What is the quick story behind how "once thought secure" cryptographic hash functions were found to be insecure?

This graphic is pretty insightful.

https://preview.redd.it/lezntyl3ulc81.png?width=2402&format=png&auto=webp&s=e763483055bea324f66f4a4f28b1698fc7e05619

So at one point, MD5 was under peer review (for 1 year), then was considered strong (another year), then minor weaknesses found (3 years), then major weaknesses (8 years), then finally after all this, in 13 years total, it was considered broken because a collision was found.

Same with SHA1, considered strong for 9 years, then weakened for 13, then after all these 22 years a collision was found.

Now we are on SHA3, having been peer reviewed for 4 years, and according to this diagram, at least 6 years after that it was still considered strong. Not sure about now (please add a comment if you know if it's still considered strong, or what its state is).

What I'm wondering is, what the 30 second elevator pitch is, for (a) why we at first thought these were secure, and (b) how one of the first "weaknesses" were found, followed by (c) how the first collision was found.

So 3 points to the question, for 2 hashes (MD5, SHA1):

  1. Why did we ever believe they were secure in the first place?
  2. How an early weakness was discovered that cast some doubt?
  3. How the first collision was found?
πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/lancejpollard
πŸ“…︎ Jan 19 2022
🚨︎ report
An example of a metaverse would be Estonian government- a government built on cryptographic hash functions. It enables Estonians to access nearly all of the government statutory services online.

What metaverse aims to be is to make sense of data. Estonia started their development for the X-Road (A cryptographic has functions for government related functions) back in 2001, and it was slowly released, and developed until now.

This is an overview on what it looks like-

X-Road: Estonia

The idea is simple- 1 Certification center to confirm your ID, and that ID would then be used through some form of decentralization of services for statutory agencies that talks to each other. The issue they tried to eradicate is intra-agency coordination. Allegedly, the system saves a user approximately ~15 minutes per query, and saving Estonian government 820 years worth of work every year.

Now, this could mean that the services were slow, or very slow in the first place- and it is possible that it is accumulating the saved minutes per query.

In terms of services, maybe this Figure would look somewhat familiar- especially on the 'contract' bits.

https://preview.redd.it/v029b7ida7881.png?width=1000&format=png&auto=webp&s=d3dd5b386a698128d1b45eba54e8650fab837fda

https://preview.redd.it/f00ivhyea7881.png?width=8001&format=png&auto=webp&s=955e9f6b69f58be7c06d753bec15fbedf9096907

What this means is that- the world could go flatter, and this is the next step for 'globalization'. Now, in terms of metaverse, it would be ideal if most participating countries were to adopt similar system, therefore- all countries would be able to coordinate their information with each other.

We know there are already systems in placed for this- such as international banks, and immigrations. However, each countries in general are working in silos. Metaverse allows them to work in an integrated manner through smart contracts. This could help issues such as double taxation, and enabling the system to pin-point individuals who are susceptible to a perpetrated crime.

There are also questions on how metaverse could be different from shopping sites such as eBay or Amazon- it's an exploratory question and if I had to take a calculated guess, we'd be looking at new ways to interpret consumer data, worldwide. What I can see is that- the metaverse can make the barriers to entry for companies worldwide to be able to sell their products and services easier.

This is just my 2 Sats' worth on how I see countries would adopt the metaverse.

... keep reading on reddit ➑

πŸ‘︎ 35
πŸ’¬︎
πŸ‘€︎ u/the_far_yard
πŸ“…︎ Dec 28 2021
🚨︎ report
Very Fast Non-Cryptographic Hash Function (competitor to wyhash, xxhash), C github.com/avaneev/komiha…
πŸ‘︎ 174
πŸ’¬︎
πŸ‘€︎ u/avaneev
πŸ“…︎ Nov 27 2021
🚨︎ report
Do not claim that you have built a strong (non-cryptographic) hash function if you didn’t pass it through nine circles of peer review hell. m1el.github.io/refterm-ha…
πŸ‘︎ 96
πŸ’¬︎
πŸ‘€︎ u/prouxi
πŸ“…︎ Oct 31 2021
🚨︎ report
If computers are completely deterministic, how do irreversible cryptographic hash functions work?

