Breaking a toy hash function [link]
Craig Gidney breaks someone’s custom crypto/hash routine, and describes how he did it. This is another reminder that you don’t need to use much math to break most crypto…especially when someone rolls their own.
Things we’ve learned about writing hash functions:
- Don’t write your own hash function.
- Don’t leak entropy. All round operations should be reversible.
- Don’t use the hash’s entire state as its result. Running backwards from the result should be hard. (See also: length extension attack.)
- Use non-linear combinations of operations and apply them a lot. The effects of each input should be difficult to separate. (See also: avalanche effect.)
- Have a result with lots of bits. Collisions should be hard to find. (See also: birthday attack.)
- Don’t write your own hash function (except for fun).