-1

I am currently using a CRC32 hash to generate a locality sensitive hash for some of my data. For much the same reasons as PKBDF2 makes a better choice than, say, SHA26, for hashing passwords I deliberately want to use a slow hashing function to generate the hash table from which I then construct my LSH by taking the LSB value of each individual hash. The intent is to make the task of someone who wants to attempt a brute force attack by building a large dictionary as hard as possible.

I chose CRC32 because the very well researched answer in this SE thread suggests that it is slow and does not result in too many collisions. However, that particular thread does not specifically address the quest for a SLOW hashing function so I thought I would pose my own question here. Are there other known functions that are even slower than CRC32 whilst at the same time not being too susceptible to collisions?

DroidOS
  • 101
  • 2
  • 6
    I think you are confusing "slow" as in "slower than its competitors" and "slow" as in "cryptographically designed such that it cannot possibly be sped up using GPGPU, parallelism, ASICs, and FPGAs". CRC32 is slower than its competitors because it is old and wasn't designed to be fast on today's hardware. PBKDF2 is slow because it was specifically designed as a Password-based key-derivation function (hence its name). Also note that CRC32 is not cryptographically secure. It is designed to detect *accidental* transmission errors. There is no deliberate attacker. There are no deliberate collisions – Jörg W Mittag May 03 '18 at 07:18
  • In this context cryptographic security is not relevant. The actual hash gets discarded and never makes its way into the LSH – DroidOS May 03 '18 at 07:48
  • Most hash functions are designed to be fast except those for password hashing, so if you want a slow hash function, even if you don't really need the cryptographic security, you would probably be best just using one of the password hashing functions like bcrypt, Argon, etc. There is no 'slowest', as such, because these all allow configuration of the speed so can be modified to be exactly as slow as you require. – Sean Burton May 03 '18 at 11:07
  • 1
    @SeanBurton thank you for this. Please write it up as an answer and I will accept it. It is good to have comments from people who actually read the full context of the question. Argon2 turned out to be perfect fit and it is very well documented to boot. – DroidOS May 03 '18 at 12:02

1 Answers1

2

Most hash functions are designed to be fast except those for password hashing, so if you want a slow hash function, even if you don't really need the cryptographic security, you would probably be best just using one of the password hashing functions like bcrypt, Argon, etc.

There is no 'slowest', as such, because these all allow configuration of the speed so can be modified to be exactly as slow as you require.

Sean Burton
  • 619
  • 4
  • 10