Page 207 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 207

SHA-2 (SHA-256, SHA-384, SHA-512): A family of stronger hashing algorithms released in 2002. These
            offer significant improvements in security over MD5 and SHA-1.

               o  Pros: Considered collision resistant for the foreseeable future. Different variants (SHA-256, SHA-
                   384, SHA-512) offer varying levels of security and output hash lengths.
               o  Cons: Can be computationally expensive compared to older algorithms like MD5. SHA-384 and
                   SHA-512 produce longer hash outputs which might not be ideal for all storage scenarios.




            The Move Towards SHA-3:

               o  SHA-3: The latest addition to the SHA family, released in 2015. It uses a completely different
                   cryptographic design compared to SHA-2 for enhanced security.
                       o  Pros: Considered the most secure hashing algorithm from NIST as of today. Resistant to
                          currently known attacks.
                       o  Cons: Newer  algorithm,  so  hardware  and  software  support  might  be  less  widespread
                          compared to older options.



            Choosing the Right Algorithm:

            The choice of hashing algorithm depends on the specific application and its security needs. For critical
            tasks like password storage or digital signatures, using a strong and collision-resistant algorithm like
            SHA-256 or SHA-3 is recommended. For less critical tasks where speed is a priority, an older algorithm
            like MD5 might be used for initial checks, followed by verification with a stronger algorithm.


            Remember, the world of cryptography is constantly evolving, and new vulnerabilities might be discovered
            in existing algorithms. It’s important to stay updated on the latest recommendations and choose hashing
            algorithms based on their current security posture.



            Is Hashing a one-way Function?

            Yes, hashing is a one-way function. This means you can easily take data and create a hash from it, but
            it’s very difficult, practically impossible, to do the opposite - turn the hash back into the original data.

            Here’s why:

               •  Avalanche Effect: Most secure hashing algorithms are designed with an “avalanche effect.” This means
                   that a small change in the original data (like flipping a single bit) results in a significant change in the hash
                   output. Imagine the hashing recipe is like a complex mousetrap. A tiny change in how you set the trap
                   (data) can completely alter the outcome (hash).
               •  Fixed-Size Output: Hash functions compress data into a fixed-size output (hash). This output is much
                   shorter than the original data, making it mathematically challenging to recreate the original data from just
                   the short hash. It’s like trying to rebuild a house from just its tiny address.





                                                                                                            207
   202   203   204   205   206   207   208   209   210   211   212