What's the difference between the hash algorithms SHA-2 and SHA-3?

hash cryptography cryptographic-hash-function
user1926193 picture user1926193 · Jan 16, 2013 · Viewed 20.9k times · Source

I know SHA-224, SHA-256, SHA-384 and SHA-512 are all part of the SHA-2 hash function family. But there is now also a new SHA-3 hash algorithm.

Could you please tell me the difference between SHA-2 and SHA-3? When and why should I use SHA-3? And which secure hash algorithm(s) does SHA-3 actually include?

Answer

Ilmari Karonen picture Ilmari Karonen · Jan 16, 2013

SHA-3, also known as Keccak (its original name before it was chosen as the winner of the NIST SHA-3 competition), is a completely new hash algorithm that has nothing to do with SHA-1 and SHA-2.

Indeed, one of the stated reasons why NIST chose Keccak over the other SHA-3 competition finalists was its dissimilarity to the existing SHA-1/2 algorithms; it was argued that this dissimilarity makes it a better complement to the existing SHA-2 algorithms (which are still considered secure and recommended by NIST), as well as making it less likely that any future cryptanalytic breakthroughs would compromise the security of both SHA-2 and SHA-3.

For some background, the SHA-3 hash function competition was originally announced by NIST in 2007, after some new cryptanalytic attacks had called the security of SHA-1 into question. While the attacks on SHA-1 were mainly of theoretical interest back then, it was feared that further improvements on these techniques might allow practical collision-finding attacks on SHA-1, and that the same techniques might also be applied against SHA-2, which shares a similar design to SHA-1. Thus, NIST decided to hold a competition to select a successor for SHA-2, which would be named SHA-3.

However, while a real world collision attack on SHA-1 was finally demonstrated in 2017, the feared attacks on SHA-2 have failed to materialize. It's nowadays generally accepted that breaking SHA-2 won't be as easy as it seemed ten years ago, and thus all the variants of SHA-2 are still considered secure for the foreseeable future. However, since NIST had promised that SHA-3 would be chosen in 2012, and since a lot of people had spent quite a bit of time and effort on submitting and evaluating new hash functions for the competition, and since there were some really nice designs among the finalists, it would've seemed a shame not to choose any of them as the winner after all. So NIST decided to select Keccak as SHA-3, and to recommend it as an alternative (not successor) to the SHA-2 hash functions.

What all that means is that, if you want a secure and standardized hash function, you can choose either SHA-2 or SHA-3. If you're feeling really paranoid, you may even want to use both, and to design your cryptosystem so that it remains secure even if either one of the hash functions is broken.

Related questions

MD5 is 128 bits but why is it 32 characters?

I read some docs about md5, it said that its 128 bits, but why is it 32 characters? I can't compute the characters. 1 byte is 8 bits if 1 character is 1 byte then 128 bits is 128/8 = 16 bytes right? EDIT: SHA-1 produces 160 bits, so how many …

Read More
Converting a md5 hash byte array to a string

How can I convert the hashed result, which is a byte array, to a string? byte[] bytePassword = Encoding.UTF8.GetBytes(password); using (MD5 md5 = MD5.Create()) { byte[] byteHashedPassword = md5.ComputeHash(bytePassword); } I need to convert byteHashedPassword to a string.

Read More
Which cryptographic hash function should I choose?

The .NET framework ships with 6 different hashing algorithms: MD5: 16 bytes (Time to hash 500MB: 1462 ms) SHA-1: 20 bytes (1644 ms) SHA256: 32 bytes (5618 ms) SHA384: 48 bytes (3839 ms) SHA512: 64 bytes (3820 ms) RIPEMD: 20 bytes (7066 ms) Each of these functions performs differently; MD5 being the fastest …

Read More