Clever Geek Handbook

Hash lengths

When referring to the length of a hash value like sha1 or md5 in PHP, is it correct to interpret this as the size of the hash in memory, rather than the number of characters present in the literal?

+3


source to share


3 answers


This is the minimum number of bits required to store a hash unambiguously.



>>> len(hashlib.md5('foo').digest()) * 8
128
>>> len(hashlib.sha1('foo').digest()) * 8
160
>>> len(hashlib.sha512('foo').digest()) * 8
512
0


source


Yes Yes. However, this size is closely related to the number of characters in the string — if you get a raw string, you get 1 character per 8 bits; if you get hex digits (default) you get 1 character by 4 bits.



+2


source


The main output of a secure hash function is always specified in bits. So when it comes to the output of a hash function, the cryptographer always talks about, for example, 128 bits for the broken MD5 algorithm, 160 bits for SHA1, and obviously 256 bits for SHA-256.

Most cryptographic APIs, however, only work with bytes. This means that if there is a specific method that specifies the size of the hash, then the size in bytes is most often returned. Thus, for the above algorithms it will be 16, 20 and 32 bytes.

Of course bytes are returned, for example. hexadecimals, then the length in characters of the string will be twice as long. The string length must return 32, 40, or 64 characters. If this translates to the same number of bytes depends on the character encoding (e.g. using UTF-16 doubles the number of bytes).

Hash functions have a lot of internal state, so the number of bytes executed by the current implementation is much higher than the number of bits in the output. It's not nearly as high as you would notice on a modern PC.

0


source






More articles:


All Articles