Re: Fast 32-bit Hash

From: John E. Hadstate (jh113355_at_hotmail.com)
Date: 02/24/04 

Date: Tue, 24 Feb 2004 06:40:40 -0500

"Cristiano" <cristiano.pi@NSquipo.it> wrote in message
news:ytt_b.12126$gk.546262@news3.tin.it...
> John Hadstate wrote:
> > Aside from the obvious fact that a 32-bit hash is mostly too short for
> > a cryptographic hash, does anyone see any obvious attacks or other
> > problems?
>
> I used your hash like a prng:
>
> unsigned long FastHash(void)
> {
> static unsigned long A=Seed;
> unsigned long t=A;
> for(int i=0;i<4;i++) { A=FastHash(A,t); t>>=8; }
> return A;
> }
>
> it fails sistematically several tests for randomness (e.g. the up'n'down
> runs test, Maurer). This could leads to an attack.
> The speed is good; I get 21.5 MBytes/s on a Athlon 3000+ (while I get 5
> MBytes/s with the SHA-1 used the same way).
>
> Cristiano

Thanks for the information. I'm not surprised at your results. Feedback
circuits can be very tricky and counter-intuitive. Applying feedback around
a component that already has substantial internal feedback can produce
instability and unexpected behavior that wasn't present originally. I think
you'd see better results if you used it CTR mode (just increment the data
byte each time before you feed it to the hash.)

I don't think the "FastHash" algorithm is good for much. I doubt that it
has any value as a cipher. It's too slow to have any advantage over SHA1.
I wouldn't trust it as a PRNG because it relies too heavily on PRNGs that
have been demonstrated to be equivalent to LFSRs. That should pretty-well
rule out interest from the sci.crypt community.

Relevant Pages

  • Re: sci.crypt sandbox?
    ... "Tom St Denis" wrote ... before being used to seed the pring used to encrypt the file. ... recover the entire prng just before the file is encrypted), ... My hash routine was designed to generate a *unique* hash for small ...
    (sci.crypt)
  • [REVS] Denial of Service via Algorithmic Complexity Attacks
    ... both binary trees and hash tables can degenerate to linked lists with ... demonstrate attacks against the hash table implementations in two versions ... Bro server to its knees; after six minutes of carefully chosen packets, ...
    (Securiteam)
  • Re: risk of crypt(3) + [NT]LM hashes?
    ... >Has any analysis been performed on the risk of using the same password ... how about the risks of encrypting it under Windows hash alone? ... that's one of the attacks described at the URL above. ...
    (sci.crypt)
  • Re: Rainbow Tables
    ... I guess what I should have asked was what is the best program or method of creating hash tables since I doubt I'll remember the name since I say it in passing.... ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ... Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: [fw-wiz] Application-level Attacks
    ... >are application layer attacks! ... of hash function, with morphological characteristics as the key. ... in are things which are best stated as parts of a risk analysis: ... Turns out that the OSI seven layer ...
    (Firewall-Wizards)