Re: Preferred hashing tools

ericgeater · ‎04-27-2020

What software tools do you use for performing file hashes? And when you hash, are you especially careful to use SHA256, or do you use MD5?

-----------
A claim is as good as its veracity.

AppDefects · ‎04-27-2020

No comment on commercial tools since our shop builds and integrates software. We rely heavily upon hash function guidance provided by NIST. Specifically, we reference FIPS 202, which specifies the new SHA-3 family of permutation-based functions based on KECCAK as a result of the “SHA-3” Cryptographic Hash Algorithm Competition.

FIPS 202 specifies:

Four fixed-length hash algorithms: SHA3-224, SHA3-256, SHA3-384, and SHA3-512; and
Two closely related, “extendable-output” functions (XOFs): SHAKE128 and SHAKE256.

Currently, only the four fixed-length SHA-3 algorithms are approved hash algorithms, providing alternatives to the SHA-2 family of hash functions.

A lot of these algorithms have found their way into the Legion of the Bouncy Castle Java cryptography APIs and FIPS mode "jars" so that makes including the functions easy.

ericgeater · ‎05-08-2020

Thanks, by the way!

-----------
A claim is as good as its veracity.

Baechle · ‎05-18-2020

Hashdeep/md5deep if I am doing manual hashes.

I run MD5 AND SHA-256.

Possible collisions on one or the other. Collisions from two different algorithms? There isn’t a number big enough to define the odds.

-Eric