Secure Hash Algorithms

In the past, many **cryptographic hash algorithms** were proposed and used by software developers. Some of them was **broken** (like **MD5** and **SHA1**), some are still considered secure (like **SHA-2**, **SHA-3** and **BLAKE2**). Let's review the most widely used cryptographic hash functions (algorithms).

Secure Hash Functions

SHA-2, SHA-256, SHA-512

â€‹**SHA-2** is a family of strong cryptographic hash functions: **SHA-256** (256 bits hash), **SHA-384** (384 bits hash), **SHA-512** (512 bits hash), etc. It is based on the cryptographic concept "**Merkleâ€“DamgÃ¥rd construction**" and is considered **highly secure**. SHA-2 is published as official crypto standard in the United States.

Examples of SHA2 hashes:

1

SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824

2

SHA-384('hello') = 59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f

3

SHA-512('hello') = 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043

Copied!

More Hash Bits == Higher Collision Resistance

By design, **more bits at the hash output** are expected to achieve **stronger security** and higher collision resistance (with some exceptions). As general rule, 128-bit hash functions are weaker than 256-bit hash functions, which are weaker than 512-bit hash functions.

Thus, SHA-512 is stronger than SHA-256, so we can expect that for SHA-512 it is more unlikely to practically find a collision than for SHA-256.

SHA-3, SHA3-256, SHA3-512, Keccak-256

â€‹**SHA-3** (and its variants SHA3-224, SHA3-256, SHA3-384, SHA3-512), is considered **more secure than SHA-2** (SHA-224, SHA-256, SHA-384, SHA-512) for the same hash length. For example, SHA3-256 provides **more cryptographic strength than SHA-256** for the same hash length (256 bits).

The **SHA-3** family of functions are representatives of the "**Keccak**" hashes family, which are based on the cryptographic concept "**sponge construction**". Keccak is the winner of the SHA-3 NIST competition.

Unlike **SHA-2**, the **SHA-3** family of cryptographic hash functions are not vulnerable to the "**length extension attack**".

The hash function **Keccak-256**, which is used in the **Ethereum** blockchain, is a variant of SHA3-256 with some constants changed in the code.

The hash functions **SHAKE128(msg, length)** and **SHAKE256(msg, length)** are variants of the **SHA3-256** and **SHA3-512** algorithms, where the output message length can vary.

Examples of SHA3 hashes:

1

SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f424d792af4b9202398f392

2

Keccak-256('hello') = 1c8aff950685c2ed4bc3174f3472287b56d9517b9c948127319a09a7a36deac8

3

SHA3-512('hello') = 75d527c368f2efe848ecf6b073a36767800805e9eef2b1857d5f984f036eb6df891d75f72d9b154518c1cd58835286d1da9a38deba3de98b5a53e5ed78a84976

4

SHAKE-128('hello', 256) = 4a361de3a0e980a55388df742e9b314bd69d918260d9247768d0221df5262380

5

SHAKE-256('hello', 160) = 1234075ae4a1e77316cf2d8000974581a343b9eb

Copied!

BLAKE2 / BLAKE2s / BLAKE2b

[**BLAKE**](https://en.wikipedia.org/wiki/BLAKE_%28hash_function) / **BLAKE2** / **BLAKE2s** / **BLAKE2b** is a family of fast, highly secure cryptographic hash functions, providing calculation of 160-bit, 224-bit, 256-bit, 384-bit and 512-bit digest sizes, widely used in modern cryptography. BLAKE is one of the finalists at the SHA-3 NIST competition.

The **BLAKE2** function is an improved version of **BLAKE**.

The **BLAKE2** hash function has similar security strength like SHA-3, but is less used by developers than SHA2 and SHA3.

Examples of BLAKE hashes:

1

BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8997eb00be456f140ca25

2

BLAKE2b('hello') = e4cfa39a3d37be31c59609e807970799caa68a19bfaa15135f165085e01d41a65ba1e1b146aeb6bd0092b49eac214c103ccfa3a365954bbbe52f74a2b3620c94

Copied!

RIPEMD-160

The **160-bit** variant of **RIPEMD** is widely used in practice, while the other variations like RIPEMD-128, RIPEMD-256 and RIPEMD-320 are not popular and have disputable security strengths.

As recommendation, **prefer using SHA-2 and SHA-3** instead of RIPEMD, because they are more stronger than RIPEMD, due to higher bit length and less chance for collisions.

Examples of RIPEMD hashes:

1

RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd

2

RIPEMD-320('hello') = eb0cf45114c56a8421fbcb33430fa22e0cd607560a88bbe14ce70bdf59bf55b11a3906987c487992

Copied!

All of the above popular secure hash functions (SHA-2, SHA-3, BLAKE2, RIPEMD) are not restricted by commercial patents and are **free for public use**.

Insecure Hash Functions

You can find in Internet that **SHA1 collisions** can be practically generated and this results in algorithms for creating **fake digital signatures**, demonstrated by two different signed PDF documents which hold different content, but have the same hash value and the same digital signature. See https://shattered.io.

Other Secure Hash Functions

The below functions are popular strong cryptographic hash functions, alternatives to SHA-2, SHA-3 and BLAKE2:

â€‹**SM3** is the crypto hash function, officialy standartized by the **Chinese government**. It is similar to SHA-256 (based on the Merkleâ€“DamgÃ¥rd construction) and produces 256-bit hashes.

The below functions are less popular alternatives to SHA-2, SHA-3 and BLAKE, finalists at the SHA-3 NIST competition:

â€‹**Skein** is secure cryptographic hash function, capable to derive 128, 160, 224, 256, 384, 512 and 1024-bit hashes.

â€‹**GrÃ¸stl** is secure cryptographic hash function, capable to derive 224, 256, 384 and 512-bit hashes.

No Collisions for SHA-256, SHA3-256, BLAKE2s and RIPEMD-160 are Known

As of Oct 2018, **no collisions are known** for: **SHA256**, **SHA3-256**, **Keccak-256**, **BLAKE2s**, **RIPEMD160** and few others.

Respectively, on a powerful enough **quantum computer**, it will cost less time: 2256/3 and 2160/3 respectively. Still (as of September 2018) so powerful quantum computers are not known to exist.

Learn more about cryptographic hash functions, their strength and **attack resistance** at: https://z.cash/technology/history-of-hash-function-attacks.htmlâ€‹

Last modified 11d ago