Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What's the difference between the hash algorithms SHA-2 and SHA-3? [closed]

I know SHA-224, SHA-256, SHA-384 and SHA-512 are all part of the SHA-2 hash function family. But there is now also a new SHA-3 hash algorithm.

Could you please tell me the difference between SHA-2 and SHA-3? When and why should I use SHA-3? And which secure hash algorithm(s) does SHA-3 actually include?

like image 673
user1926193 Avatar asked Jan 16 '13 10:01

user1926193


1 Answers

SHA-3, also known as Keccak (its original name before it was chosen as the winner of the NIST SHA-3 competition), is a completely new hash algorithm that has nothing to do with SHA-1 and SHA-2.

Indeed, one of the stated reasons why NIST chose Keccak over the other SHA-3 competition finalists was its dissimilarity to the existing SHA-1/2 algorithms; it was argued that this dissimilarity makes it a better complement to the existing SHA-2 algorithms (which are still considered secure and recommended by NIST), as well as making it less likely that any future cryptanalytic breakthroughs would compromise the security of both SHA-2 and SHA-3.

For some background, the SHA-3 hash function competition was originally announced by NIST in 2007, after some new cryptanalytic attacks had called the security of SHA-1 into question. While the attacks on SHA-1 were mainly of theoretical interest back then, it was feared that further improvements on these techniques might allow practical collision-finding attacks on SHA-1, and that the same techniques might also be applied against SHA-2, which shares a similar design to SHA-1. Thus, NIST decided to hold a competition to select a successor for SHA-2, which would be named SHA-3.

However, while a real world collision attack on SHA-1 was finally demonstrated in 2017, the feared attacks on SHA-2 have failed to materialize. It's nowadays generally accepted that breaking SHA-2 won't be as easy as it seemed ten years ago, and thus all the variants of SHA-2 are still considered secure for the foreseeable future. However, since NIST had promised that SHA-3 would be chosen in 2012, and since a lot of people had spent quite a bit of time and effort on submitting and evaluating new hash functions for the competition, and since there were some really nice designs among the finalists, it would've seemed a shame not to choose any of them as the winner after all. So NIST decided to select Keccak as SHA-3, and to recommend it as an alternative (not successor) to the SHA-2 hash functions.

What all that means is that, if you want a secure and standardized hash function, you can choose either SHA-2 or SHA-3. If you're feeling really paranoid, you may even want to use both, and to design your cryptosystem so that it remains secure even if either one of the hash functions is broken.

like image 84
Ilmari Karonen Avatar answered Oct 18 '22 13:10

Ilmari Karonen