Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [collision-resistance]

Difficulty of finding two different inputs that hash to the same value

Collision resistance is a security property of cryptographic hash functions. A hash function $H$ is said to be collision resistant if it is computationally infeasible to find two input strings $s$ and $s'$ such that $s' \ne s$ but $H(s') = H(s)$.

Collision resistance is one of the strongest security properties usually demanded of hash functions: a collision resistant hash function is automatically also first and second preimage resistant.

Collision resistance is also called strong-collision.

See also: ,

764 questions
179
votes
7 answers

Why can't we reverse hashes?

First off, I know hashes are 1 way. There are an infinite number of inputs that can result in the same hash output. Why can't we take a hash and convert it to an equivalent string that can be hashed back to the original hash output? eg: string:…
Hello World
  • 1,907
  • 2
  • 11
  • 3
133
votes
7 answers

Are there two known strings which have the same MD5 hash value?

Is there an example of two known strings which have the same MD5 hash value (representing a so-called "MD5 collision")?
Adban
115
votes
4 answers

Why haven't any SHA-256 collisions been found yet?

I've been thinking about this for a few days, a SHA-256 algorithm outputs 64 characters which can either be a lowercase letter or a number from 0-9. Which should mean that there are 64^36 distinct SHA-256 results. How has a collision never been…
ninesalt
  • 1,285
  • 2
  • 9
  • 7
69
votes
2 answers

Is truncating a SHA512 hash to the first 160 bits as secure as using SHA1?

I am from a web development background (I don't know an awful lot about cryptography or how the algorithms themselves work), so I am asking this question in simple terms. Consider a hash of the word 'test' using…
BadHorsie
  • 823
  • 1
  • 9
  • 11
56
votes
11 answers

How do hashes really ensure uniqueness?

This might seem an impractical and unnecessary conversation, but I feel it's something I need to clarify. Especially, as I just got my first developer job in a blockchain startup. So hashes are said to generate the same thing for any information it…
James Kumar
  • 685
  • 1
  • 5
  • 3
52
votes
2 answers

Why is SHA-1 considered broken?

Is there a known pair of distinct bit strings (A,B) such that SHA-1(A) == SHA-1(B)? If the answer is no, then how can SHA-1 be considered broken?
Andrew Tomazos
  • 657
  • 1
  • 5
  • 8
50
votes
2 answers

Second pre-image resistance vs Collision resistance

From Wikipedia: Second pre-image resistance Given an input $m_1$ it should be difficult to find another input $m_2$ such that $m_1$ ≠ $m_2$ and $\operatorname{hash}(m_1) = \operatorname{hash}(m_2)$. Functions that lack this property are…
ritch
  • 603
  • 1
  • 5
  • 6
46
votes
1 answer

What is a "freestart collision"?

In their work on SHA-1 collisions (cf. the EUROCRYPT-2016 paper “Freestart collision on full SHA-1” by Stevens, Karpman, and Peyrin) Stevens et al show that they are able to generate "freestart collisions" on SHA-1. They say: Even though freestart…
otus
  • 32,462
  • 5
  • 75
  • 167
43
votes
4 answers

Best way to reduce chance of hash collisions: Multiple hashes, or larger hash?

I would like to maintain a list of unique data blocks (up to 1MiB in size), using the SHA-256 hash of the block as the key in the index. Obviously there is a chance of hash collisions, so what is the best way of reducing that risk? If I also…
Theodor Kleynhans
  • 555
  • 1
  • 5
  • 6
42
votes
2 answers

Are there any known collisions for the SHA (1 & 2) family of hash functions?

Are there any known collisions for the hash functions SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512? By that, I mean are there known values of $a$ and $b$ where $F(a) = F(b)$ and $a ≠ b$?
Pacerier
  • 1,265
  • 2
  • 10
  • 16
42
votes
3 answers

What are preimage resistance and collision resistance, and how can the lack thereof be exploited?

What is "preimage resistance", and how can the lack thereof be exploited? How is this different from collision resistance, and are there any known preimage attacks that would be considered feasible?
John Gietzen
  • 1,515
  • 2
  • 15
  • 16
41
votes
4 answers

How can hashes be unique if they are limited in number?

I'm curious, how can for example SHA-256 be unique if there are only a limited number of them?! For clarification: how many MD5 hashes are there? $16^{32}$ MD5 hashes can be produced. $16^{64}$ SHA-256 hashes can be produced. while there are…
M D P
  • 529
  • 1
  • 4
  • 6
39
votes
2 answers

Why is HMAC-SHA1 still considered secure?

This Q & A https://security.stackexchange.com/questions/33123/hotp-with-as-hmac-hashing-algoritme-a-hash-from-the-sha-2-family says that the security of HMAC-SHA1 does not depend on resistance to collisions? Are they are saying specifically with…
user93353
  • 2,348
  • 3
  • 28
  • 49
37
votes
3 answers

Does "Shattered" actually show SHA-1-signed certificates are "unsafe"?

Note: I am not advocating anyone continues using SHA1-signed certificates: they are dead as far as security is concerned and should no longer be used. I'm just trying to clarify my understanding of the theoretical implications of Shattered as they…
TripeHound
  • 473
  • 8
  • 15
35
votes
2 answers

How secure is SHA1? What are the chances of a real exploit?

I read that, in February 2017, a SHA1 collision was calculated for the first time. This, and earlier theoretical proof, means that SHA1 is officially cryptographicaly insecure. But, when using SHA1 in a protocol (SAML assertions in my case), both…
Rob van Laarhoven
  • 453
  • 1
  • 4
  • 8
1
2 3
50 51