
Lifetimes of cryptographic hash functions - luu
http://valerieaurora.org/hash.html
======
tytso
This has been discussed before, about 9 months ago:
[https://news.ycombinator.com/item?id=6123720](https://news.ycombinator.com/item?id=6123720)

And this page was largely written in 2007, although it's been updated a few
times since.

I'll also note that Val's "Compare by hash considered harmful" is not a
conclusion which is widely shared. One can also worry about two people
randomly (assuming quality random number generators) choosing the same RSA
public key. Or we can worry about all of the oxygen molecules in the room
simultaneously randomly deciding to concentrate into a corner of the room such
that you die of asphyxiation. Sure, these things are _possible_; but whether
you should therefore say that "life on earth is clearly broken because we are
only probablistically correct and not provably correct" might be considered by
some to be a somewhat insane conclusion.

------
pohl
Don't miss the table at the bottom: "Reactions to stages in the life cycle of
cryptographic hash functions". Reach each row. Be entertained.

------
nanofortnight
I'm surprised SHA2 is labelled as "weakened" since there's no real reason to
believe so.

~~~
cperciva
I agree. There was some concern around 2005-2009 about whether the attacks
which broke earlier hashes could be extended to SHA256, but at this point it
looks like those fears aren't coming to pass.

------
eranation
A very naive question by a non crypto expert: where is scrypt and bcrypt? is
that because they are simply iterating another hash function or something?
this is why I don't see PBKDF?

~~~
cschmidt
They are different things. I think the proper term for scrypt, bcrypt, etc. is
a key derivation function. They take a password, add a salt, and produce a key
that can be used for authentication.

[http://en.wikipedia.org/wiki/Key_derivation_function](http://en.wikipedia.org/wiki/Key_derivation_function)

The hash functions in the OP are cryptographic hash functions.

[http://en.wikipedia.org/wiki/Cryptographic_hash_function](http://en.wikipedia.org/wiki/Cryptographic_hash_function)

The 'cryptographic' part of the name means that it is hard to find two files
that produce a collision (hash to the same value).

I believe that key derivation functions will include cryptographic hash
functions.

------
majke
Please notice Valerie, she is absolutely brilliant.

[http://valerieaurora.org/](http://valerieaurora.org/)

This is my personal favorite:
[http://valerieaurora.org/tcpip.html](http://valerieaurora.org/tcpip.html)

------
conductor
What about Whirlpool?

~~~
dsl
There are lots and lots of hash functions lacking widespread adoption or
standardization. I don't remember the exact timeframe, but djb once told me he
came up with CubeHash in some number of days.

~~~
conductor
Whirlpool though is standardized (as ISO/IEC 10118-3) and it is one of the
three available hash functions (along with SHA-512 and RIPEMD-160) for use in
TrueCrypt.

------
dfc
The "Breakout" chart would be awesome if the color/stage change cell linked to
the relevant result. Does anyone know o a resource like this?

------
arthuredelstein
According to the chart, RIPEMD-160 is deprecated. Does anyone know of a
citation?