When you encrypt a message, it gets put through some kind of cryptographic hash function that is completely deterministic - put the same message in, you get the same hash. If every step in the process to create the hash is known, why is it so hard to simply walk backwards through the process to obtain the initial message?

πŸ‘︎ 11
πŸ’¬︎
πŸ‘€︎ u/Gimbloy
πŸ“…︎ Nov 02 2021
🚨︎ report
Updates to Tangram's block structure. It will now use Blake3 as the cryptographic hash function and Merkle tree.

Lead developer pingpong made the following comment on the Tangram Discord today.

> I've made some big changes to the block structure so, busy finishing up for local testing. Then sandbox testing with the testing channel as I've identified an issue with the current merkel tree implementation. I've switched to using Blake3 as its an merkel tree in and of it self.
> So I'll be creating a new genesis block so that I can test transactions before I release the code on GitHub.

Here is some background reading for Blake3.

BLAKE3: A Fast and Efficient, Parallelizable Merkle Tree Hash Function (Major step in the advancement of cryptographic technology with huge implications for blockchain-based distributed systems)

> BLAKE3 is a newly announced cryptographic hash function (9th of January, 2020) and a SHA-3 finalist designed by a team of cryptographers among which Zooko Wilcox from Zcash (the others being Jack O'Connor, Samuel Neves and Jean-Philippe Aumasson). BLAKE3 is significantly faster than MD5 and SHA-1/2/3 and additionally has some very useful properties as it is itself a Merkle tree on the inside. This makes it highly parallelizable and capable of verified streaming and incremental updates, something especially useful to distributed computing.

EDIT: Here is the Blake3 whitepaper on GitHub.

πŸ‘︎ 16
πŸ’¬︎
πŸ‘€︎ u/TangramNinja
πŸ“…︎ Jun 15 2021
🚨︎ report
Password4j: a user-friendly library that supports modern cryptographic hash functions for your passwords! github.com/Password4j/pas…
πŸ‘︎ 164
πŸ’¬︎
πŸ‘€︎ u/firajaa
πŸ“…︎ Feb 02 2021
🚨︎ report
Determinism, rust, hashmaps and cryptographic hash functions

I'm working on an online multiplayer strategy game. I need to have a fully deterministic simulation so that I can minimize communication by only sending player actions across the network, not entire game states.

One thing that would really be helpful is if there was some way to change the default hashing algorithm in rust to be deterministic. I could use HashMap::with_hasher(..) to choose a different hasher. One problem is I'd have to remember it everywhere. Another problem is that a dependency somewhere might still use HashMap::new() and sneak in a source of nondeterminism that I might miss. I don't actually need a cryptographic hash function at all. Would it be possible to somehow replace std::collections::HashMap with a deterministic fork? Or is there an easier way?

Is there anyone here who has experience with trying to make a non-trivial Rust-program deterministic? Any hints or experience to share?

πŸ‘︎ 24
πŸ’¬︎
πŸ‘€︎ u/octo_anders
πŸ“…︎ Apr 20 2021
🚨︎ report
Different categories of cryptographic hash functions and popular attacks on them

I'm a computer science student currently working on my graduation project. The project is about exploiting collision in hash functions. The basic idea is I'm going to classify hash functions into categories and then pick one candidate per each category and apply a hash collision attack (or several) to see what are the results and conclude/generalize . I only managed to find 4 categories:

  1. Merkle-Damgard Construction: The most common construction used for building cryptographic hash functions (e.g. MD5, SHA-1, SHA-2)
  2. HAIFA Construction: A modern alternative to Merkle-Damgard (hash functions: BLAKE)
  3. Sponge Construction: I don't much about it except for the fact that SHA-3 was based on this construction
  4. Merkle Tree: Also know as hash tree which is a (binary) tree data structure (hash functions: BLAKE3)

Those are the constructions I could find. I don't know if there exits any other constructions I'm not aware of. If so, please link them all here and maybe give a short explanation about them if possible. Furthermore, I'm really struggling with finding collision attacks. I read about 20ish papers and only a handful are proper attacks that explain everything and could indeed find a collision. Of course I'm talking about already broken hash functions even though my project primary goal is to see why some attacks would work on a certain construction/hash function but fail on the other. I'll update the post and link the attacks I could find when I get home. I just want to say I'm by no means an expert in cryptography. Heck, I only know a thing or two about this field so hopefully some of you could guide me.

