Talk:Security of cryptographic hash functions

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
???	This article has not yet received a rating on the importance scale.
	This article is supported by WikiProject Computer science.

Computer Security: Computing

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

???

This article has not yet received a rating on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Restructuring proposal[edit]

It seems out of place to have an article dedicated to Provably secure cryptographic hash functions when only the second half of the article discusses these functions, where as the first half discusses security of hash functions in general. Also, the first half of this article is redundant with information given in the first half of Cryptographic hash function. This article appears to be trying to discuss the security of hash functions in general in addition to providing information on "provably secure" ones. — Preceding unsigned comment added by RavelTwig (talk • contribs) 01:52, 28 January 2014

Both proposals seem uncontroversial. I'll do the move myself. You can feel free to also do the merge. Let me know if you need any help with this (I know nothing about the subject at hand, but I can help perform the merge). --BDD (talk) 18:34, 12 February 2014 (UTC)[reply]

Move Proposal[edit]

The following discussion is an archived discussion of the proposal. Please do not modify it. Subsequent comments should be made in a new section on the talk page. No further edits should be made to this section.

The result of the proposal was moved. --BDD (talk) 18:35, 12 February 2014 (UTC)[reply]

Provably secure cryptographic hash function → Security of cryptographic hash functions – Possibly move this article to Security of cryptographic hash functions and then incorporate the content of Cryptographic hash function#Properties and Provably secure cryptographic hash function#Types of Security of Hash Functions along with a section about Provably secure cryptographic hash functions. Relisted. BrownHairedGirl (talk) • (contribs) 18:07, 5 February 2014 (UTC) RavelTwig (talk) 02:11, 28 January 2014 (UTC)[reply]

The above discussion is preserved as an archive of the proposal. Please do not modify it. Subsequent comments should be made in a new section on this talk page. No further edits should be made to this section.

Merge Proposal[edit]

OR merge this article into a "Security" section under Cryptographic hash function and then add subsection Provably secure cryptographic hash function.

RavelTwig (talk) 02:12, 28 January 2014 (UTC)[reply]

Most of this article is about provably secure hash functions. If we remove the section on cryptographic hash functions then the article can be suitably renamed "Provably secure hash function". The comparison to cryptographic hash functions is made in the lead section, so nothing is lost. Nxavar (talk) 09:52, 5 June 2014 (UTC)[reply]

Second paragraph[edit]

Just a few thoughts.

"In the second category are functions that are not based on mathematical problems but on an ad hoc basis, where the bits of the message are mixed to produce the hash. They are then believed to be hard to break, but no such formal proof is given. Almost all widely spread hash functions fall in this category. Some of these functions are already broken and are no longer in use."

Seems to imply that the "second category of functions" algorithms necessarily 'mixes the bits or a message', and what does that even mean? Also, "some of these functions are already broken and are no longer in use", could be elaborated on or perhaps have its own subsection in the article.

"The Meaning of Hard" section seems out of place[edit]

"The Meaning of Hard" section doesn't seem to fit well in the immediate section it is in. But my primary concern is that it doesn't make a clear distinction between the hash size and the key size used in public key systems.

> However, non-existence of a polynomial time algorithm does not automatically ensure that the system is secure. The difficulty of a problem also depends on its size. For example, RSA public key cryptography relies on the difficulty of integer factorization. However, it is considered secure only with keys that are at least 1024 bits large.

In this case, 1024 bits is the key size of the RSA key, and has nothing to do with the "modified hash" that the RSA algorithm encrypts with the public key. I'm assuming the length of the hash is relevant to how "hard" it is to bruteforce, but isn't even mentioned. Anyone who reads that section and isn't already familiar with public key cryptography is going to misunderstand the information; I can't tell if the section needs a rewrite, or if it should be removed entirely.

IQAndreas (talk) 03:05, 9 July 2016 (UTC)[reply]

PSPACE-complete?![edit]

The text says that finding a collision in a particular hash function "is supposed to be hard, at least PSPACE-complete." But, this can't be true unless NP = PSPACE, since finding a collision is trivially in NP. Right?! — Preceding unsigned comment added by NoahSD (talk • contribs) 18:17, 9 January 2019 (UTC)[reply]

Parts of the article need to be rewritten[edit]

As a computer scientist with knowledge of complexity theory but not of cryptographic hashing I am a bit puzzled about what is being said in the article.

As far as I can understand, the article seems to say that commonly used cryptographic hash functions are "hard" only in the sense that nobody seems to have figured out to "break" them (whatever notion of "breaking" is being used.) This seems like a very weak form of "hardness".

Then, there are other cryptographic hash functions, that are "hard" in the complexity theory sense, e.g. NP-hard, so that breaking seems unlikely given that no NP-hard problem has a polynomial time solution algorithm.

However, also this latter hardness is not very strong: very large instances of NP-hard problems are solved, as not all instances of NP-hard problems are at all difficult to solve. There are large classes of instances from any NP-hard problem that can be solved in linear time: they are trivial.

To have a convincing proof of hardness also in the complexity theory sense, one would need to somehow tie the hardness to some empirically hard class of instances of an NP-hard problem.