Birthday attack
This article may be deleted soon. | ||
---|---|---|
A birthday attack is a cryptanalytic attack based on the mathematics exemplified by the birthday paradox. This math turns up whenever the question of two cryptographic operations producing the same result becomes an issue.
A good approximation for the number of instances required to find a collision is . For example, to have a 50% chance of finding two birthdays the same, you need people. In cryptography, the constant 1.18 can be ignored; we just say that for an object of size bits, the attack cost is about or . To find a collision in a 128-bit hash, the attacker needs to perform, on average, about 264 hash operations, to find a repeated ciphertext for a 64-bit block cipher or a repetition of a 64-bit challenge, he needs to collect and store about 232 samples, and so on. Hashes are therefore routinely designed for output twice as large as the key size of the ciphers they are intended for use with. A brute force attack on a block cipher with a 128-bit key, for example, needs on average 2127 encryptions. To provide authentication in a system that uses such a block cipher, or to hash a passphrase to produce a key for it, a hash algorithm with comparable strength is needed. A 256-bit hash is required to give 2128 resistance to a birthday attack. In US government standards, for example, the current block cipher standard is AES with key sizes of 128, 192 or 256 bits. The corresponding standard for a cryptographic hash is SHA-2 which specifies 256-bit, 384-bit and 512-bit hashes for use with AES, plus a 224-bit hash for use with Triple DES. |