Hash Security

Output Length Matters

A hash function’s security depends on its output size.

More bits = more possible outputs = harder to find collisions.

The Numbers

Output SizePossible OutputsPre-image SecurityCollision Security
128-bit21282^{128}21282^{128}2642^{64}
256-bit22562^{256}22562^{256}21282^{128}
512-bit25122^{512}25122^{512}22562^{256}

Collision security is always half the bit length (birthday attack).

What’s Achievable?

OperationsFeasibility
2402^{40}Laptop in hours
2562^{56}Cluster in days
2642^{64}Nation-state budget
2802^{80}Barely possible
21282^{128}Impossible

2642^{64} has been done. That’s why 128-bit hashes are broken for collision resistance.

21282^{128} is beyond reach. That’s why 256-bit hashes are secure.

The Rule

For nn-bit security, you need a 2n2n-bit hash.

  • Want 128-bit collision security? Use SHA-256.
  • Want 256-bit collision security? Use SHA-512.

Brute Force Attack

The simplest attack: try every possible input.

Against pre-image resistance:

  1. Pick random inputs
  2. Hash each one
  3. Check if it matches the target hash
  4. Repeat until found

With a 256-bit hash, you’d need ~22562^{256} attempts.

The universe has ~22652^{265} atoms. You’d run out of time and energy.

Why Brute Force Works (Eventually)

Given enough attempts, you will find a match.

But “enough” can mean trillions of years.

Hash SizeAttempts NeededTime at 101210^{12}/sec
64-bit2642^{64}~5 hours
128-bit21282^{128}~101610^{16} years
256-bit22562^{256}~105210^{52} years

The universe is ~101010^{10} years old.

The Takeaway

  • Short hashes (128-bit) are vulnerable to birthday attacks
  • Long hashes (256-bit+) resist brute force for the foreseeable future
  • Always use at least SHA-256 for security applications