Chopped, Stored, Secured – The Story of the Hash Function

(0xkrt26.github.io)

30 points by denismenace4 days ago

2 comments

  • thequux3 hours ago
    I can&#x27;t judge the veracity of the history of hash functions, but the moment it starts talking about cryptography it goes completely off the rails: it seems to indicate that finite field exponentiation o&#x27;r high degree polynomials are used in cryptographic hash functions; they are emphatically not. It presents password hashing as just applying a suggest function to the password; in practice a KDF is used, which is a completely different design space (for a start, KDFs have a tweak parameter, usually called a salt in this context). Finally, there&#x27;s a haven&#x27;t reference to quantum computers breaking hash functions and needing post-quantum algorithms as a result. This does brush with reality in that Grover&#x27;s algorithm does theoretically eat half the first preimage resistance security level of your hash function, but even SHA256 will require 2^128 iterations on a quantum computer, which will likely never be feasible. Worse, it doesn&#x27;t help at all in attacks against second perimeter resistance or collision resistance.<p>Considering that everything I have personal knowledge of here is obviously bunk, best ignore the rest of it too
  • tptacek3 hours ago
    The right way to understand modern general-purpose cryptographic hash functions (like SHA2) is just to understand block ciphers. A hash function is a block cipher&#x27;s permutation core, wired to a &quot;compression&quot; function (much simpler than compression as typically understood; somewhat analogous to the chaining CBC does) that feeds blocks through the same permutation continuously, scrambling state as it goes.<p>Everything gets tweaked differently because you have different constraints and parameters for a hash function than for a block cipher (though: there were SHA3 contestants that used Rijndael&#x2F;AES for the core permutation, which is attractive because it has broad hardware support), but the core doodads are basically the same.<p>(And of course, you can run this argument in reverse and derive a cipher from a hash function trivially. That&#x27;s how Chapoly happened.)
    • ksenzee2 hours ago
      &gt; just to understand block ciphers<p>I have a decent intuition for what a hash function does after twenty years of encountering them in the wild. I don&#x27;t even know what a block cipher is. I understand hash functions less after reading this than I did before. My conclusion is that a hash function is just a block cipher in the category of endofunctors.
      • tptacek2 hours ago
        You know <i>what they do</i>, right, that&#x27;s what you mean by having an intuition for them? Do you understand how they work? Why they&#x27;re designed the way they are? I&#x27;m not saying you need to, but that&#x27;s what the article is about.