Thanks in advance!

Edit: Those are the attacks I found:

For MD5:

  1. Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications (pdf)
  2. Tunnels in Hash Functions: MD5 Collisions Within a Minute 1) (eprint)
  3. Fast Collision Attack on MD5 (pdf)

For SHA-1:

  1. SHA-1 is a Shambles (pdf)
  2. SHAttered (as someone linked in the comments)

These are the attacks I could find. There are other major papers such as Wang et al. on MD5 but it doesn't describe the attack so I left it out.

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/Villian97
πŸ“…︎ Mar 08 2021
🚨︎ report
What is a Cryptographic Hash Function?

Hash function is an operation that creates a unique value of fixed length with mathematical functions of various lengths of data. It is a one-way function, and although there is no relationship between the processed text and the summary value, the original data cannot be obtained from the obtained summary value. In the hash process, the same value is produced for the same data, but when there is a slight change, the value created by the hash function also changes. Digest functions are widely used in areas such as verifying the integrity of data, storing passwords, digital signature, message verification code. Another area of ​​use is Blockchain applications, which are popular today.

Abstract functions MD family, HAVAL, SHA family, WHIRLPOOL, RIPEMD etc. algorithms. There is also the possibility that different inputs create exactly the same outputs in summary functions. In this case, it is called collision. Conflict is not desirable for hash functions and damages the reliability of the function. The advantages of this approach are that hash functions ensure data integrity, produce fixed and small size outputs, and produce fast output for each input length. For the ideal cryptographic hash function to be considered safe, it must have three properties.

- Conflict Resistance: No two different inputs produce the same summary as output.

- Inverse image resistance: The original data cannot be found from the hash function generated by the hash function.

- Secondary reverse image resistance: It should be very difficult for two separate messages to have the same hash.

MD series message digest algorithms were developed by Ron Rivest. It is one of the most used hashing algorithms in recent years. All of these algorithms give 128-bit output.

The SHA-1 series was developed by the NSA (National Security Agency) and became the standard in the USA with the support of NIST. It creates 160 bit output.

The RIPE-MD-160 (RACE Integrity Primitives Evaluation Message Digest) algorithm is an algorithm used in the European Union, generating 160 bits of output.

MAC (Message Authentication Codes) needs a key to create and verify the difference from other functions. Keyed hash message verification codes (HMAC) are a key-based, one-way hash method that provides both data integrity and verification of the data source. Although HMACs are used in data exchange, they can also be used to check whether the files belonging to any person have been changed or not.

https://previe

... keep reading on reddit ➑

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/fego41
πŸ“…︎ Mar 11 2021
🚨︎ report
In Phase one of plotting, are tables of cryptographic hashes, the same as cryptographic hash function (CHF)?

So I've been reading the official Chia WiKi (Amazing stuff!) And am a bit confused with some of the terminology used.

The first phase generates all of your proofs of space by creating seven tables of cryptographic hashes and saving them to your temporary directory

By Cryptographic hashes, do they mean cryptographic hash function (CHF) ?

So we are creating a database with 7 individual CHFs?

Thanks a lot.

πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/Archivesa
πŸ“…︎ May 07 2021
🚨︎ report
Password4j: a user-friendly library that supports modern cryptographic hash functions for your passwords! github.com/Password4j/pas…
πŸ‘︎ 8
πŸ’¬︎
πŸ‘€︎ u/firajaa
πŸ“…︎ Apr 19 2021
🚨︎ report
Cryptographic Hash Functions (Digital Signature Scheme). Can someone please comment!!

I am unable to process a hash function.

So I am doing this numerical which is Schnorr Signature scheme. I have got the values of q = 83, p = 997, d = 23, e0 which is the first primitive root is taken as 7. Using e0 I have got e1, e2 pair as ( 9,521 ).

