Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it okay to truncate a SHA256 hash to 128 bits?

Tags:

hash

md5

sha256

sha

MD5 and SHA-1 hashes have weaknesses against collision attacks. SHA256 does not but it outputs 256 bits. Can I safely take the first or last 128 bits and use that as the hash? I know it will be weaker (because it has less bits) but otherwise will it work?

Basically I want to use this to uniquely identify files in a file system that might one day contain a trillion files. I'm aware of the birthday problem and a 128 bit hash should yield about a 1 in a trillion chance on a trillion files that there would be two different files with the same hash. I can live with those odds.

What I can't live with is if somebody could easily, deliberately, insert a new file with the same hash and the same beginning characters of the file. I believe in MD5 and SHA1 this is possible.

like image 208
Sunny Hirai Avatar asked Jun 11 '10 22:06

Sunny Hirai

People also ask

Is it safe to truncate SHA256?

Your application of a truncated SHA256, however, is not safe.

Is it safe to truncate a hash?

As far as truncating a hash goes, that's fine. It's explicitly endorsed by the NIST, and there are hash functions in the SHA-2 family that are simple truncated variants of their full brethren: SHA-256/224, SHA-512/224, SHA-512/256, and SHA-512/384, where SHA-x/y denotes a full-length SHA-x truncated to y bits.

How many bits is SHA-256 hash?

SHA-256 generates an almost-unique 256-bit (32-byte) signature for a text. See below for the source code. A hash is not 'encryption' – it cannot be decrypted back to the original text (it is a 'one-way' cryptographic function, and is a fixed size for any size of source text).

Will SHA256 ever be broken?

As of 2021 technology, the chance of solving a hash with SHA256 algorithm, that is, converting it to the main input, is very very low possibility. Because a lot of mathematical (combination) processing, CPU-GPU power and electrical energy are required to solve a hash.

1 Answers

Yeah that will work. Theoretically it's better to XOR the two halves together but even truncated SHA256 is stronger than MD5. You should still consider the result a 128 bit hash rather than a 256 bit hash though.

My particular recommendation in this particular case is to store and reference using HASH + uniquifier where uniquifier is the count of how many distinct files you've seen with this hash before. This way you don't absolutely fall down flat if somebody tries to store future discovered collision vectors for SHA256.

like image 93
Joshua Avatar answered Sep 18 '22 12:09

Joshua
Sign in to Comment

Related questions

merging ruby hash with array of values into another hash with array of values
Generate md5 hash of JSON and compare in Python and JavaScript
Passing hash as values in hidden_field_tag
Ruby hash to JavaScript
Bloom filter or cuckoo hashing?
Twitter: Hash tag search query
Is it advisable to store a hashed password in a cookie?
How do I compare two hashes in Perl without using Data::Compare?
Unexpected collision with std::hash
Generate integer based on any given string (without GetHashCode)
How To Create a Unique Key For A Dictionary In Python
How do I initialize values in a hash without a loop?
How to calculate the MD5 hash of a large file in C?
Secure Password Hashing
How can I reset a hash completely without using a for loop?
How to decrypt a password from SQL server?
Generate unique hashes for django models
Is there a builtin "hash to string" in Perl?
IntelliJ Idea Ultimate red-underlines Ruby shorthand hash literal
Order-independent Hash Algorithm

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!