[Cryptography] hash size

Bill Cox waywardgeek at gmail.com
Sat Nov 3 14:16:53 EDT 2018

On Thu, Nov 1, 2018 at 3:57 PM Kristian Gjøsteen <kristian.gjosteen at ntnu.no>

> 31. okt. 2018 kl. 23:03 skrev jamesd at echeque.com:
> > Launching a birthday attack on a 128 bit hash would involve generating
> 2^64 hashes and sorting them.
> Does it? Pollard’s lambda certainly does not. I believe it can be made
> parallel with the usual techniques. That is, you can find collisions with
> little communication and insignificant storage.
> Parallel Pollard Rho works in ~2^64 time, and has trivial memory and
communication overhead.  A recent paper about this algorithm that was
invented in 1994:

128-bit is simply not collision resistant for any modern efficiently
computed hash.  If you don't care about collisions, sha1 still is secure.
There are already collisions for SHA1
Generating the collision took ~2^63 SHA1 computations.  Google did it for
fun (well... really to make the point that SHA1 is insecure).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181103/42ce3d26/attachment.html>

More information about the cryptography mailing list