The value of r is 11 and the Message is 400, The value of h(...)= 100. I do not understand how to process this "h(...) = 100". The formula for S1 is M|e1^r mod p. I calculated e1^r mod p to get 67.

The term M|e1^r mod p becomes 40067. How do I use this in the Hash function?? For verification.

Using S1, I need to find S2, and then do the verification right.

πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/ramhemanth3
πŸ“…︎ Apr 09 2021
🚨︎ report
Cryptographic hash-functions used in cryptocurrencies

This is one topic of a series of technical information regarding cryptocurrencies, especially Safemoon. You can find the main post with an index over here:

Crypto and Safemoon - technical FAQ and basics

Cryptographic hash-functions

A hash-function generates a fixed-length fingerprint for inputs of unspecified size.

Hash-functions (non-cryptographic) can be used to create an error detecting number (Message digest MD, Message authentication Code MAC; couldnt find the right expression...), e.g. the ISBN-number of a book contains a number that can be used to check, if the ISBN is valid or you made a typo while typing it in.

Cryptographic has-function fulfil a few special criteria:

- Deterministic

The same input will always result in the same output. (wouldnt be much of a fingerprint if that criteria isnt met...)

- Irreversibility

It is impossible to backtrack the output to the input. Eg if you hash a password, you would not want anyone to be able to determine the password from the hash value.

- Collision resistant

Different inputs will most certainly result in non-identical outputs. If two different inputs result in an identical output, we will have a problem. This one is all about statistics and probability again. We have literally an unlimited amound of inputs versus a fixed output. There will be collisions - but not if we merly hash for a few thousand years with a supercomputer.

- Avalance effect

Small change of the input results in drastic change of the output.

Cryptographic hashfunctions are used in many scenarios, one is to store passwords: they are hashed before they are stored, so even if the database gets compromitted, no plain passwords will be leaked. If a user enters a password on a websites form, it (hopefully, watch for https and the lock in your browsers address-thing) is encrypted an then send to the server. Then it will be hashed as well and the resulting hash is compared the the stored hash. If they are equal, the user entered the correct password.

Now it is getting a little bit more complicated. We can use hash-functions to PROVE that a message was not altered when we receive it. (Cool, right, here the blockchain slowly comes into reach)

Imagine the following process:

Alice writes a message to Bob - asymmetric encryption only

  1. Alice writes the message

  2. Alice encrypts the message with Bobs public key

Al

... keep reading on reddit ➑

πŸ‘︎ 7
πŸ’¬︎
πŸ‘€︎ u/Sakamito
πŸ“…︎ Apr 29 2021
🚨︎ report
πŸ”” What Do Cryptographic Hash Functions Mean? What are their Advantages? Learn more at remitano.com/forum/post/1…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/dungtran162
πŸ“…︎ Apr 05 2021
🚨︎ report
Password4j: a user-friendly library that supports modern cryptographic hash functions for your passwords! (/r/java) github.com/Password4j/pas…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/ContentForager
πŸ“…︎ Feb 03 2021
🚨︎ report
crypto-lite Gem - cryptographic secure hash functions and public key signature algorithms made easy (incl. sha256, rsa, etc.) github.com/rubycoco/block…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/geraldbauer
πŸ“…︎ Jan 14 2021
🚨︎ report
wyhash and wyrand are a non-cryptographic 64-bit hash function and PRNG respectively github.com/wangyi-fudan/w…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/atoponce
πŸ“…︎ Jan 13 2021
🚨︎ report
IOTA and CYBERCRYPT Announce New Lightweight Trinary Cryptographic Hash Function blog.iota.org/iota-and-cy…
πŸ‘︎ 320
πŸ’¬︎
πŸ‘€︎ u/RoqueNE
πŸ“…︎ Dec 20 2018
🚨︎ report
Introducing Bao, a general-purpose cryptographic tree hash, and perhaps the fastest hash function in the world [my talk at the Rust NYC meetup] youtu.be/Dya9c2DXMqQ
πŸ‘︎ 190
πŸ’¬︎
πŸ‘€︎ u/oconnor663
πŸ“…︎ Dec 02 2018
🚨︎ report
Fun with Cryptographic Hash Functions and Exploring the Insecurity of PBKDF1 soatok.blog/2020/05/05/pu…
πŸ‘︎ 43
πŸ’¬︎
πŸ‘€︎ u/Soatok
πŸ“…︎ May 08 2020
🚨︎ report
blake3: A pure Go implementation of the BLAKE3 cryptographic hash function github.com/lukechampine/b…
πŸ‘︎ 25
πŸ’¬︎
πŸ‘€︎ u/lukechampine
πŸ“…︎ Jan 10 2020
🚨︎ report
Cryptographic Hash Functions Are Not Password Hash Functions throwingfire.com/storing-…
πŸ‘︎ 593
πŸ’¬︎
πŸ‘€︎ u/Thirsteh
πŸ“…︎ Aug 21 2012
🚨︎ report
GitHub - BLAKE3-team/BLAKE3: The BLAKE3 cryptographic hash function github.com/BLAKE3-team/BL…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/JohnDoe_John
πŸ“…︎ Jan 12 2020
🚨︎ report
Introducing Bao, a general-purpose cryptographic tree hash, and perhaps the fastest hash function in the world [my talk at the Rust NYC meetup] youtu.be/Dya9c2DXMqQ
πŸ‘︎ 53
πŸ’¬︎
πŸ‘€︎ u/oconnor663
πŸ“…︎ Dec 02 2018
🚨︎ report
The BLAKE3 cryptographic hash function github.com/BLAKE3-team/BL…
πŸ‘︎ 6
πŸ’¬︎
πŸ‘€︎ u/qznc_bot2
πŸ“…︎ Jan 09 2020
🚨︎ report
A cryptographic hash function without avalanching?

