SHA-3, originally known as Keccak is a cryptographic hash function/algorithms designed by Guido Bertoni, Joan Daemen, Michaël Peeters, and Gilles Van Assche, building upon RadioGatún. SHA-3 uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly permuted.
Questions tagged [sha-3]
15 questions
60
votes
4 answers
What is SHA-3 and why did we change it?
On the 2nd of October NIST decided that SHA-3 is the new standard hashing algorithm, does this mean we need to stop using SHA-2 as it is not secure?
What is this SHA-3 anyway?
Lucas Kauffman
- 54,169
- 17
- 112
- 196
15
votes
2 answers
How does SHA3 (Keccak & SHAKE) compare to SHA2? Should I use non-SHAKE parameters?
Keccak is the winner of the SHA3 competition. Since Keccak is highly customizable (presumably for security/memory/time/speed tradeoffs) there does seem to be some controversy around how Keccak compares to SHA2. SHAKE appears to be a set of…
makerofthings7
- 50,090
- 54
- 250
- 536
12
votes
3 answers
Should we be using SHA3? (2017)
This question is a duplicate, however I feel that it's necessary given the question. The original was posted in 2012: about 5 years ago before NIST had even published the final specification.
The question is more or less the same as the original.…
Awn
- 480
- 4
- 15
8
votes
4 answers
Shortest SHA-3 output
I noticed in the new SHA-3 standard that it has a variable output size. Knowing that longer output is obviously better (higher entropy), what is theoretical the lower limit of the output size? Can my hashed output, e.g. be 8 bits long? I know for…
SCBuergel
- 247
- 2
- 6
8
votes
2 answers
Should we start using SHA-3?
Possible Duplicate:
What is SHA-3 and why did we change it?
SHA-3 has been finalized! So, what does secuirty.se think about the new hash funciton? Should we start replacing all uses of md5/sha1/sha2 with Keccak? Is it too soon? Or do you…
rook
- 46,916
- 10
- 92
- 181
5
votes
1 answer
How does combining SHA256 with RIPE-MD160 compare to SHA256 + SHA-3?
Bitcoin stores its addresses as a combined SHA256 + RIPE-MD160 hash. Is it correct to assume this is done to prevent a failure in the algorithm?
Since SHA3 was designed to be an alternative to SHA256, and uses a completely different methodology,…
makerofthings7
- 50,090
- 54
- 250
- 536
2
votes
3 answers
Password-hash proofing SHA-3
I am in a situation where I need to harden a password hash, but not allowed to bring in any extra dependencies, so I am pretty much forced to do the one thing everyone seems to advise against - roll out my own implementation.
The SHA family, being…
dtech
- 129
- 4
2
votes
2 answers
Is SHA-3 used in a Password creator like this safe to use?
I currently use the SHA-3 Hash Algorithms to create passwords through a given Set of Characters.
The User Flow:
User enters his Masterpassword (M), Sitename (S), Password length (PL) and choose the Characters the password should have…
Serverfrog
- 586
- 7
- 18
1
vote
1 answer
What do algorithms `128000` and `256000` do in `sha3sum`?
I wanted to try new sha3sum so I installed libdigest-sha3-perl on Debian 10. After reading man page I quickly realized that:
sha3sum --algorithm 256 test.txt
produces similar output to sha256sum and that
sha3sum --algorithm 512 test.txt
produces…
Ben Hoven
- 11
- 1
1
vote
2 answers
PHP password_hash (bcrypt) vs sha-3
password_hash() is the recommended function in PHP to generate password hashes. The standard usage is password_hash($password, PASSWORD_DEFAULT); and default hash with PASSWORD_DEFAULT is bcrypt. The benefit is using the built-in password_verify()…
Anna Völkl
- 253
- 2
- 7
1
vote
1 answer
How to best hash patient names to generate a pseudonym?
I am working on a data acquisition and preprocessing tool for a brain tumor database. The tool preprocesses the data and harmonizes it so it can be united in a one big database. Due to privacy restrictions, data protection laws and our own morals we…
florian
- 119
- 5
0
votes
1 answer
Is is safe to pass an API key in a HMAC hash?
I have 2 websites: a.com and b.com
To avoid using SAML for Single-Sign-On and making things complicated, I've taken this approach:
a.com is the identity provider. All users will be asked to sign in on a.com
b.com will receive information from a.com…
Zach
- 3
- 3
0
votes
1 answer
How are these transaction fingerprints colored?
For those unfamiliar, blockchains have two main types of data structures propagated in their networks: blocks and transactions. Each block and transaction has a hash, just like key fingerprints. The following block explorer called Blockchair uses…
Expectator
- 171
- 4
0
votes
1 answer
Optionally using Sha-3 before scrypt depending on password length?
First note: This is on-disk usage only, never transmitted over a server.
How secure, or additionally secure, is it to sha-3 (512) a password if said password is below 128 characters, THEN proceeding to scrypt it?
Is it more secure than straight…
-4
votes
1 answer
Using 128-bits as an input for hashing using SHAKE-3 (128-output)
I would like to know the time estimate for a brute force attack to break my input (128-bit) which means 2^128 possibilities are there. Any online tool for that or any article which talks about that?
Al-Ani
- 1
- 2