Lifetimes of Cryptographic Hash Functions
a year ago
- #hash-functions
- #cryptography
- #security
- Compare-by-hash requires a plan to migrate to new hashes every few years for data from malicious users.
- BitTorrent needs migration plans, but rsync does not.
- Newer, more secure hashes like SHA-2 have larger outputs (e.g., 256 bits) and higher computational costs.
- The original paper on compare-by-hash raised doubts about its universal applicability.
- A guide for programmers includes a chart on the lifetimes of cryptographic hash functions.
- 128-bit hashes are considered irresponsible due to their vulnerability (2^64 complexity to break).
- Significant events in hash function history include Xiaoyun Wang's 2004 findings and Google's SHA-1 collision demonstration.
- The NIST launched the SHA-3 competition in 2007 due to potential risks in SHA-2.
- Different reactions to hash function stages: expert skepticism, programmer caution, and non-expert dismissal.