As we all know, SHA-1/2/3 and MDX return wildly different inputs on slight changes in input. I'm curious to know whether a (believed) one-way hash function, h, exists that doesn't exhibit the avalanching effect. For example, h("ABC") = "1390413," but h("ABB") = "1390414" (assume a sufficiently long input and output). That is, it differs in a known way with respect to its input. Or is such a thing impossible?

πŸ‘︎ 16
πŸ’¬︎
πŸ‘€︎ u/__boo__
πŸ“…︎ Apr 19 2018
🚨︎ report
The computer scientist Ralph Merkle: inventor of cryptographic hash functions, one of the inventors of public key cryptography, and the creator of Merkle Trees (which are essential to the efficiency and integrity of blockchains) 🌲 medium.com/blockwhat/merk…
πŸ‘︎ 45
πŸ’¬︎
πŸ‘€︎ u/TillAntonio
πŸ“…︎ Dec 27 2018
🚨︎ report
The BLAKE3 cryptographic hash function github.com/BLAKE3-team/BL…
πŸ‘︎ 3
πŸ’¬︎
πŸ‘€︎ u/BooksAndBooksAnd
πŸ“…︎ Jan 10 2020
🚨︎ report
Is there any chance it would be possible to write an algorithm to verify the asymptotic hardness of a general cryptographic hash function or at least some family of hash functions?

My background is in CS and I’m definitely thinking its a no or very likely a no. I thought I’d ask anyway though.

πŸ‘︎ 7
πŸ’¬︎
πŸ“…︎ Aug 09 2019
🚨︎ report
Designing a good non-cryptographic hash function ticki.github.io/blog/desi…
πŸ‘︎ 5
πŸ’¬︎
πŸ‘€︎ u/skeeto
πŸ“…︎ Dec 08 2019
🚨︎ report
Is there such a thing as a cryptographic hash function that preserves operation?

I want a cryptographic hash function that preserves some operation. Like if I hash a+b, the output I get is equal to a simple function of the hash of a and the hash of b.

But my spidey sense is going off in the back of my brain telling me that if I had a hash function like this, then it would be easy to break. But at the same time, I can't prove it. Or I don't have motivation to attempt what is probably an already known thing.

EDIT:

Question has been answered. "Homomorphic" hashing/encryption is what I'm looking for. Thanks!

πŸ‘︎ 19
πŸ’¬︎
πŸ‘€︎ u/funkalunatic
πŸ“…︎ Aug 24 2018
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.