Talk:Security of cryptographic hash functions

Cryptography: Computer science Start‑class

This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography Start This article has been rated as Start-class on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the importance scale. This article is supported by WikiProject Computer science.

Computer security: Computing Start‑class

This article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security Start This article has been rated as Start-class on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the project's importance scale. This article is supported by WikiProject Computing. Things you can help WikiProject Computer security with: Article alerts are available, updated by AAlertBot. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

It seems out of place to have an article dedicated to Provably secure cryptographic hash functions when only the second half of the article discusses these functions, where as the first half discusses security of hash functions in general. Also, the first half of this article is redundant with information given in the first half of Cryptographic hash function. This article appears to be trying to discuss the security of hash functions in general in addition to providing information on "provably secure" ones. — Preceding unsigned comment added by RavelTwig (talk • contribs) 01:52, 28 January 2014

Both proposals seem uncontroversial. I'll do the move myself. You can feel free to also do the merge. Let me know if you need any help with this (I know nothing about the subject at hand, but I can help perform the merge). --BDD (talk) 18:34, 12 February 2014 (UTC)[reply]

OR merge this article into a "Security" section under Cryptographic hash function and then add subsection Provably secure cryptographic hash function.

RavelTwig (talk) 02:12, 28 January 2014 (UTC)[reply]

Most of this article is about provably secure hash functions. If we remove the section on cryptographic hash functions then the article can be suitably renamed "Provably secure hash function". The comparison to cryptographic hash functions is made in the lead section, so nothing is lost. Nxavar (talk) 09:52, 5 June 2014 (UTC)[reply]

Just a few thoughts.

"In the second category are functions that are not based on mathematical problems but on an ad hoc basis, where the bits of the message are mixed to produce the hash. They are then believed to be hard to break, but no such formal proof is given. Almost all widely spread hash functions fall in this category. Some of these functions are already broken and are no longer in use."

Seems to imply that the "second category of functions" algorithms necessarily 'mixes the bits or a message', and what does that even mean? Also, "some of these functions are already broken and are no longer in use", could be elaborated on or perhaps have its own subsection in the article.

"The Meaning of Hard" section doesn't seem to fit well in the immediate section it is in. But my primary concern is that it doesn't make a clear distinction between the hash size and the key size used in public key systems.

> However, non-existence of a polynomial time algorithm does not automatically ensure that the system is secure. The difficulty of a problem also depends on its size. For example, RSA public key cryptography relies on the difficulty of integer factorization. However, it is considered secure only with keys that are at least 1024 bits large.

In this case, 1024 bits is the key size of the RSA key, and has nothing to do with the "modified hash" that the RSA algorithm encrypts with the public key. I'm assuming the length of the hash is relevant to how "hard" it is to bruteforce, but isn't even mentioned. Anyone who reads that section and isn't already familiar with public key cryptography is going to misunderstand the information; I can't tell if the section needs a rewrite, or if it should be removed entirely.

IQAndreas (talk) 03:05, 9 July 2016 (UTC)[reply]

The text says that finding a collision in a particular hash function "is supposed to be hard, at least PSPACE-complete." But, this can't be true unless NP = PSPACE, since finding a collision is trivially in NP. Right?!