[Cryptography] hash size

jamesd at echeque.com jamesd at echeque.com
Wed Oct 31 18:03:49 EDT 2018

On 2018-11-01 05:11, jamesd at echeque.com wrote:
> What does a 256 bit hash get you that a 128 bit hash does not get you?
> What attacks could be done on a 128 bit has that could not be done on a 
> 256 bit hash?
> With 128 bits, a birthday attack is just barely possible, in that 
> someone could search 2^64 examples, but, supposing you don't care about 
> birthday attacks, only about someone finding a pre-image or finding a 
> new value that gives the same hash as someone else's hash, what do you get?

Launching a birthday attack on a 128 bit hash would involve generating 
2^64 hashes and sorting them.  This requires 3*2^67 bytes of disk.  The 
largest readily available hard disk is 16 terabytes, so this would 
require thirty million hard disks, which is only a concern for state 
level attacks on very high value targets, although with continued 
progress in hard disks, will come within range for normal attackers, but 
only if a birthday attack generates major value for the attacker.

More information about the cryptography mailing list