[cap-talk] use of hashcodes?
David Wagner
daw at cs.berkeley.edu
Tue Feb 23 11:36:54 PST 2010
Raoul Duke wrote:
>is it in any way fair to characterize hash codes along a spectrum e.g.
>from CRC32 over to 'cryptographic' hashes (that is how i've always
>envisioned things), or do people tend to look at them as so
>quantitatively different as to end up being qualitatively different?
I suppose you could characterize the hash by the minimum workfactor
required to create a collision, or the minimum workfactor required to
forge a tag that will be accepted by the receiver (for MACs), or some
similar such metric. However, this may not be very satisfying, because
I suspect you will find that there is not a great deal of spectrum: for
non-cryptographic hashes, the workfactor to break them will probably
typically be about O(1), and for cryptographic hashes, the workfactor
to break them will typically be substantial (e.g., 2^60 or more).
Moreover, intermediate points (e.g., a workfactor of 2^32 to break
it) don't sound likely to be too useful in most practical situations
(because an adversary can easily corral 2^32 cycles). So my guess is
that they are typically so quantitatively different as to end up being
effectively qualitatively different -- as you suggest.
More information about the cap-talk
mailing list