## Hash Algorithms

Hash Algorithms help make online business and communication more secure.

Below we talk about known and widly used hash algorithms. To find the one you would like to learn about just click it in the index below to be taken to that portion of the page. We understand a lot of this information is already on the internet this is just a place to view it all in an easier fashion we link back to our sources and quote what we did not write.

The message digest algorithm first came about in August1989 (MD2) by Ronald Rivest.

This hash is no longer considered secure even though it is still in use.

“The **MD2 Message-Digest Algorithm** is a cryptographic hash function developed by Ronald Rivest in 1989. The algorithm is optimized for 8-bitcomputers. MD2 is specified in RFC 1319. Although MD2 is no longer considered secure, even as of 2010, it remains in use in public key infrastructures as part of certificates generated with MD2 and RSA.”

http://en.wikipedia.org/wiki/MD2_(cryptography)

The MD4 hash is still in use but considered to be insecure just like MD2. The first collision attacks happened in 1995.

“The security of MD4 has been severely compromised. The first full collision attack against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical preimage attackalso exists.

A variant of MD4 is used in the ed2k URI scheme to provide a unique identifier for a file in the popular eDonkey2000 / eMule P2P networks. MD4 was also used by the rsync protocol (prior to version 3.0.0.)

MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista and 7.”

http://en.wikipedia.org/wiki/MD4

This is a widely known hash used by many applications to verify passwords. It is a very popular and secure hash algorithm that can be easily implemented into applications and scripts many websites use this hash. However the CMU Software Engineering Institute now say that MD5 “should be considered cryptographically broken and unsuitable for further use”. Not get let down though this hash is very suitable for most use however not good enough for government use as they rely on the more secure SHA hash methods.

“The **MD5** message-digest algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. Specified in RFC 1321, MD5 has been utilized in a wide variety of security applications, and is also commonly used to check data integrity. MD5 was designed byRon Rivest in 1991 to replace an earlier hash function, MD4. An MD5 hash value is typically expressed as a hexadecimal number, 32 digits long.

However, it has since been shown that MD5 is not collision resistant; as such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property. In 1996, a flaw was found with the design of MD5, and while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1—which has since been found to be vulnerable as well. In 2004, more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable—specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum. Further advances were made in breaking MD5 in 2005, 2006, and 2007. In December 2008, a group of researchers used this technique to fake SSL certificate validity, and CMU Software Engineering Institute now says that MD5 “should be considered cryptographically broken and unsuitable for further use”, and most U.S. government applications now require theSHA-2 family of hash functions.”

http://en.wikipedia.org/wiki/MD5

MD6 is not ready for use due to it has speed issues and has no proof of being better than MD5.

“The **MD6 Message-Digest Algorithm** is a cryptographic hash function. It uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. Authors claim a performance of 28 cycles per byte for MD6-256 on an Intel Core 2 Duo and provable resistance againstdifferential cryptanalysis.

Speeds in excess of 1 GB/s have been reported to be possible for long messages on 16-core CPU architecture.

The design of Merkle tree is based on the claims from Intel describing the future of hardware processors with tens and thousands of cores instead of the conventional uni-core systems. With this in mind, Merkle tree hash structures exploit full potential of such hardware while being appropriate for current uni/dual core architectures.

In December 2008, Douglas Held of Fortify Software discovered a buffer overflow in the original MD6 hash algorithm’s reference implementation. This error was later made public by professor Ron Rivest on 19 February 2009, with a release of a corrected reference implementation in advance of the Fortify Report.

MD6 was submitted to the NIST SHA-3 competition. However, on July 1, 2009, Rivest posted a comment at NIST that MD6 is not yet ready to be a candidate for SHA-3 because of speed issues, a “gap in the proof that the submitted version of MD6 is resistant to differential attacks”, and an inability to supply such a proof for a faster reduced-round version, although Rivest also stated at the MD6 website that it is not withdrawn formally. MD6 did not advance to the second round of the SHA-3 competition. In September 2011, a paper presenting an improved proof that MD6 and faster reduced-round versions are resistant to differential attacks was posted to the MD6 website.

The algorithm’s first known production use was in the Conficker.B worm in December 2008; the worm’s authors subsequently updated Conficker with the corrected implementation once the buffer overflow vulnerability became known.”

http://en.wikipedia.org/wiki/MD6

This hash method was designed by the United States NSA (National Security Agency) in 1993 (SHA0).

Algorithm and variant | Output size(bits) | Internal statesize (bits) | Block size(bits) | Max messagesize (bits) | Word size(bits) | Rounds | Operations | Collisionsfound? | |
---|---|---|---|---|---|---|---|---|---|

SHA-0 |
160 | 160 | 512 | 264 − 1 | 32 | 80 | add, and, or, xor, rotate, mod | Yes | |

SHA-1 |
Theoretical attack (260)[6] | ||||||||

SHA-2 |
SHA-256/224 |
256/224 | 256 | 512 | 264 − 1 | 32 | 64 | add, and, or, xor, rotate, mod, shift | No |

SHA-512/384 |
512/384 | 512 | 1024 | 2128 − 1 | 64 | 80 |

http://en.wikipedia.org/wiki/SHA-1

“At CRYPTO 98, two French researchers, Florent Chabaud and Antoine Joux, presented an attack on SHA-0 (Chabaud and Joux, 1998): collisions can be found with complexity 261, fewer than the 280 for an ideal hash function of the same size.

