Secure Hash Algorithms
Last updated
Was this helpful?
Last updated
Was this helpful?
In the past, many cryptographic hash algorithms were proposed and used by software developers. Some of them was broken (like MD5 and SHA1), some are still considered secure (like SHA-2, SHA-3 and BLAKE2). Let's review the most widely used cryptographic hash functions (algorithms).
Modern cryptographic hash algorithms (like SHA-3 and BLAKE2) are considered secure enough for most applications.
is a family of strong cryptographic hash functions: SHA-256 (256 bits hash), SHA-384 (384 bits hash), SHA-512 (512 bits hash), etc. It is based on the cryptographic concept "" and is considered highly secure. SHA-2 is published as official crypto standard in the United States.
SHA-2 is widely used by developers and in cryptography and is considered cryptographically strong enough for modern commercial applications.
SHA-256 is widely used in the Bitcoin blockchain, e.g. for identifying the transaction hashes and for the proof-of-work mining performed by the miners.
Examples of SHA2 hashes:
By design, more bits at the hash output are expected to achieve stronger security and higher collision resistance (with some exceptions). As general rule, 128-bit hash functions are weaker than 256-bit hash functions, which are weaker than 512-bit hash functions.
Thus, SHA-512 is stronger than SHA-256, so we can expect that for SHA-512 it is more unlikely to practically find a collision than for SHA-256.
SHA-3 is considered highly secure and is published as official recommended crypto standard in the United States.
The hash function Keccak-256, which is used in the Ethereum blockchain, is a variant of SHA3-256 with some constants changed in the code.
The hash functions SHAKE128(msg, length) and SHAKE256(msg, length) are variants of the SHA3-256 and SHA3-512 algorithms, where the output message length can vary.
Examples of SHA3 hashes:
The BLAKE2 function is an improved version of BLAKE.
BLAKE2s (typically 256-bit) is BLAKE2 implementation, performance-optimized for 32-bit microprocessors.
BLAKE2b (typically 512-bit) is BLAKE2 implementation, performance-optimized for 64-bit microprocessors.
The BLAKE2 hash function has similar security strength like SHA-3, but is less used by developers than SHA2 and SHA3.
Examples of BLAKE hashes:
The 160-bit variant of RIPEMD is widely used in practice, while the other variations like RIPEMD-128, RIPEMD-256 and RIPEMD-320 are not popular and have disputable security strengths.
As recommendation, prefer using SHA-2 and SHA-3 instead of RIPEMD, because they are more stronger than RIPEMD, due to higher bit length and less chance for collisions.
Examples of RIPEMD hashes:
All of the above popular secure hash functions (SHA-2, SHA-3, BLAKE2, RIPEMD) are not restricted by commercial patents and are free for public use.
The below functions are popular strong cryptographic hash functions, alternatives to SHA-2, SHA-3 and BLAKE2:
As of Oct 2018, no collisions are known for: SHA256, SHA3-256, Keccak-256, BLAKE2s, RIPEMD160 and few others.
Brute forcing to find hash function collision as general costs: 2128 for SHA256 / SHA3-256 and 280 for RIPEMD160.
Respectively, on a powerful enough quantum computer, it will cost less time: 2256/3 and 2160/3 respectively. Still (as of September 2018) so powerful quantum computers are not known to exist.
(and its variants SHA3-224, SHA3-256, SHA3-384, SHA3-512), is considered more secure than SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512) for the same hash length. For example, SHA3-256 provides more cryptographic strength than SHA-256 for the same hash length (256 bits).
The SHA-3 family of functions are representatives of the "Keccak" hashes family, which are based on the cryptographic concept "". Keccak is the winner of the .
Unlike SHA-2, the SHA-3 family of cryptographic hash functions are not vulnerable to the "".
[BLAKE](https://en.wikipedia.org/wiki/BLAKE_%28hash_function) / BLAKE2 / BLAKE2s / BLAKE2b is a family of fast, highly secure cryptographic hash functions, providing calculation of 160-bit, 224-bit, 256-bit, 384-bit and 512-bit digest sizes, widely used in modern cryptography. BLAKE is one of the finalists at the .
is a secure hash function, widely used in cryptography, e.g. in PGP and Bitcoin.
Old hash algorithms like , and are considered insecure and were withdrawn due to cryptographic weaknesses (collisions found). Don't use MD5, SHA-0 and SHA-1! All these hash functions are proven to be cryptographically insecure.
You can find in Internet that SHA1 collisions can be practically generated and this results in algorithms for creating fake digital signatures, demonstrated by two different signed PDF documents which hold different content, but have the same hash value and the same digital signature. See .
Avoid using of the following hash algorithms, which are considered insecure or have disputable security: , , , , , , (disputable security, collisions found for HAVAL-128), (disputable, weaknesses found), (it is not a cryptographic hash function).
is secure cryptographic hash function, which produces 512-bit hashes.
is the crypto hash function, officialy standartized by the Chinese government. It is similar to SHA-256 (based on the Merkle–Damgård construction) and produces 256-bit hashes.
(GOST R 34.11-94) is secure cryptographic hash function, the Russian national standard, described in . It produces 256-bit hashes.
The below functions are less popular alternatives to SHA-2, SHA-3 and BLAKE, finalists at the :
is secure cryptographic hash function, capable to derive 128, 160, 224, 256, 384, 512 and 1024-bit hashes.
is secure cryptographic hash function, capable to derive 224, 256, 384 and 512-bit hashes.
is secure cryptographic hash function, capable to derive 224, 256, 384 and 512-bit hashes.
Learn more about cryptographic hash functions, their strength and attack resistance at: