Timeline for Is truncating a SHA512 hash to the first 160 bits as secure as using SHA1?
Current License: CC BY-SA 3.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Apr 13, 2017 at 12:48 | history | edited | CommunityBot | replaced http://crypto.stackexchange.com/ with https://crypto.stackexchange.com/ | |
| Feb 25, 2017 at 6:33 | history | edited | user2454 | CC BY-SA 3.0 | update answer to match current events (published SHA1 collision) |
| Feb 23, 2017 at 22:36 | comment | added | user31389 | Google has announced a practical attack on SHA1: shattered.io | |
| Feb 10, 2017 at 22:54 | comment | added | kasperd | 2⁸⁰ is fairly big. But computing 2⁸⁰ hash values is not infeasible. The bitcoin network computes that many hashes on a regular basis. | |
| Mar 1, 2016 at 18:51 | history | edited | user2454 | CC BY-SA 3.0 | Add notes about some good comments |
| Sep 30, 2015 at 14:47 | comment | added | CodesInChaos | @Ángel In general that shouldn't be true. But CRC32 has a special structure so depending on how you created those inputs it might have had far fewer collisions than an ideal hash. For example CRC32 doesn't have any collisions if you hash 4 byte messages, some people don't even consider it a hash. | |
| Sep 10, 2014 at 19:51 | comment | added | Ángel | In some tests I did, truncated hash functions resulted in far more collisions than hash functions of the same length (although the untruncated version didn't collide, of course). I don't think I used sha512 back then, but for instance aggressively truncating MD5 to 4 bytes resulted in more collisions than using the CRC32 of the original value. | |
| Aug 28, 2013 at 15:10 | vote | accept | BadHorsie | ||
| Aug 13, 2013 at 18:07 | comment | added | Henno Brandsma | Note that SHA-224 is not a simple truncated version of SHA-256: the IV is different. SHA-224 is computed like SHA-256 and then truncated, but as the IV is different, the intermediate 256 bit result of SHA-224 is totally different (in general) than the SHA-256 computation. The same goes for SHA-384 vs SHA-512. | |
| Jul 27, 2013 at 15:04 | comment | added | user2454 | @GordonDavisson: Very true. To tell whether or not it's really secure we'd have to know the application. | |
| Jul 27, 2013 at 14:49 | comment | added | Gordon Davisson | A caveat to the "security implications" section: if the plaintext values are guessable (or chosen from a limited set), an attacker will be able to guess-and-test possible plaintexts. For example, if you hash the State field of an address database, there'll only be 50 distinct hash values, and an attacker won't have much trouble figuring out which is which. Similarly, if you hash the Name field, and the attacker wants to find out if "John Q. Smith" is in your DB, they can hash that and look for a match. | |
| Jul 26, 2013 at 19:52 | history | edited | user2454 | CC BY-SA 3.0 | Changed wording in sections, moved material around for a better flow |
| Jul 26, 2013 at 12:55 | history | answered | user2454 | CC BY-SA 3.0 |