Cryptography Reference
In-Depth Information
MD family
: The hash function MD5 has been one of the most widely deployed
hash functions, and was adopted as Internet Standard RFC 1321. It is a 128-bit
hash function and is often used for file integrity checking (as we discussed in
Section 6.2.2). MD5 was designed in 1991 to replace MD4, an earlier 128-bit
hash function that was found to have flaws. In 2004, collisions were found in
MD5. Subsequent refinements of the technique used to find collisions now
mean that MD5 is no longer recommended for use.
SHA-1 family
: The
Secure Hash Algorithm
SHA-0 was published by the National
Institute of Standards and Technology (NIST) in 1993 as a 160-bit hash
function. It was shortly replaced by an improved version known as SHA-1,
which became the 'default' hash function of the late 1990s and the early
years of the new century. SHA-1 is used in numerous security applications,
including SSL/TLS (see Section 12.1) and S/MIME (see Section 12.7.2). In 2004,
a technique for finding collisions was found for SHA-0 that takes approximately
2
40
computations to conduct. This technique, which has subsequently been
refined, involves considerably fewer computations than the birthday attack of
2
80
and thus SHA-0 is considered as unfit for most uses. In 2005, a technique
was proposed for finding collisions for SHA-1 after 2
63
computations. This,
again, is much faster than a birthday attack, casting significant doubts over the
long-term future of SHA-1.
SHA-2 family
: NIST published four further SHA variants, each of which is
labelled by the number of bits of the hash output: SHA-224, SHA-256, SHA-
384 and SHA-512 (collectively they are referred to as SHA-2). This family
differ significantly in design from SHA-0 and SHA-1. The SHA-2 family is
currently recommended for use by US Federal Agencies for all hash function
applications.
RIPEMD family
: This is a family of European hash functions designed by the
open research community. They include RIPEMD-128 and RIPEMD-160. In
2004, a technique for finding collisions was found for the original version
RIPEMD, which has been superseded by RIPEMD-128.
Whirlpool
: This is a 512-bit hash function which is based on a modified version
of AES (and shares one of the AES designers). Whirlpool has been adopted
by several standards bodies and is available in open source cryptographic
toolkits.
As there were relatively few respected hash function designs in widespread use
prior to 2004, both MD5 and SHA-1 were widely deployed. Thus the discovery
of techniques for finding collisions in MD5 and SHA-1 in 2004 provided a
severe 'wake-up call' to designers and users of hash functions. Note that some
of the collision-finding techniques can be regarded as 'academic attacks' (see
Section 1.6.6) because they are of greater interest to cryptographic designers than
users of hash functions. Nonetheless, cryptanalytic attacks improve over time and
any hash function for which collisions can be generated in substantially fewer
operations than a birthday attack is unlikely to have a long-term future.
