I had an argument with a friend of mine. He says it can be used as one, but a hash function should have a strong collision resistance, would a checksum function have it? I'm not quite sure.
Asked
Active
Viewed 269 times
0
-
2There's a difference between *could* and *should*. There are also a lot of different checksums. So there isn't a single answer. – Sami Kuhmonen Jun 01 '17 at 18:48
-
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Cryptography Stack Exchange](http://crypto.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. – jww Jun 05 '17 at 14:02
1 Answers
2
No, a generic checksum function does not have strong collision resistance. You could of course argue that a cryptographic hash function is also a checksum, but that's turning the argument around.
For collision resistance you do have to take the birthday problem into account. This means that the security of a hash function is about half the output size. Anything lower than 160 bits output size (80 bits security) is therefore directly circumspect as brute forcing would come into view. On the very minimum you would like to have 128 bits output, the output of MD-5 (broken) or RIPEMD-128.
In general you can therefore directly dismiss any function that doesn't have at least 128 bits of output. That is, assuming that an adversary isn't limited by other means, for instance a set retry count for generating a hash.
Note that the internal construction is also important; if algorithms haven't been created specifically as cryptographic hash the chance that they are collision resistant is about zero.
Maarten Bodewes
- 90,524
- 13
- 150
- 263