Strengthening Short Hash Values

The number of bits in a cryptographic one-way hash value is usually selected so that brute-force search for a second pre-image is impossible. Sometimes, application requirements force one to use shorter and, thus, weaker hash values. Over years, increases in the attacker’s computational capacity will render any protocol that depends on such hashes insecure. In this paper, we present a simple technique called hash extension to counter the effect of increasing CPU speed. The idea is to increase the absolute computational cost for both the attacker and for the defender by some factor while keeping the ratio of the two constant. The hash-extension technique is suitable for protocols where the same hash value is verified multiple times because the defender incurs the additional cost only when the hash is created for the first time. We explain how to automatically select the critical parameters in the hash-extension algorithm and discuss its applications in cryptographically generated network addresses and in manual authentication protocols.