Hash function security summary

From Wikipedia, the free encyclopedia
Jump to: navigation, search

This article summarizes publicly known attacks against cryptographic hash functions. Note that not all entries may be up to date.

Table color key
No known successful attacks
Theoretical break
Attack demonstrated in practice

Common hash functions[edit]

Collision resistance[edit]

Hash function Security claim Best attack Attack date Comment
MD5 264 218 time 2013-03-25[1] This attack takes seconds on a regular PC. Two-block collisions in 218, single-block collisions in 241
SHA-1 280 261 2005-08-17[2] Attack is feasible with large amounts of computation power.[3]
SHA256 2128 24 of 64 rounds (228.5) 2008-11-25[4]
SHA512 2256 24 of 80 rounds (232.5) 2008-11-25[4]

Chosen prefix collision attack[edit]

Hash function Security claim Best attack Attack date Comment
MD5 264 239 2009-06-16[5] This attack takes hours on a regular PC.
SHA-1 280 263 2006-08-22 Extends Wang's SHA-1 collision attack to partially chosen prefix collisions.[6]
SHA256 2128
SHA512 2256

Preimage resistance[edit]

Hash function Security claim Best attack Attack date
MD5 2128 2123.4 2009-04-16[7]
SHA-1 2160 45 of 80 rounds 2008-08-17[8]
SHA256 2256 42 of 64 rounds (2251.7) 2008-11-25[9]
SHA512 2512 46 of 80 rounds (2511.5) 2008-11-25[10]

Less common hash functions[edit]

Collision resistance[edit]

Hash function Security claim Best attack Attack date Comment
MD2 264 263.3 time, 252 memory 2009[11] Slightly less computationally expensive than a birthday attack, but for practical purposes, memory requirements make it more expensive.
MD4 264 3 operations 2007-03-22[12] Finding collisions almost as fast as verifying them.

Preimage resistance[edit]

Hash function Security claim Best attack Attack date
MD2 2128 273 time, 273 memory 2008[13]
MD4 2128 2102 2008-02-10[14]

See also[edit]

References[edit]

  1. ^ Tao Xie, Fanbao Liu, Dengguo Feng (25 March 2013). Fast Collision Attack on MD5. 
  2. ^ Xiaoyun Wang, Yiquin Lisa Yin, Hongobo Yu. Finding Collisions in the Full SHA-1. 
  3. ^ Bruce Schneier (2005-08-17). "New Cryptanalytic Results Against SHA-1". 
  4. ^ a b Somitra Kumar Sanadhya, Palash Sarkar (2008-11-25). New Collision Attacks against Up to 24-Step SHA-2. 
  5. ^ Marc Stevens, Arjen Lenstra, Benne de Weger (2009-06-16). Chosen-prefix Collisions for MD5 and Applications. 
  6. ^ Christophe De Cannière, Christian Rechberger (2006-08-22). SHA-1 collisions: Partial meaningful at no extra cost?. 
  7. ^ Yu Sasaki, Kazumaro Aoki (2009-04-16). Finding Preimages in Full MD5 Faster Than Exhaustive Search. Springer Berlin Heidelberg. 
  8. ^ Christophe De Cannière, Christian Rechberger (2008-08-17). Preimages for Reduced SHA-0 and SHA-1. 
  9. ^ Jian Guo, Krystian Matusiewicz (2008-11-25). Preimages for Step-Reduced SHA-2. 
  10. ^ Yu Sasaki, Lei Wang, and Kazumaro Aoki (2008-11-25). Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512. 
  11. ^ Lars R. Knudsen, John Erik Mathiassen, Frédéric Muller, Søren S. Thomsen. Cryptanalysis of MD2. 
  12. ^ Yu Sasaki, et al. (2007-03-22). Improved Collision Attacks on MD4 and MD5. 
  13. ^ Søren S. Thomsen (2008). An improved preimage attack on MD2. 
  14. ^ Gaëtan Leurent (2008-02-10). MD4 is Not One-Way. FSE 2008.