[Cryptography] hash size
jamesd at echeque.com
jamesd at echeque.com
Wed Oct 31 18:03:49 EDT 2018
On 2018-11-01 05:11, jamesd at echeque.com wrote:
> What does a 256 bit hash get you that a 128 bit hash does not get you?
>
> What attacks could be done on a 128 bit has that could not be done on a
> 256 bit hash?
>
> With 128 bits, a birthday attack is just barely possible, in that
> someone could search 2^64 examples, but, supposing you don't care about
> birthday attacks, only about someone finding a pre-image or finding a
> new value that gives the same hash as someone else's hash, what do you get?
Launching a birthday attack on a 128 bit hash would involve generating
2^64 hashes and sorting them. This requires 3*2^67 bytes of disk. The
largest readily available hard disk is 16 terabytes, so this would
require thirty million hard disks, which is only a concern for state
level attacks on very high value targets, although with continued
progress in hard disks, will come within range for normal attackers, but
only if a birthday attack generates major value for the attacker.
More information about the cryptography
mailing list