Score:0

Crypto

Is sha-256 better then sha-1 in aspects othen then the hash size?

Aviv Aviv

10/7/23, 11:51 AM

Assume I create a hash using SHA-256 and then take only the first 160 bits of the hash, as the result. is the result more cryptographically secured than SHA-1? Or are the two algorithms equally secure except for the hash size? (for example in terms of uneven distribution of the hashes and other means that determined the resilience of hashing algorithms)

What about the rest of the SHA family of hashing algorithms such as SHA-512?

356

1 + 8

sha-1

sha-256

sha-2

collision-resistance

kelalaka

10/7/23, 11:54 AM

Did you know that SHA-1's collision is broken? **What is your actual problem?** 160-bit output can only provide 80-bit collision resistance with %50 probability and the %50 probability is already too high in the attacker's sense

Aviv Aviv

10/7/23, 11:58 AM

@kelalaka like I said, I am choosing a hashing algorithm and I need its output to be small, so I am wondering wether it is better to use SHA-256 and take off part of the bits of the result or use SHA-1 and then have the exact amount of bits I need

kelalaka

10/7/23, 12:01 PM

How much minimum output do you want? For collision against classical adversaries, you need around the 224-bit output. Does collision really necessary?

Aviv Aviv

10/7/23, 12:07 PM

@kelalaka I want to hash to fit inside 13, base64-encoded characters (for password creation) So it's 6 bits * 13 = 78 bits hash. This is hardly ideal. But those hashes are used for passwords so I have password restrictions I need to care about.

kelalaka

10/7/23, 12:12 PM

There are already password hashing algorithms like Argon2, BCrypt, and Baloon hashing ,etc.. for that purpose. Are you trying to reinvent the wheel?

Aviv Aviv

10/7/23, 12:17 PM

@kelalaka I am trying to use hashing to *generate* passwords (not hash them) *client side*

kelalaka

10/7/23, 12:18 PM

Then Collision attack is not your real problem, pre-image resistance is your problem. And, you come here with a half-explained problem. Every detail is really important. Still, you can benefit from password hashes besides, who is going to remember these passwords? **Edit your question with your exact need and your consideration and the risks, etc..**

Aviv Aviv

10/7/23, 12:19 PM

Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/139692/discussion-between-aviv-aviv-and-kelalaka).

Score:3

Crypto

fgrieu

10/7/23, 12:05 PM

Yes, SHA-256 is safer than SHA-1 beyond the hash size.

In particular, SHA-256 truncated to 160 bits is significantly more collision resistant than SHA-1 is: we can make a collision for SHA-1 with effort like $2^{61.2}$ hashes, versus more than $2^{80}$ for an unbroken hash, including SHA-256.

When it's known that all targeted platforms are 64-bit, SHA-512 (and truncated versions) is often preferred to SHA-256, because it's faster for large input. It's probably also rather safer (but safer than safe is rather pointless).

SHA-3 and SHAKE have the further advantages of not having the length-extension property (contrary to non-truncated SHA-1, SHA-256, SHA-512), and (for SHAKE) of having customizable output length.

As far as I understand, the hash is used as a password generator, I imagine from a master secret, a site name, and a login. In theory, we'd need a MAC with the master secret as key, and the rest as the other input; or a hash designed to be a MAC simply by starting the hashed message with the key. SHA-3 is superior in that regard. If we use SHA-1 or SHA-256 we should use HMAC-SHA-1 or HMAC-SHA-256; but OTOH there is no known attack if we do not.

+ 3

kelalaka

10/7/23, 12:30 PM

The OP has revealed more about their intent, besides SHA-256/160 has some lenght extension resistance, too.

Gilles 'SO- stop being evil'

10/7/23, 12:49 PM

“SHA-512 (…) is often prefered to SHA-256, because it's faster for large input on 64-bit CPUs” That's arguably backward. The platforms that need the most help with performance are 32-bit CPUs without hardware acceleration, and they prefer SHA-256.

Maarten Bodewes

10/21/23, 3:18 PM

@Gilles'SO-stopbeingevil' Agreed, and all the Intel / AMD processors currently sold have SHA-1/SHA-256 hardware acceleration anyway. The same goes for most consumer ARM processors I presume, ARM has instructions since the Cortex-A57 (release in 2012!), although they are part of an instruction extension (so some embedded chips may not have this kind of hardware acceleration). Note that having such acceleration doesn't necessarily mean it is always used, but yeah...

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is sha-256 better then sha-1 in aspects othen then the hash size?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.