Home > Tech > Breaking a toy hash function [link]

Breaking a toy hash function [link]

http://twistedoakstudios.com/blog/Post4706_breaking-a-toy-hash-function

Craig Gidney breaks someone’s custom crypto/hash routine, and describes how he did it. This is another reminder that you don’t need to use much math to break most crypto…especially when someone rolls their own.

Things we’ve learned about writing hash functions:

  1. Don’t write your own hash function.
  2. Don’t leak entropy. All round operations should be reversible.
  3. Don’t use the hash’s entire state as its result. Running backwards from the result should be hard. (See also: length extension attack.)
  4. Use non-linear combinations of operations and apply them a lot. The effects of each input should be difficult to separate. (See also: avalanche effect.)
  5. Have a result with lots of bits. Collisions should be hard to find. (See also: birthday attack.)
  6. Don’t write your own hash function (except for fun).
Advertisements
Categories: Tech
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s