Truncating A Hash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 14, 2015 at 03:09:10PM -0700, Jay Foster wrote:

> What is the down side of truncating a hash?  For example, an SHA-256 hash is
> 256 bits.  Is it any less secure if one was to drop the last 128 bits to
> make a 128 bit hash

Yes, a truncated hash is less secure against both collision and
2nd-preimage attacks.


> or take the MD5 hash of the SHA-256 hash to get a 128
> bit hash?

This would not help.

> It does not seem that such an action would make it any easier to
> brute force reverse the hash, but then again, I am clearly not a security
> expert.

Hashes are not encryption algorithms, and dictionary attacks to
discover the original input are not the primary attacks of interest.

In the special case where hashes are used for verifying passwords,
suitably salted and extensively iterated hashes can be truncated
to shorter lengths that still avoid false positives with wrong
passwords, because protection against dictionary attacks comes from
salting and high iteration count (PBKDF2 or similar with 10^5
iterations or more) not the hash length.

-- 
	Viktor.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux