Why is SHA-512 limited to an input of $2^{128}$ bits?
Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?
hash sha-512
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
asked Dec 9 '18 at 22:15
w0f
1483
|
show 1 more comment
Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?
hash sha-512
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
asked Dec 9 '18 at 22:15
w0f
1483
9
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
– poncho
Dec 9 '18 at 23:15
1
Universe has approximately $10^{80} = 2^{256}$ atoms.
– kelalaka
Dec 9 '18 at 23:43
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
– poncho
Dec 10 '18 at 5:36
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
– kelalaka
Dec 10 '18 at 7:15
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
– forest
Dec 10 '18 at 9:02
|
show 1 more comment
Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?
hash sha-512
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
asked Dec 9 '18 at 22:15
w0f
1483
Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?
hash sha-512
hash sha-512
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
asked Dec 9 '18 at 22:15
w0f
1483
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
asked Dec 9 '18 at 22:15
w0f
1483
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
edited Dec 10 '18 at 21:23
kelalaka
5,49622040
5,49622040
asked Dec 9 '18 at 22:15
w0f
1483
asked Dec 9 '18 at 22:15
w0f
1483
asked Dec 9 '18 at 22:15
w0f
1483
1483
9
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
– poncho
Dec 9 '18 at 23:15
1
Universe has approximately $10^{80} = 2^{256}$ atoms.
– kelalaka
Dec 9 '18 at 23:43
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
– poncho
Dec 10 '18 at 5:36
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
– kelalaka
Dec 10 '18 at 7:15
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
– forest
Dec 10 '18 at 9:02
|
show 1 more comment
9
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
– poncho
Dec 9 '18 at 23:15
1
Universe has approximately $10^{80} = 2^{256}$ atoms.
– kelalaka
Dec 9 '18 at 23:43
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
– poncho
Dec 10 '18 at 5:36
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
– kelalaka
Dec 10 '18 at 7:15
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
– forest
Dec 10 '18 at 9:02
9
9
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
– poncho
Dec 9 '18 at 23:15
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
– poncho
Dec 9 '18 at 23:15
1
1
Universe has approximately $10^{80} = 2^{256}$ atoms.
– kelalaka
Dec 9 '18 at 23:43
Universe has approximately $10^{80} = 2^{256}$ atoms.
– kelalaka
Dec 9 '18 at 23:43
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
– poncho
Dec 10 '18 at 5:36
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
– poncho
Dec 10 '18 at 5:36
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
– kelalaka
Dec 10 '18 at 7:15
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
– kelalaka
Dec 10 '18 at 7:15
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
– forest
Dec 10 '18 at 9:02
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
– forest
Dec 10 '18 at 9:02
|
show 1 more comment
4 Answers
4
active
oldest
votes
The standard FIPS.180-4 defines a padding scheme that limits the upper input size.
Then append the 128-bit block that is equal to the number $l$ expressed
using a binary representation.
Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
3
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
add a comment |
Considering SHA-512 has a higher output size
Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.
answered Dec 10 '18 at 9:18
forest
2,649931
add a comment |
This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.
answered Dec 9 '18 at 22:41
gammatester
9251711
add a comment |
The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.
"The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:
"Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".
"$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".
"How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".
"A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".
"Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".
While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?
answered Dec 10 '18 at 5:23
Rob
230128
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64714%2fwhy-is-sha-512-limited-to-an-input-of-2128-bits%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
The standard FIPS.180-4 defines a padding scheme that limits the upper input size.
Then append the 128-bit block that is equal to the number $l$ expressed
using a binary representation.
Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
3
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
add a comment |
The standard FIPS.180-4 defines a padding scheme that limits the upper input size.
Then append the 128-bit block that is equal to the number $l$ expressed
using a binary representation.
Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
3
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
add a comment |
The standard FIPS.180-4 defines a padding scheme that limits the upper input size.
Then append the 128-bit block that is equal to the number $l$ expressed
using a binary representation.
Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
The standard FIPS.180-4 defines a padding scheme that limits the upper input size.
Then append the 128-bit block that is equal to the number $l$ expressed
using a binary representation.
Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
answered Dec 9 '18 at 22:41
kelalaka
5,49622040
5,49622040
3
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
add a comment |
3
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
3
3
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
Which is an artifact of Merkle-Damgaard construct
– DannyNiu
Dec 10 '18 at 2:26
add a comment |
Considering SHA-512 has a higher output size
Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.
answered Dec 10 '18 at 9:18
forest
2,649931
add a comment |
Considering SHA-512 has a higher output size
Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.
answered Dec 10 '18 at 9:18
forest
2,649931
add a comment |
Considering SHA-512 has a higher output size
Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.
answered Dec 10 '18 at 9:18
forest
2,649931
Considering SHA-512 has a higher output size
Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.
answered Dec 10 '18 at 9:18
forest
2,649931
answered Dec 10 '18 at 9:18
forest
2,649931
answered Dec 10 '18 at 9:18
forest
2,649931
answered Dec 10 '18 at 9:18
forest
2,649931
2,649931
add a comment |
add a comment |
This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.
answered Dec 9 '18 at 22:41
gammatester
9251711
add a comment |
This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.
answered Dec 9 '18 at 22:41
gammatester
9251711
add a comment |
This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.
answered Dec 9 '18 at 22:41
gammatester
9251711
This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.
answered Dec 9 '18 at 22:41
gammatester
9251711
answered Dec 9 '18 at 22:41
gammatester
9251711
answered Dec 9 '18 at 22:41
gammatester
9251711
answered Dec 9 '18 at 22:41
gammatester
9251711
9251711
add a comment |
add a comment |
The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.
"The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:
"Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".
"$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".
"How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".
"A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".
"Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".
While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?
answered Dec 10 '18 at 5:23
Rob
230128
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
add a comment |
The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.
"The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:
"Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".
"$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".
"How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".
"A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".
"Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".
While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?
answered Dec 10 '18 at 5:23
Rob
230128
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
add a comment |
The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.
"The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:
"Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".
"$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".
"How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".
"A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".
"Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".
While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?
answered Dec 10 '18 at 5:23
Rob
230128
The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.
"The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:
"Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".
"$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".
"How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".
"A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".
"Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".
While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?
answered Dec 10 '18 at 5:23
Rob
230128
answered Dec 10 '18 at 5:23
Rob
230128
answered Dec 10 '18 at 5:23
Rob
230128
answered Dec 10 '18 at 5:23
Rob
230128
230128
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
add a comment |
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
– peterh
Dec 10 '18 at 6:44
add a comment |
Thanks for contributing an answer to Cryptography Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64714%2fwhy-is-sha-512-limited-to-an-input-of-2128-bits%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
9
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
– poncho
Dec 9 '18 at 23:15
1
Universe has approximately $10^{80} = 2^{256}$ atoms.
– kelalaka
Dec 9 '18 at 23:43
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
– poncho
Dec 10 '18 at 5:36
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
– kelalaka
Dec 10 '18 at 7:15
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
– forest
Dec 10 '18 at 9:02