## 10.1 Description

Hash functions are functions that take an input of indeterminate length and produce a fixed-length value, also known as a “digest”.


For a cryptographic hash function, we want it to be impossibly hard to:
1. modify a message without changing the hash.
2. generate a message that has a given hash.
3. find two different messages with the same hash.

## 10.2 MD5

In 2004, based on Dobbertinʼs work, Xiaoyun Wang, Dengguo Feng, Xuejia Lai and Hongbo Yu showed that MD5 is vulnerable to real collision attacks. The last straw came when Xiaoyun Wang et al. managed to generate colliding X.509 certificates and then presented a distinguishing attack on HMAC-MD5.



In [10]:
import hashlib

hashlib.md5(b"crypto101").hexdigest()

'682e475edabffbe9870bf44a2c699e5b'

## 10.3 SHA-1

SHA-1 is another hash function from the MD4 family designed by the NSA, which produces a 160-bit digest. In the past methods to cause collisions on reduced versions of SHA-1 have been published, including one by Xiaoyun Wang. “The SHAppening” demonstrated freestart collisions for SHA-1.

In [11]:
import hashlib

hashlib.sha1(b"crypto101").hexdigest()

'0ce9daa99428182f2196c29e55919c18e2e76a6d'

## 10.4 SHA-2

SHA-2 is a family of hash functions including SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 and their digest sizes 224, 256, 384, 512, 224 and 256 respectively.

It is important to note that by removing a certain amount of rounds one can't attack the entire algorithm. For instance, Somitra Kumar Sanadhya and Palash Sarkar were able to cause collisions with SHA-256 using 24 of 64 rounds (removing the last 40 rounds). [SS08]

In [9]:
import hashlib

len(hashlib.sha224(b"").hexdigest())

56

## 10.5 Keccak and SHA-3

Keccak is a family of sponge functions designed by Guido Bertoni, Joan Daemen, Gilles Van Assche and Michaël Peeters, which won NISTʼs Secure Hash Algorithm Competition in 2012.

Although SHA-3 sounds like it might come from the same family as SHA-2, the two are designed very differently. SHA-3 is very efficient in hardware [Hua], but is relatively slow in software in comparison to SHA-2.

In [12]:
import hashlib

hashlib.sha3_224(b"crypto101").hexdigest()

'789f90b056ed55483b52fd1dc5650fabf0b3dd08288c7016b2616561'