undefined | Better HN

0 pointsjlokier6y ago0 comments

> but 256 bits is already extremely strong

The strength of hashes like SHA-256 doesn't just come from the number of output bits.

The 256 bits there is relevant for brute force attacks, but not more sophisticated attacks that take into account the internal structure of the hash algorithm, and in some cases "weak" values.

SHA-512 performs more "rounds" of computation than SHA-256.

Although it's impossible to compare two different hashes on rounds alone, in general a large number of rounds of the same type of hash decreases the likelihood of non-brute-force attacks finding a collision.

If you look at the literature for attacks on hashes, they will often say they could do it for a certain number of rounds, and that number increases over time as new methods are discovered.

The number of rounds in the hash design is chosen with this in mind, trying to balance being more than sufficient for future attacks yet not too slow.

0 comments

3 comments · 1 top-level

tptacek6y ago· 2 in thread

Cryptographic engineers do not in fact think you should use SHA-2-512 so that you can maximize the number of times the round function is applied.

jlokierOP6y ago

I'm not sure what that sentence means, can you rephrase it?

tptacek6y ago

The analysis you have provided for why SHA-512 is superior to SHA-256 is faulty.

1 more reply

j / k navigate · click thread line to collapse