Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does sha-1 ever produce collisions for input messages less than 160bits?

Tags:

java

hash

rsa

sha1

cryptographic-hash-function

I have a 128bit ID that I want to perform a one way hash on, but I don't want to ever get the same digest for an input message. Does anyone know if sha-1, or an alternative, is guaranteed not to produce collisions for the set of messages less than its output digest size? This is at least theoretically possible...

I also considered using RSA, and discarding the private key to give me a one-way encrypt, but I need to store the result in a 32 char DB field, and the encryption schemes available to me don't produce anything small enough.

Any suggestions of another way of producing a deterministic, non-reversable and collision free transform of the original value are welcome.

like image 349
Malcolm Smith Avatar asked Jul 01 '10 13:07

Malcolm Smith

People also ask

Does SHA-1 have collisions?

“We note that classical collisions and chosen-prefix collisions do not threaten all usages of SHA-1." There are several potential scenarios in which the new collision could be implemented in an attack, the most likely of which is someone impersonating another user by creating an identical PGP key.

How many operations does it take to find a collision in SHA-1?

The attacks can find collisions in the full version of SHA-1, requiring fewer than 269 operations. (A brute-force search would require 280 operations.)

What is the output of SHA-1?

SHA-1 or Secure Hash Algorithm 1 is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value.

Can SHA collide?

The Wikipedia page gives an estimate of the likelihood of a collision. If you run the numbers, you'll see that all harddisks ever produced on Earth can't hold enough 1MB files to get a likelihood of a collision of even 0.01% for SHA-256. Basically, you can simply ignore the possibility.

1 Answers

Cryptographic hashes give a very good approximation of a random number for a given input. So how many random hashes do you need in a room until you get the same 160 bits? It about the square root (disclaimer: I am not a statistician). So you should expect to see clashes at around 80-bits.

I guess practicalities mean you should know when cosmic rays will be a bigger problem than collisions.

like image 167
Tom Hawtin - tackline Avatar answered Oct 18 '22 16:10

Tom Hawtin - tackline
Sign in to Comment

Related questions

Where to place module-info.java using Java 9?
Method can only be called from within the same library group [duplicate]
Java: Adding TimeZone to DateTimeFormatter
How do I upgrade the Spring version in Spring Boot
Java 10 migration from Java 8. Running services in production [closed]
H2 db not accessible at localhost:8080/h2-console when using webflux
Include scripts with Gradle Kotlin DSL
JMeter Warning: Nashorn engine is planned to be removed from a future JDK release
Capistrano for Java?
Which library/program can be used to generate Java-bytecode? [closed]
Ant cannot find a class needed by an externally defined taskdef
How can I easily mock out a static method in Java (jUnit4)
Pass a List to another jsp file
How to validate an XML document using a RELAX NG schema and JAXP?
Java applet screen capture to a video
Converting local timestamp to UTC timestamp in Java
how can I implement Comparable more than once?
Why does Java have a "NullPointerException" when there are no pointers in Java?
EhCache default cache in java
Unit Tests Architecture Question

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!