On Tue, Jul 16, 2024, at 01:08, Rob Landers wrote:
> 
> 
> On Mon, Jul 15, 2024, at 23:29, Tim Düsterhus wrote:
>> Hi
>> 
>> On 7/15/24 16:12, Rob Landers wrote:
>> > This always gets me. "safer" doesn't have a consistent meaning. For
>> 
>> Yes it does. SHA-256 is safer than MD5. And on modern CPUs with sha_ni 
>> extensions, it's also faster. The following is on a Intel i7-1365U:
>> 
>> > $ openssl speed md5 sha1 sha256 sha512
>> > *snip*
>> > version: 3.0.10
>> > built on: Wed Feb 21 10:45:39 2024 UTC
>> > options: bn(64,64)
>> > compiler: *snip*
>> > CPUINFO: OPENSSL_ia32cap=0x7ffaf3ffffebffff:0x98c027bc239c27eb
>> > The 'numbers' are in 1000s of bytes per second processed.
>> > type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 
>> > bytes  16384 bytes
>> > md5             114683.10k   286174.51k   550288.90k   715171.50k   
>> > 783611.22k   788556.46k
>> > sha1            138578.57k   440607.38k  1082163.29k  1674088.45k  
>> > 2017296.38k  2047377.41k
>> > sha256          150670.11k   460483.71k  1054829.57k  1553830.57k  
>> > 1807897.94k  1823981.57k
>> > sha512           41246.76k   181566.07k   341457.66k   645468.50k   
>> > 781042.81k   804296.02k
>> 
>> ----
>> 
>> > example, if you were to want to create a "content addressable
>> > address" using a hash and it needs to fit inside a 128 bit number
>> > (such as a GUID), you may be tempted to take SHA-X and just truncate
>> > it. However, this biases the resulting numbers, which this bias may
>> 
>> This is false. For a hash algorithm to be considered cryptographically 
>> secure (which I consider to be a reasonable definition of "safe"), it - 
>> among other properties - needs to have the "avalanche effect" property, 
>> which means that any change in the input is going to affect each output 
>> bit with 50% probability.
> 
> from a practical perspective across hundreds of millions of hashes of unique 
> ids, I can say that there is a practical and detectable bias when truncating 
> sha-256 hashes. Enough that we were having to throw out a/b test results… I’m 
> not going to write a paper on it and I’m not going to bother arguing the 
> point that no hash function is perfect, but I will point out that “theory” 
> and “reality” don’t always agree. 

I have been corrected. The issue was due to a modulus causing the bias deeper 
in the code.

— Rob

Reply via email to