To view parent comment, click here.

To read all comments associated with this story, please click here.

Neolander,

"Which properties of a hash algorithm make it cryptographically secure ?"

This isn't the answer you want, but probably the one which is closest to the truth: The property of having been seriously analyzed by thousands of cryptographers in public and still remaining standing.

Haha...ok I wont avoid the question. In principal, the the hash bits must not reveal any information about the input bits. In practice, this means:

Any single bit change must, on average, effect 50% of the hash. There must be no calculable correlation between any input bit and output bit. Linearly sequencing through input values must not produce any pattern in output values. Any bias whatsoever indicates a weakness.

All else being equal, a slower hash function is theoretically more secure than a faster one (after both having been optimized as much as possible). If the faster one requires X operations to brute force, the slower one may take X*100 operations to brute force.

As you were saying, even the ideal hash function is vulnerable to deliberate collisions every 1/(2^bit) iterations, therefor the bit length must be chosen such that the fastest conceivable cracking machine will be unlikely to uncover any collisions in it's lifetime.

Some research is being done to make cryptographic primitives which are not only computationally hard, but also "memory hard". Most hash functions today don't need more than a few hundred bytes of ram, which hypothetically makes it possible to brute force millions of instances simultaneously on a single chip. If a hash function uses 50MB of state, then clearly the parallelism potential of these chips is sharply reduced.

Also something worth noting. Anyone can build a database of forward hashes regardless of the algorithm, and then lookup the reverse hashes on demand. For this reason, it is unwise to hash secret data without random salt.

e9fe51f94eadabf54dbf2fbbd57188b9abee436e

Lookup this sha1hash value at

http://www.sha1-lookup.com/

*Edited 2011-09-26 18:31 UTC*

Member since:

2011-09-22

(It is my understanding that this is what happened with MD5, and is potentially also happening with SHA-1... Breaking hashes this way seems to be purely a matter of time, given that you have some skilled mathematicians at hand)

For cryptographically secure hash algorithms, it's not really feasible time-wise to do this.