LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the three security properties a cryptographic hash function must satisfy?

Preimage resistance, second-preimage resistance, collision resistance — three increasingly strong properties.

Property Informal Formal
Preimage resistance Given a hash, can't find any message that produces it Given h, find m such that H(m) = h — should be infeasible
Second preimage resistance Given a message, can't find a different message with the same hash Given m₁, find m₂ ≠ m₁ such that H(m₁) = H(m₂) — infeasible
Collision resistance Can't find any two messages with the same hash Find any pair m₁ ≠ m₂ such that H(m₁) = H(m₂) — infeasible

Why three? Each guards a different threat:

  • Preimage: "An attacker sees the hash of my password; can they recover the password?" (No, if preimage-resistant.)
  • Second preimage: "An attacker has my signed contract; can they substitute a different contract that produces the same hash?" (No, if 2nd-preimage-resistant.)
  • Collision: "Can an attacker craft two documents — a benign one and an evil one — with the same hash, get me to sign the benign one, then swap?" (No, if collision-resistant.)

Birthday paradox makes collision the easiest to violate — for an n-bit hash, collision attacks need only 2^(n/2) work, vs 2^n for preimage. So SHA-256 has 128-bit collision strength but 256-bit preimage strength.

Concrete state of common hashes (2024):

Algorithm Collision attack Preimage attack
MD5 Broken (seconds on a laptop) 2¹²³ (theoretical)
SHA-1 Broken (Google's SHAttered, 2017) 2¹⁶⁰ (still strong)
SHA-256, SHA-3, BLAKE3 No practical attack No practical attack

Tip: A broken collision resistance is enough to abandon a hash for signatures and certificates — that's why CAs stopped issuing SHA-1 certificates in 2017.

From Quiz: ISF / Symmetric Cryptography | Updated: Jul 14, 2026