What are the disadvantages of SHA3?

IToolkit August 24, 2023 3 min read Hash
Explore the disadvantages of SHA3, including its limited adoption, computational complexity, vulnerability to length extension attacks, and more.
On this page
What are the disadvantages of SHA3?

Excerpt

Explore the disadvantages of SHA3, including its limited adoption, computational complexity, vulnerability to length extension attacks, limited hardware support, limited research and analysis, lack of historical track record, and more.

Introduction

SHA3 is the latest secure hash algorithm standard published by NIST in 2015. It was designed through an open competition to provide robust security against attacks like those faced by older standards like SHA1 and SHA2. However, despite its strong security promises, SHA3 does come with some notable disadvantages. In this post, we will explore some of the key drawbacks and limitations of the SHA3 hashing algorithm.

Understanding the weaknesses in any cryptographic primitive is important to make informed decisions regarding its suitability and scope of usage. This allows organizations to evaluate SHA3 objectively by weighing its strengths against shortcomings.

Lack of widespread adoption

One major disadvantage of SHA3 is its relatively low adoption rate so far compared to older and more established algorithms like SHA2. This is partly due to the recency of the SHA3 standard which means integration with applications and software libraries is still ongoing. The radical differences in the Keccak design of SHA3 compared to SHA2 has also contributed to the adoption lag.

Slow uptake within the cryptography community affects the availability of robust implementations, optimized software libraries and compatible hardware which further hampers adoption.

Computational complexity

The SHA3 algorithm utilizes significantly more complex computations in its sponge construction and related cryptographic primitives compared to SHA2. This translates to relatively poor performance in software and hardware implementations.

In resource-constrained environments like IoT devices, the computational overhead of SHA3 can be prohibitive making lighter algorithms like SHA2 or BLAKE2 more suitable.

Vulnerability to length extension attacks

The hash-then-MAC approach used in the SHA3 construction makes it vulnerable to length extension attacks. An attacker can append malicious data to a valid message and generate a seemingly valid authentication code without knowing the secret key. This allows forged messages to be constructed that pass integrity checks.

SHA2 and BLAKE2 are not susceptible to these attacks due to the HMAC nested construction used.

Limited hardware support

Since SHA3 is a recent standard, dedicated hardware implementations are still under development. FPGA and ASIC solutions for SHA3 are not widely available and relatively immature compared to highly optimized hardware for SHA2 algorithms.

Limited hardware support hampers the usage of SHA3 in specialized systems and applications where hardware crypto accelerators are preferred for performance reasons.

Limited research and analysis

The SHA3 algorithm has not undergone the same rigorous cryptanalysis as older and widely deployed algorithms like SHA2, AES etc. While no theoretical vulnerabilities have been identified so far, the relatively limited scrutiny from researchers allows the possibility of undiscovered weaknesses.

More extensive peer review and analysis over time is required to firmly establish the security guarantees of SHA3 against both classical and quantum attacks.

Lack of historical track record

SHA2 has over 15 years of proven resilience against attacks in the real-world under widespread deployment. In contrast, SHA3 lacks this extensive track record which precludes a high degree of confidence in its long-term security against new and evolving attack vectors.

The longevity of new algorithms can only be firmly established over an extended period of adversarial scrutiny and sustained attacks.

Conclusion

SHA3 represents a new era in cryptographic hash security. However, adoption inertia, performance overhead, length extension flaws, immature implementations and limited analysis represent some current disadvantages. These drawbacks may potentially get mitigated over time with further maturation.

Going forward, SHA3 is likely to occupy a niche role in highly security-centric applications rather than fully replace older standards. Organizations must assess the tradeoffs based on their specific requirements to determine the appropriate secure hash algorithm.

Mia August 29, 2023 4 min read Blog
Where do the beginning of most SHA hashes fall?
Where do the beginning of most SHA hashes fall?
Hash
Explore the probability distribution of the beginning bits in SHA hashes and understand its implications in cryptography and security measures.
Amanda August 16, 2023 4 min read Blog
How are Cryptographic Hash Functions Developed?
How are Cryptographic Hash Functions Developed?
Hash
Explaining the step-by-step process followed by cryptographers to design secure and efficient cryptographic hash functions.
Mia August 16, 2023 3 min read Blog
What is the definition of complexity hashing?
What is the definition of complexity hashing?
Hash
Explanation of complexity hashing and analyzing time/space complexities of hashing algorithms to select optimal hashing schemes.
IToolkit August 30, 2023 4 min read Blog
How to Get a Text from a SHA-256 Hash?
How to Get a Text from a SHA-256 Hash?
Hash Encoding Decoding
This blog examines why reversing a SHA-256 hash to get the original text is considered practically impossible with current technology.
IToolkit August 30, 2023 4 min read Blog
Is it Possible to Crack SHA-256?
Is it Possible to Crack SHA-256?
Hash
Examines the strength of the SHA-256 cryptographic hash function and analyzes the feasibility of cracking it given current computing capabilities.
IToolkit August 30, 2023 3 min read Blog
Which one is more secure between AES and Sha-256? Why?
Which one is more secure between AES and Sha-256? Why?
Cryptography Hash
Comparing AES and SHA-256: strengths, vulnerabilities, and suitable scenarios for informed cryptographic application decisions.
IToolkit August 30, 2023 3 min read Blog
What is the best algorithm for compressing a hash?
What is the best algorithm for compressing a hash?
Hash Encoding Decoding
Exploring the best algorithm for compressing a hash in various applications. Learn about hash functions, hash compression, and common compression algorithms.
IToolkit August 30, 2023 3 min read Blog
What data produces a SHA256 hash of all zero bits?
What data produces a SHA256 hash of all zero bits?
Hash Encoding Decoding
Understanding SHA256 hash, its properties, and the theoretical possibility of finding a data input that produces a SHA256 hash of all zero bits.
IToolkit August 30, 2023 4 min read Blog
Does BitTorrent Support SHA-2 256/512 or Future SHA-3?
Does BitTorrent Support SHA-2 256/512 or Future SHA-3?
Hash
Explore the support of SHA-2 256/512 and future SHA-3 in BitTorrent. Learn about the importance of hash algorithms in secure file sharing.
IToolkit August 29, 2023 4 min read Blog
When Will Future Computers Crack SHA-256?
When Will Future Computers Crack SHA-256?
Hash
Exploring the future of computer processing power and its potential impact on cracking SHA-256 algorithm in cryptography.