Quelle est la solidité de l’algorithme de hash SHA256?
Le site www.ecrypt.eu.org (ECRYPT II) diffuse un document D.SPA.17.pdf (sans licence apparente) récapitulant les propriétés d’algorithmes cryptographiques et de pratiques. Ce document récapitule les travaux sur ces algorithmes et méthodes, et évalue la solidité de ceux-ci.
Le site www.keylength.com référence les recommandations de différents organismes gouvernementaux et notamment celles de l’ANSSI. Les recommandations de l’ANSSI sont disponibles dans le document RGS_B_1.pdf.
Conclusion, SHA256 est adapté à l’utilisation que l’on en fait aujourd’hui dans nebule.
Extrait du document D.SPA.17.pdf concernant SHA256 :
10.7 SHA-224, SHA-256
Deï¬nition: NIST FIPS 180-2, [199] (Also part of Suite-B [218], ISO/IES 10118-3).
Parameters: 224-bit and 256-bit hash outputs respectively, max input size 264 − 1 bits.
Security: As claimed; collision search requires 2^112 and 2^128 iterations of the compression function respectively.
Deployment: Likely to become widespread.
Implementation:
Public analysis: Cryptrec report [68]. See also [96, 112].
Known weakness:
Comments: Collisions on SHA have been reported. While SHA has some similarities, it is also a signiï¬cantly different design to SHA-224 and SHA-256. SHA-224 is identical to SHA-256, except that it uses a different IV and truncates the output. Simpliï¬ed variants of SHA-256 have been analyzed in [180, 190, 289].
Practical collision attacks for up to 24 (out of 64) steps have been reported [122, 246]. Preimage attacks for SHA-256 reduced to 43 (out of 64) steps have also been reported [15, 105].
Copie du document :
– D.SPA.17 (SHA256 : a1f20d3625c08cbd014f58af54c21dc335f65cd3b6a0f899b3129aa8dd8249dc)
-Â RGS_B_1 (SHA256 : bbebb1b9c21fa5c572e98c1af327db5799fed27d6b03d492462a5ce440a2196d)