SHA1 creates a 20-byte hash
SHA256 creates a 32-byte hash
If I used only the first 20 bytes of SHA256, would it have the same collision resistance as SHA1, or is the weakness of SHA1 purely in the hash length and not the algorithm?
Asked
Active
Viewed 271 times
1 Answers
2
SHA-1 and SHA-256 are two different algorithms.
If you only use them for hashing, then there is no practical difference between first 20 bytes of SHA-256 and SHA-1, except of course that SHA-256 is slower.
If however, you care about resistance to collision attacks, then SHA-1 has several known vulnerabilities that reduce the complexity of an attack to the point that it can be considered practical. On the other hand, there are no currently known practical attacks on SHA-256. So at least in theory, 20 bytes from SHA-256 should give you better resistance against attacks than SHA-1.
jurez
- 4,436
- 2
- 12
- 20