Truncating A Hash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/15/2015 12:09 AM, Jay Foster wrote:
> What is the down side of truncating a hash?  For example, an SHA-256 
> hash is 256 bits.  Is it any less secure if one was to drop the last 
> 128 bits to make a 128 bit hash or take the MD5 hash of the SHA-256 
> hash to get a 128 bit hash?  It does not seem that such an action 
> would make it any easier to brute force reverse the hash, but then 
> again, I am clearly not a security expert.

I'm not sure the previous replies, though correct, made the point clear.
Theoretically speaking, truncating a 256 bits long hash to 128 bits 
makes it as good as if you applied an hash of 128 bits, that's all 
(provided that the "hypotetical" latter hash algorithm has the same 
virtues of the former).
And yes, it is bad idea to re-hash, it is much better to truncate 
because re-hashing will not increase security, can only weaken it.

What is the purpose of it, though? For instance, HOTP uses a fraction of 
a hash to produce the (next) One Time Password, the security of the 
procedure depends on the use you make of it.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux