In former blog entries we have talked about what encryption, encoding, and hashing are and what you possibly might need checksums and hashes for. The names of several algorithms and ciphers that can be used for creating hashes or processing encryption have been mentioned as well, yet, which system should be used for which purpose?
This is the purpose of this article. Let’s have a look at different kinds of hashing and encryption ciphers you can use to produce checksums. This list is, by far, not exhaustive and only lists ciphers supported by the free online hash encryption tool available on this site.
CRC stands for cyclic redundancy check. It’s purpose is to check chunks of raw data for error and (accidental) changes. CRC’s popularity comes form it’s ability to be implemented and analyzed easily. Furthermore, the system is exceptionally good in detecting common errors.
CRC-32 is especially popular as an built-in check.
In 1995, Mark Adler invented the checksum algorithm Adler-32, which is a faster modification of the earlier Fletcher algorithms. Adler-32 checksums are created by calculating two 16-bit checksums. Afterwards, they are linked to form one 32-bit integer. Regarding reliability, one could place Adler-32 between Fletcher-16 and Fletcher-32, whereas the speed is higher in both cases. IN general, Adler-32 is a very fast algorithm, faster than the CRC equivalent as well.
The disadvantages of Adler-32 lay, as initially stated, in it’s reliability. Furthermore, checksums created this way can be forged easily and thus do not suffice to protect data against modification. The support for short messages is also one of Adler-32’s weaknesses.
Blowfish is used widely among cipher suits and encryption products for it provides a good encryption rate. The symmetric-key block cipher has been designed in 1993 as an alternative to DES. Its big break through was due to the fact that it was free to use for the public domain though, something quite unique at that time
The weaknesses of Blowfish lie within it’s liability to attacks depending on the key used. Also, files with a bigger size than 4 GB shouldn’t be encrypted using Blowfish. Nowadays, it’s successors Twofish and Threefish are gaining more and more attention.
Contrary to the 32-bit hash function Adler-32, GOST is a cryptographic hash function that supports 256-bit. It’S based on the Soviet and Russian standard GOST block cipher. It was the Soviet alternative to DES which was used in the US, both ciphers showing strong similarities in structure.
SHA-1 and it’s “brothers” was designed by the NSA. They are cryptographic hash functions with different support of bit rate. SHA-1 produces 160-bit hash values, SHA-256 256-bit, SHA-384 384-bit, and SHA-512 produces 512-bit hash values. SHA stands for “Secure Hash Algorithm”, and especially SHA-1 is widely used in a number of applications.
While SHA algorithms are not used to secure data, they have gained big success in ensuring that data remains unchanged. It is said that nobody has been able to “break” SHA-1 yet even though it is merely a consistency check.
HAVA, much like the ciphers mentioned above, is a cryptographic hash function. It can produce hashes in different lengths, varying from 128 to 256 bits. Furthermore, users of HAVAL can specify the number of rounds that are used to generate the hash.
Yet, several weaknesses of the cipher have been found in HAVAL variants which makes the usage quite questionable nowadays.
Tiger is also a cryptographic hash function, designed to run on 64-bit platforms. Different versions of Tiger (Tiger-128, Tiger-160, and Tiger-192) allow for different hash sizes. Distinctive initialization values are not defined with Tiger. The fixed amount of rounds used to create a hash with a Tiger function is 24.
Also a cryptographic hash function, SNEFRU was invented in 1990 and supports 128 and 256-bit values. Despite earlier weaknesses to attacks, the function has been developed further, resulting in quite some resistance against attacks.
Whirlpool is a cryptographic hash function as well. Developed in 2000, it was recommended for usage by the NESSIE (New European Schemes for Signatures, Integrity and Encryption) project. Whirlpool can easily be implemented, existing versions containing a version written in C and in Java. Like Blowfish, Whirlpool is also available in the public domain. One of the best known programs to use the Whirlpool algorithm is TrueCrypt.