Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to decrease the size of SHA1?

I have a problem, maybe a silly question, I want to store data in a database after I hash with the SHA1 algorithm. However, at a future time, the size in database will increase because size words in SHA1 is big.

Can we decrease the size of SHA1 algorithm, maybe half the size. I'm sorry for my silly question, and for my bad English. Thanks. :D

I am using JAVA.

like image 382
fahmi Avatar asked Jun 06 '11 10:06

fahmi


People also ask

What techniques did the researchers employ to break SHA-1?

Researchers at Google said on Thursday that researchers at the company cracked the SHA-1 cryptographic function: creating a so-called “collision” that could open the door to attacks on privacy systems that rely on SHA-1. Google released two PDFs with different content, but the same SHA-1 hash as a proof of concept.

Why is SHA-1 insecure?

SHA-1 is prone to length extension attacks. Since 2005, SHA-1 has not been considered secure against well-funded opponents; as of 2010 many organizations have recommended its replacement. NIST formally deprecated use of SHA-1 in 2011 and disallowed its use for digital signatures in 2013.

How long is a SHA-1 hash?

The hash size for the SHA1 algorithm is 160 bits.

Is SHA-1 dead?

And many patch systems and package managers rely on long hash functions. Although there is some progress toward using longer hashing algorithms, the momentum is far from established. Despite reports to the contrary, SHA1 is not dead, not being rapidly replaced, and will be around for a very long time.


2 Answers

Is 20 bytes per hash(assuming binary storage) really too much? If you currently use hex encoding switching to binary saves you 20 bytes per hash. Base64 saves about 10 bytes compared to hex.

If you simply truncate a cryptographic hash it is still a good cryptographic hash, but with a reduced output size. What output size you need depends on your application.

Integrity checks against random changes can use a much shorter hash of 32-64 bits and don't need a cryptographic hash functions.

If you need uniqueness you should have >>2*log_2(entries) bits in your hash (See birthday paradox). At around 120 bits it's similar to a GUID/UUID (There is a sha1 based generation mode for GUIDs)

If you want cryptographic strength I'd avoid going below 128bits.

like image 96
CodesInChaos Avatar answered Sep 21 '22 07:09

CodesInChaos


No; a SHA-1 hash has a size of 160 bits by definition. I strongly doubt that the size of the hash will be a problem; I suppose that you have other data in your database as well? Most likely, you will find that other parts of the data contribute even more to the database size. And how many rows to you expect to have with these hashes?

However, there is a size difference between storing the hash as a string (this will take at least 40 bytes, depending on the string encoding) and storing it as binary data (this will take 20 bytes).

You can switch to another algorithm, as others have noted, but that might not be a good choice from a security perspective - the shorter the output length of a hash algorithm is, the weaker it is.

like image 33
Aasmund Eldhuset Avatar answered Sep 21 '22 07:09

Aasmund Eldhuset