821371
Thanks for replying guys.

Once I put this system into use, there could be serious consequences for me if anybody manages to jimmy the hash open. As such, I don't want to use MD5 and SHA-1 (thanks for the schneier article  ozo).

SHA-2 sounds good. Especially that it's certified by FIPS. I'm guessing that these other variants (SHA-512 etc) are not certified?

I guess my main question is how would SHA-2 compare to Tiger hash?

I will be able to update the algorithm later, so it sounds good to go with SHA-2 now, and then update to SHA-3 or whatever when it gets put into mainstream use.
LVL 53

Assisted Solution

Infinity08 earned 100 total points
ID: 18822012
>> I don't want to use MD5 and SHA-1 (thanks for the schneier article  ozo).

You have to put that article in perspective though.
It only describes a way to find a collision faster than brute-force ... It still requires 2^69 hash operations though, which would take 56 hours on a $25M-38M machine.
That's still quite safe for most applications (except military and the like).

Read this follow-up article for more information :

I don't know what you plan to use this for, but for most applications SHA-1 is still sufficiently safe for a few years.

Furthermore, this attack does not allow to reconstruct the original message from the hash - it just allows to find a collision.

>> SHA-2 sounds good. Especially that it's certified by FIPS. I'm guessing that these other variants (SHA-512 etc) are not certified?

SHA-2 is a common name for the 4 variants SHA-224, SHA-256, SHA-384 and SHA-512. It is indeed probably your best option if you need more security than what SHA-1 offers (see my note in the beginning of this post).

>> I guess my main question is how would SHA-2 compare to Tiger hash?

Tiger is well under way to being cracked in a similar way and speed as SHA-1 :

Although the attack has not been tested on the full 24 rounds of Tiger, the authors of that article are pretty confident that it's possible to find a collision faster than brute-force (and probably with a similar amount of operations as for SHA-1).

I couldn't find a direct comparison of SHA-2 and Tiger, but if security is your main concern, then I would still pick SHA-1 over Tiger and SHA-2 over SHA-1.

I'm not convinced that you need SHA-2, and that SHA-1 or Tiger are sufficient. But you're better positioned to make that choice :)

The question is : do your "opponents" have the resources and the time to break the hash (read : find a collision) - I refer to the earlier machine needed to find a collision for SHA-1 ?
And another question : Does finding a collision create any serious problems in your situation ? If the collision can't be exploited, then you can treat SHA-1 as not crackable ...
LVL 18

Expert Comment

ID: 18822014
SHA-2 has several variants: from SHA-224 up to SHA-512. Only SHA-224 is not certified. So you can go with SHA-256, -384 or 512.

Tiger compared to SHA-2:
Bit-sizes of hashes: Tiger: 192, 160, 128. SHA-2 (FIPS): 512,384,256. The less bits the faster but the less secure (greater chance of collision).
Tiger is optimized for speed on 64-bit processors. SHA-2 has no specific optimization.
Tiger is not FIPS certified. SHA-2 is. I think that this should be your major concern when you state something like 'there could be serious consequences for me if anybody manages to jimmy the hash open'. If those encryption experts certify it, then you can pratically bet your life on it that for the moment there is no better choice.
The university of Mannheim (Germany) together with the NIST (the guys begind FIPS) have found ways to attack Tiger/192 (he longest one!). As a result they got near collisions and possible collisions, with reduced rounds. They found that Tiger has not enough rounds and got their results with 16 and 20 rounds (collisions and near collisions respectively). Tiger only has 24 rounds. This means that in the near future Tiger will probably be broken. See this paper:
I know where I would bet my career on ;-)


Author Comment

ID: 18822107
I've decided that I'm going to go with SHA-2. I had no idea that Tiger was close to being broken. But then again, I don't exactly keep up to date with the latest and greatest in the crypto world so I suppose that's to be expected.

Thanks for all the helpful information folks. Much appreciated.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.
The goal of this video is to provide viewers with basic examples to understand recursion in the C programming language.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question