Survey Paper on Different Type of Hashing Algorithm

SANTHOSH KUMAR J RA2111026050008 | ARASU A RA2111026050051

Abstract: Hash functions play a crucial role in data security on the internet. Cryptographic
hash functions, used in various security applications, transform arbitrary-length data into a
fixed-size output known as a message digest. They ensure message integrity, enabling
recipients to detect any changes made to a message during transmission. This property is
valuable for digital signatures and other applications like random number generation. Many
hash functions, including MD-5, SHA-1, SHA-2, and SHA-3, are based on the Merkle-
Damgard construction, but they are not entirely immune to attacks. This paper explores
vulnerabilities associated with this construction and discusses corresponding attacks.

Keywords: Hashing Algorithms, SHA-1, SHA-2, SHA-3, Merkle-Damgard Construction

I. INTRODUCTION

A cryptographic hash function is a specialized type of hash function designed for

cryptography, mapping data of any size to a fixed-size bit string (hash). It is computationally
impractical to invert, ensuring the output (hash) cannot be reversed to retrieve the original
input without exhaustive search. Bruce Schneier describes them as fundamental in modern
cryptography. The input data is often termed the message, while the output hash is known as
the message digest. A perfect cryptographic hash function ideally possesses five main
properties:

1. Deterministic: Same input always yields the same hash.

2. Fast Computation: Efficiently computes the hash for any input.
3. Pre-image Resistance: It is computationally infeasible to deduce the input from its
hash.
4. Second Pre-image Resistance: Changing even a small part of the input should
significantly change the hash.
5. Collision Resistance: It is infeasible to find two different inputs with the same hash.

1.1 Hashing

Hashing converts data of any size into fixed-size data and is irreversible, unlike encryption. A
hash function ensures that two different inputs produce different hashes and makes it difficult
to reconstruct the original message from the hash (pre-image resistance).

1.2 Hashing Algorithms

a) MD5: This algorithm processes arbitrary-length data into a 128-bit message digest. It
breaks the input into 512-bit blocks, pads it, and appends a 64-bit representation of the
original message length. Despite its widespread use, MD5 is vulnerable to collision attacks,
although practical exploitation is currently slow.

In conclusion, while cryptographic hash functions are crucial for securing data integrity and
supporting digital signatures, their reliance on constructions like Merkle-Damgard exposes
them to potential vulnerabilities. Ongoing research aims to address these weaknesses to
ensure robust cryptographic solutions in the future.

b) **SHA-1**:

Generating collisions in SHA-1 is not straightforward. The attack described on SHA-1

appears feasible with an average cost of 2^61, significantly faster than a generic
birthday attack (which is 2^80), but still quite challenging. It could be argued, with
some simplification, that SHA-1 is more robust than MD5 due to its additional rounds
and more intricate message word integration. While SHA-1 has known
vulnerabilities, they are less severe compared to those of MD5. Therefore, SHA-1 is
often considered a better choice in many scenarios.

c) **SHA-2**:

Secure Hash Algorithm 2 (SHA-2) processes strings of arbitrary length into fixed-size
message digests. The SHA-2 family consists of six hash functions with hash sizes of
224, 256, 384, or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224,
and SHA-512/256. In this algorithm, the message is padded with a '1' bit followed by
as many '0' bits as needed to reach 64 bits less than a multiple of 512. A 64-bit
representation of the original message length is appended at the end of the padded
message. The padded message is processed in 512-bit blocks.

d) **SHA-3**:

SHA-3 is a cryptographic hashing algorithm selected by the NSA in 2012 after a

public competition among non-NSA designers. Initially known as keccak, it was
renamed SHA-3 upon winning the competition. While SHA-3 supports the same
hash lengths as SHA-2, its internal structure is significantly different and resistant to
attacks like length extension, vulnerabilities that both MD5 and SHA-1 were found
susceptible to. The development of SHA-3 was driven by theoretical attacks on SHA-
2, although practical vulnerabilities have not yet been demonstrated.

II. LITERATURE SURVEY

1) This review paper compares various hashing algorithms and their vulnerabilities. It
emphasizes the importance of understanding attack types and selecting appropriate
hashing algorithms to mitigate risks [1].

2) Another research paper compares different secure hashing algorithms based on

their computational efficiency in generating hash values. This helps in choosing the
best hashing algorithm to enhance data security in network applications [7].

