[Cryptography] Pre-image security of SHA-256 reduced to 16 rounds
Sergio Lerner
sergiolerner at pentatek.com
Sun Jan 19 08:37:17 EST 2014
I'm working in a password hashing construction (RandMemoHash, see
http://bitslog.wordpress.com/2013/12/31/strict-memory-hard-hash-functions/).
I need the fastest possible crypto "hash" function, even if breaking
pre-image resistance requires about 2^32 operations. Collision
resistance is unimportant. This is because the algorithm will repeatedly
apply the reduced round hash function, so at the end, enough rounds will
be applied.
My first choice is SHA-256 with 16 rounds (out of 64). I want to find
the best pre-image attack that requires little memory.
I searched for information on papers but all I found is attacks against
36 and more rounds.
Any idea?
Thanks,
Sergio.
More information about the cryptography
mailing list