In 2004, Biham and Chen found near-collisions for SHA-0—two messages that hash to nearly the same value; in this case, 142 out of the 160 bits are equal. They also found full collisions of SHA-0 reduced to 62 out of its 80 rounds.

Subsequently, on 12 August 2004, a collision for the full SHA-0 algorithm was announced by Joux, Carribault, Lemuet, and Jalby. This was done by using a generalization of the Chabaud and Joux attack. Finding the collision had complexity 251 and took about 80,000 CPU hours on a supercomputer with 256 Itanium 2 processors. (Equivalent to 13 days of full-time use of the computer.)

On 17 August 2004, at the Rump Session of CRYPTO 2004, preliminary results were announced by Wang, Feng, Lai, and Yu, about an attack on MD5, SHA-0 and other hash functions. The complexity of their attack on SHA-0 is 240, significantly better than the attack by Joux *et al*

In February 2005, an attack by Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu was announced which could find collisions in SHA-0 in 239 operations.

In light of the results for SHA-0, some experts suggested that plans for the use of SHA-1 in new cryptosystems should be reconsidered. After the CRYPTO 2004 results were published, NIST announced that they planned to phase out the use of SHA-1 by 2010 in favor of the SHA-2 variants.”

http://en.wikipedia.org/wiki/SHA-1#SHA-0

“SHA-1 produces a message digest based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4 andMD5 message digest algorithms, but has a more conservative design.

The original specification of the algorithm was published in 1993 as the *Secure Hash Standard*, FIPS PUB 180, by U.S. government standards agency NIST (National Institute of Standards and Technology). This version is now often referred to as *SHA-0*. It was withdrawn by NSA shortly after publication and was superseded by the revised version, published in 1995 in FIPS PUB 180-1 and commonly referred to as *SHA-1*. SHA-1 differs from SHA-0 only by a single bitwise rotation in the message schedule of its compression function; this was done, according to NSA, to correct a flaw in the original algorithm which reduced its cryptographic security. However, NSA did not provide any further explanation or identify the flaw that was corrected. Weaknesses have subsequently been reported in both SHA-0 and SHA-1. SHA-1 appears to provide greater resistance to attacks, supporting the NSA’s assertion that the change increased the security.”

http://en.wikipedia.org/wiki/SHA-1

“**SHA-2** is a set of cryptographic hash functions (**SHA-224, SHA-256, SHA-384, SHA-512**) designed by the U.S. National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard. A hash function is an algorithm that transforms (hashes) an arbitrary set of data elements, such as a text file, into a single fixed length value (the hash). The computed hash value may then be used to verify the integrity of copies of the original data without providing any means to derive said original data. This irreversibility means that a hash value may be freely distributed or stored, as it is used for comparative purposes only. SHA stands for Secure Hash Algorithm. SHA-2 includes a significant number of changes from its predecessor, SHA-1. SHA-2 consists of a set of four hash functions with digests that are 224, 256, 384 or 512 bits.

The security provided by a hashing algorithm is entirely dependent upon its ability to produce a unique value for any specific set of data. When a hash function produces the same hash value for two different sets of data then a collision is said to occur. Collision raises the possibility that an attacker may be able to computationally craft sets of data which provide access to information secured by the hashed values of pass codes or to alter computer data files in a fashion that would not change the resulting hash value and would thereby escape detection. A strong hash function is one that is resistant to such computational attacks. A weak hash function is one where a computational approach to producing collisions is believed to be possible. A broken hash function is one where a computational method for producing collisions is known to exist.

In 2005, security flaws were identified in SHA-1, namely that a mathematical weakness might exist, indicating that a stronger hash function would be desirable. Although SHA-2 bears some similarity to the SHA-1 algorithm, these attacks have not been successfully extended to SHA-2.

The NIST hash function competition selected a new hash function, SHA-3, in 2012. The SHA-3 algorithm is not derived from SHA-2.”

http://en.wikipedia.org/wiki/SHA-2

**“SHA-3**, originally known as **Keccak** is a cryptographic hash function designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche, building upon RadioGatún.

On October 2, 2012, Keccak was selected as the winner of the NIST hash function competition. SHA-3 is not meant to replace SHA-2, as no significant attack on SHA-2 has been demonstrated. Because of the successful attacks on MD5, SHA-0 and theoretical attacks on SHA-1, NISTperceived a need for an alternative, dissimilar cryptographic hash, which became SHA-3.

SHA-3 uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly permuted. In the version used in SHA-3, the state consists of a 5×5 array of 64-bit words, 1600 bits total. The authors claim 12.5 cycles per byte on an Intel Core 2 CPU. However, in hardware implementations it is notably faster than all other finalists.

Keccak’s authors have proposed additional, not-yet-standardized uses for the function, including an authenticated encryption system and a “tree” hash for faster hashing on certain architectures. Keccak is also defined for smaller power-of-2 word sizes *w* down to 1 bit (25 bits total state). Small state sizes can be used to test cryptanalytic attacks, and intermediate state sizes (e.g., from *w*=4, 100 bits, to *w*=32, 800 bits) could potentially provide practical, lightweight, alternatives.”

http://en.wikipedia.org/wiki/SHA-3

**Comparisons**

MD5 is a stable and secure hash algorithm to use, you can also use it to checksum downloaded files. SHA is a more secure hash system and if you can implement it you might as well.