Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Putting this into another answer because it's just too much to type for a comment.</p> <p>The definition of 2nd-preimage-resistant is you have h(x) and x, and can't create x'. </p> <p>The definition of preimage-resistant (without second!) means you have only h(x), and can't create x.</p> <p>And the definition of collision resistant is you have nothing, and may choose any h(x), x and x'.</p> <p>If you use the hash to sign a plaintext message, you need 2nd-preimage-resistancy, but not collision resistancy. It doesn't matter to you if someone can find two colliding messages that produce a hash that is different from yours, but you want to make sure noone is able to craft a <em>different</em> message that has the your hash, even if they know your plaintext. </p> <p>If you use the hash to store hashed passwords, you don't care about collision resistance, and you don't care about 2nd-preimage-resistance, preimage-resistance is all you need. If an attacker knows one password, you don't really care if he can use that password to find a different one.</p> <p>So these were two examples where collision resistance is not required, but preimage-resistance or 2nd-preimage-resistance is.</p> <p>As to "Not collision resistant not necessarily means Not 2nd-preimage resistant", why is that? , consider the hash function <code>if x has less then 24 bits, then h(x)=0, else h(x)=sha256(x)</code>. This is very obviously not collision resistant (choose any 2 words that have less than 4 letters), but, as long as your text is longer, this function is preimage-resistant and 2nd-preimage-resistant (assuming sha256 hasn't been broken yet).</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload