Re: cryptographic hash functions versus non-cryptographic hash functions

Vend <vend82@xxxxxxxxxxx> wrote:
On 31 Dic, 11:38, "Sebastian G." <se...@xxxxxxxxx> wrote:
In further addition, cryptographic hash function are intended to not leak
any information about the input.

A hash function (indeed, any function the adversary can compute) always
leaks some information about the input. Specifically, you can decide if
a given hash is the hash value of a given input.

That said, it is possible to define what it means for a hash function to
leak minimal information about the input, and it is sometimes desirable
for hash functions to have this property. Not all good hash functions
have this property, of course.

Consider a hash function that takes the first 16 bytes of a message and
prepends the SHA-256 hash of the full message. This hash is as least as
resistant to collisions and preimages as SHA-256 itself, but trivially leaks
information.

It might not be as resistant ash SHA-256.

For sure, it isn't resistant to certain preimage attacks! Preimages
of any message (pretty close, at least) at most 16 bytes long can be
trivially recovered.

As for collisions and second preimage attacks, it is provably as secure
as SHA-256.

--
Kristian Gjøsteen
.

Relevant Pages

  • Re: cryptographic hash functions versus non-cryptographic hash functions
    ... Kristian Gjøsteen wrote: ... as the block size of the hash function, it's also resistant again preimage attacks. ... To ensure that the hash function doesn't discard a non-negligible amount of entropy. ...
    (sci.crypt)
  • Re: Humble Contribution
    ... > resistant, then it is not collitision resistant. ... > attack, however, is not an attack against preimage resistance, nor ... function is collision resistant but not preimage resistant. ... apparently sometimes expect a hash function to have. ...
    (sci.crypt)