Hash function security summary

From Wikipedia, the free encyclopedia
Jump to: navigation, search

This article summarizes publicly known attacks against cryptographic hash functions. Note that not all entries may be up to date.

Table color key[edit]

  No known successful attacks
  Theoretical break
  Attack demonstrated in practice

Common hash functions[edit]

Collision resistance[edit]

Main article: Collision attack
Hash function Security claim Best attack Attack date Comment
MD5 264 218 time 2013-03-25[1] This attack takes seconds on a regular PC. Two-block collisions in 218, single-block collisions in 241
SHA-1 280 261 2005-08-17[2] Attack is feasible with large amounts of computation power.[3]
SHA256 2128 24 of 64 rounds (228.5) 2008-11-25[4]
SHA512 2256 24 of 80 rounds (232.5) 2008-11-25[4]

Chosen prefix collision attack[edit]

Hash function Security claim Best attack Attack date Comment
MD5 264 239 2009-06-16[5] This attack takes hours on a regular PC.
SHA-1 280 263 2006-08-22 Extends Wang's SHA-1 collision attack to partially chosen prefix collisions.[6]
SHA256 2128
SHA512 2256

Preimage resistance[edit]

Main article: Preimage attack
Hash function Security claim Best attack Attack date
MD5 2128 2123.4 2009-04-16[7]
SHA-1 2160 45 of 80 rounds 2008-08-17[8]
SHA256 2256 42 of 64 rounds (2251.7) 2008-11-25[9]
SHA512 2512 46 of 80 rounds (2511.5) 2008-11-25[10]

Less common hash functions[edit]

Collision resistance[edit]

Hash function Security claim Best attack Attack date Comment
MD2 264 263.3 time, 252 memory 2009[11] Slightly less computationally expensive than a birthday attack, but for practical purposes, memory requirements make it more expensive.
MD4 264 3 operations 2007-03-22[12] Finding collisions almost as fast as verifying them.

Preimage resistance[edit]

Hash function Security claim Best attack Attack date
MD2 2128 273 time, 273 memory 2008[13]
MD4 2128 2102 2008-02-10[14]

See also[edit]

References[edit]

  1. ^ Tao Xie, Fanbao Liu, Dengguo Feng (25 March 2013). Fast Collision Attack on MD5. 
  2. ^ Xiaoyun Wang, Yiquin Lisa Yin, Hongobo Yu. Finding Collisions in the Full SHA-1. 
  3. ^ Bruce Schneier (2005-08-17). "New Cryptanalytic Results Against SHA-1". 
  4. ^ a b Somitra Kumar Sanadhya, Palash Sarkar (2008-11-25). New Collision Attacks against Up to 24-Step SHA-2. 
  5. ^ Marc Stevens, Arjen Lenstra, Benne de Weger (2009-06-16). Chosen-prefix Collisions for MD5 and Applications. 
  6. ^ Christophe De Cannière, Christian Rechberger (2006-08-22). SHA-1 collisions: Partial meaningful at no extra cost?. 
  7. ^ Yu Sasaki, Kazumaro Aoki (2009-04-16). Finding Preimages in Full MD5 Faster Than Exhaustive Search. Springer Berlin Heidelberg. 
  8. ^ Christophe De Cannière, Christian Rechberger (2008-08-17). Preimages for Reduced SHA-0 and SHA-1. 
  9. ^ Jian Guo, Krystian Matusiewicz (2008-11-25). Preimages for Step-Reduced SHA-2. 
  10. ^ Yu Sasaki, Lei Wang, and Kazumaro Aoki (2008-11-25). Preimage Attacks on 41-Step SHA-256 and 46-Step SHA-512. 
  11. ^ Lars R. Knudsen, John Erik Mathiassen, Frédéric Muller, Søren S. Thomsen. Cryptanalysis of MD2. 
  12. ^ Yu Sasaki, et al. (2007-03-22). Improved Collision Attacks on MD4 and MD5. 
  13. ^ Søren S. Thomsen (2008). An improved preimage attack on MD2. 
  14. ^ Gaëtan Leurent (2008-02-10). MD4 is Not One-Way. FSE 2008.