What is it, Farmhash?

Asked

Viewed 81 times

2

I recently discovered the FarmHash. Apparently, it is an implementation to hash some data. I was left with some doubts:

  • It behaves in the same way as the most common hashes, such as md5 or sha?
  • What is your main difference in relation to the most "common hashes"?

2 answers

1


  • It behaves in the same way as the most common hashes, such as md5 or sha?

No, the answer is in the link itself as "The functions mix the input bits thoroughly but are not suitable for cryptography.". The difference between the SHA-256 and the FarmHash (as well as the SipHash, MetroHash, CityHash, HighwayHash and the famous CRC32) is that the SHA-256 is an cryptographically secure hash and all others are not.

These noncryptographic hashes are used for hash-Tables, some algorithms (such as Siphash) have been developed to mitigate the attack of Hash-Dos or Hash-Flooding Dos. Others, such as the CRC32 was made to check accidental errors and corruptions.

  • What is your main difference in relation to the most "common hashes"?

Crypto-safe has much higher security criteria, for example they must be unpredictable ("Random oracle") and be collision resistant. Any hash will have collisions due to the beginning of pigeon house, since the hash output is 256 bits and the input is infinite. However, safe hashes are made to make it difficult to find a collision. This also ensures that the second pre-image is resistant.

Although these hashes are not a safe hash, they can be something else... Some of these hashes (like Siphash, maybe others) can be considered a cryptographically secure PRF or MAC. That is, you can exchange the GCM, HMAC and the Poly1305 for SipHash. But, remember that the conditions of a MAC are lower than that of a hash, a MAC is not supposed to be collision safe (although it may also be like the HMAC).

1

From what I understand, they’re hashes for non-cryptographic purposes. Like, they might be good for a hashmap, for a database index, but not for encryption.

"Common" hashes, in the sense of popular, are cryptographic hashes such as MD5 and SHA-1. Such hashes offer two warranties:

a) weak collateral: Given information A and its hash H(A), it is very difficult to forge B such that H(B) = H(A).

b) strong guarantee: It is very difficult to find any A and B values such that H(A) = H(B).

Usually when it is said that a hash has been broken, what has been broken is the "strong guarantee", the weak guarantee remains valid for a while longer. I think the two of them have already gone to the bag in the case of MD5, and the strong guarantee in the case of SHA-1.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.