3) The review discusses cryptographic hash algorithms, highlighting their role in

ensuring data integrity and authenticity through digital signatures and message
authentication codes (MACs). It underscores that cryptographic hash functions can
be rendered non-cryptographic with slight modifications, benefiting researchers in
networking and information security [6].

4) The paper suggests prioritizing SHA algorithms over MD5 due to their superior
performance. Future research may further validate this conclusion, potentially
establishing SHA algorithms as the preferred choice among cryptographic hash
functions [5].

5) This comparative analysis underscores the significant role of SHA algorithms

compared to MD5, particularly in terms of performance. Future work may explore
dual hashing methods for password storage to leverage both cryptographic strengths
effectively [4].

6) Secure Hash Algorithm 1 (SHA-1) compresses messages into 160-bit outputs,

deemed secure due to its computational infeasibility in predicting messages from
given digests or finding collisions between two messages hashing to the same value.
Despite its theoretical vulnerabilities, SHA-1 and even MD5 are still widely used,
reflecting the current state where known vulnerabilities exist but practical exploits are
not yet prevalent.

In the near future, advancements in computing power may render the SHA-1
hashing algorithm vulnerable to attacks, prompting major corporations like Google
and Microsoft to consider phasing it out for enhanced web security [2]. Current
assessments suggest that most integrity algorithms, except for SHA-2, exhibit
vulnerabilities, with SHA-1 being particularly susceptible to brute force attacks
despite its speed advantage over other secure hash algorithms. Although various
researchers have proposed alternatives, none have matched SHA-1's efficiency in
terms of speed or potential for internal enhancement. Consequently, there is
optimism that a future algorithm could emerge that offers superior security, efficiency,
and bit differentiation compared to existing options.
This paper discusses the suitability of various hashing algorithms, namely SHA-1,
SHA-2, SHA-3, and MD5, for specific message contexts. It acknowledges the
limitations of each algorithm in terms of security and efficiency.

Acknowledgment:
I would like to express my sincere gratitude to Prof. Shrikant Dhamdhere, our HOD,
for his invaluable guidance and support in understanding hashing algorithms. His
insights have greatly facilitated my research and expanded my knowledge in this
field.

References:

[1] G. Tejaswini Bhorkar, "A Survey of Password Attacks and Safe Hashing
Algorithms," International Research Journal of Engineering and Technology (IRJET),
Volume 04, Issue 12, December 2017.

[2] Chaitya B. Shah, Drashti R. Panchal, "Secured Hash Algorithm-1: Review Paper,"
International Journal for Advance Research in Engineering and Technology, Volume
2, Issue X, October 2014.

[3] Ankit Kumar Jain, Rohit Jones, Puru Joshi, "Survey of Cryptographic Hashing
Algorithms for Message Signing," UCST Vol. 8, Issue 2, April - June 2017.

[4] C.G Thomas, Robin Thomas Jose, "A Comparative Study on Different Hashing
Algorithms," International Journal of Innovative Research in Computer and
Communication Engineering, Vol. 3, Special Issue 7, October 2015.
[5] Surbhi Aggarwal, Neha Goyal, Kirti Aggarwal, "A Review of Comparative Study of
MD5 and SHA Security Algorithm," International Journal of Computer Applications
(0975-8887), Volume 104, No. 14, October 2014.

[6] K. Saravanan and A. Senthilkumar, "Theoretical Survey on Secure Hash

Functions and Issues," International Journal of Engineering Research & Technology
(IJERT), ISSN: 2278-0181, Vol. 2, Issue 10, October 2013.

[7] Priyanka Vadhera, Bhumika Lall, "Review Paper on Secure Hashing Algorithm
and Its Variants," International Journal of Science and Research (IJSR), ISSN
(Online): 2319-7064, Impact Factor (2012): 3.358.
[8] Sandhya Verma, G. S. Prajapati, "A Survey of Cryptographic Hash Algorithms and
Issues," International Journal of Computer Security & Source Code Analysis
(IJCSSCA), 2015, Vol. Issue 3, ISSN (Online): 2454-5651.

III CONCLUSION

In this review, we have explored several cryptographic hash algorithms and their
underlying principles. The choice of hash algorithm depends on the specific context
and requirements of the application. Each algorithm offers unique advantages and
limitations, influencing its suitability for different scenarios. By employing various
hashing algorithms, we can ensure the integrity and security of data in diverse use
cases.