[Cryptography] Creating a Parallelizeable Cryptographic Hash Function
Christian Huitema
huitema at huitema.net
Sat Oct 4 20:11:27 EDT 2014
> To a programmer a good hash table is not the same as a good crypto hash.
> A programmer simply wants a fast lookup with a minimum miss, collision.
> Most programmers do not care if a collision is moderately easy to fabricate
> because they want to get close enough not exactly and will walk their way to
> the desired data (short walk).
Actually, it is a bit more complex than that. In many applications, you have to be concerned about denial of service attacks. If an outsider can manufacture hash collisions, then you can end up with a serious issue, the hash resolution moving for example from O(1) to O(N). Think for example of a hash table going from TCP headers to TCP context, and a SYN attack amplifying the damage by picking combinations of address and ports that result in hash collisions.
That may be why in many such applications the common practice is to compute the hash using truncated MD5. Of course, this creates a maintenance problem when MD5 is deemed "unsafe" for cryptography applications, and you have to fix your code to now use SHA256...
-- Christian Huitema
More information about the cryptography
mailing list