patterncMinor
"Cryptographic" hash function
Viewed 0 times
hashfunctioncryptographic
Problem
I don't know much about the design of cryptographic hash functions but despite that I made an attempt for the sake of learning. This is what I got:
This passes my (certainly lacking) criteria. I'd like to know what are the weaknesses of this function and how it could be exploited if actually used to replace, say, SHA3 in a cryptographic application that requires collision-resistance, non-reversibility and so on.
#include
void hash(int* bits, int bitsLen, int* out, int outLen){
const int tt[9] = {1,2,0,0,0,1,1,2,2};
int st[128], i, k, j, y, a, b, o = 0;
for (i=0; i= bitsLen)
out[o++] = (st[0] + st[1]*3 + st[2]*9 + st[3]*27) % 2;
};
}
void printHex(int* bits, int bitsLen){
int i;
for (i=0; i> i) & 1;
}
int main(){
const int bitsLen = 16;
int bits[bitsLen];
const int outLen = 256;
int out[outLen];
int i;
for (i=0; i<256; ++i){
toBits(i, bits, bitsLen);
hash(bits, bitsLen, out, outLen);
printHex(bits, bitsLen);
printf(": ");
printHex(out, outLen);
printf("\n");
};
}This passes my (certainly lacking) criteria. I'd like to know what are the weaknesses of this function and how it could be exploited if actually used to replace, say, SHA3 in a cryptographic application that requires collision-resistance, non-reversibility and so on.
Solution
First you need to read Schneier's Memo to the Amateur Cipher Designer. All amateur cryptography is faulty, not just yours. I too designed a cryptographic hash, based round RC4, put it out on the web and Scott Fluhrer was kind enough to show me the obvious faults in it. He is an expert, so he knew what to look for. I was not and I did not know what I had to protect against. Our conversation is probably still out there on the sci.crypt Usenet group from 2007.
To design a good hash function you need to know the types of attacks that are used against hashes. For example, does your hash specifically guard against length-extension attacks?
How fast is your hash compared to other current cryptographic hashes such as SHA3?
For a first suggestion, learn how cryptographic hashes pad their input and why. Either incorporate the same technique into your hash or else find a different way to serve the same purpose. You are not the first person to write a hash. Learn so you can stand on the shoulders of giants.
To design a good hash function you need to know the types of attacks that are used against hashes. For example, does your hash specifically guard against length-extension attacks?
How fast is your hash compared to other current cryptographic hashes such as SHA3?
For a first suggestion, learn how cryptographic hashes pad their input and why. Either incorporate the same technique into your hash or else find a different way to serve the same purpose. You are not the first person to write a hash. Learn so you can stand on the shoulders of giants.
Context
StackExchange Code Review Q#153954, answer score: 2
Revisions (0)
No revisions yet.