For 128 bit hash function, what is the best method to select?

Question

For 128 bit hash method, there are several choices like, md5 and murmur3, which is the best?

Do you need collision resistance, or only (second) preimage resistance? — CodesInChaos, Jan 13 '12 at 15:31
MD5 is broken regarding collisions, and murmur3 isn't a cryptographic hash. — CodesInChaos, Jan 13 '12 at 15:35
Please elaborate on your requirements. Do you want to protect against an attacker, or only against accidents. — CodesInChaos, Jan 13 '12 at 15:36

score 2 · Answer 1 · answered Jan 13 '12 at 15:25

2

From the security perspective they are all bad because 128 bit is nowadays much too short.

Therefore you want a cryptographically secure hash take e.g. RIPEMD-160 (which is AFAIR not as much broken as SHA-1).

If don't need real security it doesn't matter if you use md5 or murmur3 or whatever 128 bit hash.

answered Jan 13 '12 at 15:25

Robert

4

Much too short is exaggerating the matter a bit, brute forcing a 128 bit collision is still pretty hard, and brute-forcing a 128 pre-image is practically impossible. Still I'd use a 160+ bit hashfunction if collision resistance is required. – CodesInChaos Jan 13 '12 at 15:33

1 Answers1