Why isn't CRC used as a hashfunction?

Mia August 18, 2023 3 min read Hash
CRC is not optimal as a hash function compared to algorithms like MD5 and SHA due to limitations in uniformity, determinism, and collision resistance.
On this page
Why isn't CRC used as a hashfunction?

Excerpt

Despite CRC’s effectiveness in error detection, it is unsuitable as a hash function because of poor uniformity, determinism issues, and higher collision vulnerability.

Introduction

Hash functions are essential in many areas of computer science for mapping data to fixed-size values. On the other hand, Cyclic Redundancy Check (CRC) is commonly used for detecting accidental errors in data transmission and storage. Despite the widespread use of CRC in error checking, it is not well suited as a cryptographic hash function.

This article will provide an overview of CRC and its properties, discuss the requirements of hash functions, and explain the key limitations that prevent using CRC effectively as a hash algorithm.

Understanding CRC

Cyclic Redundancy Check (CRC) is a common technique for detecting accidental changes to raw data. It works by calculating a checksum value from the original data and appending it to the message.

The receiver then recomputes the CRC checksum and compares it to the received value to verify data integrity and accuracy. If the checksums do not match, it indicates the data was corrupted or altered in transmission.

Some advantages of CRC are efficient computation, ease of implementation in hardware and software, and high effectiveness in detecting common errors.

Hash Functions and Their Requirements

A hash function converts an input into a short fixed-size hash value in a one-way process. Hash functions have extensive uses in computer science, such as:

  • Cryptography - For password storage and data integrity
  • Indexing data - Efficient lookups and retrieval
  • Fingerprinting - Uniquely identify files and data

Key requirements of a cryptographically secure hash function:

  • Uniformity - Outputs appear uniformly distributed
  • Determinism - Same input gives same hash output
  • Collision resistance - Difficult to find inputs with same hash

Limitations of CRC as a Hash Function

Although CRC is great for error detection, it has some drawbacks that make it a poor choice as a cryptographic hash function:

Lack of Uniformity

CRC results in similar checksums for similar messages. This leads to non-uniformity and clustering unlike random hash function outputs.

Determinism Issues

The CRC checksum is solely determined by the input data. This makes it more predictable and vulnerable to intentional tampering.

Collision Vulnerability

The shorter checksum length, usually 16 or 32 bits, leads to higher chances of collisions for different inputs. This increases attack vectors.

Alternatives to CRC for Hashing

Some widely used hash functions that overcome the limitations of CRC are:

MD5

Produces a 128-bit hash value and is designed for speed and uniformity.

SHA-1

Generates a 160-bit hash with good collision resistance and security.

SHA-256

SHA-256 outputs a longer 256-bit hash for enhanced security against brute force attacks.

These hash functions are designed to provide good avalanche effect, one-way operation, uniform outputs, and collision resistance for cryptography and data applications.

Conclusion

In summary, despite the reliability of CRC for error detection, it does not satisfy important properties required of a cryptographic hash function. The poor uniformity, predictable outputs, and higher collision chances make CRC unsuitable for hashing.

Using dedicated hash algorithms like MD5, SHA-1, and SHA-256 that are engineered for good avalanche effect, brute force resistance, and uniformity is essential for security. Understanding the limitations of CRC highlights the importance of using appropriate hash functions based on the application needs.

Mia August 30, 2023 4 min read Blog
How Secure is SHA1? What are the Chances of a Real Exploit?
How Secure is SHA1? What are the Chances of a Real Exploit?
Hash
Examines the security of the SHA1 hash function and the feasibility of practical attacks exploiting vulnerabilities like collision resistance in the future.
Mia August 30, 2023 3 min read Blog
How can I write a sha1 hash function from scratch?
How can I write a sha1 hash function from scratch?
Hash Encoding Decoding
Step-by-step guide to implementing a basic SHA1 hash function from scratch covering input processing, initialization, computation rounds and output.
Mia August 30, 2023 3 min read Blog
How to go about decrypting SHA's?
How to go about decrypting SHA's?
Hash
Learn about the process of decrypting SHA hashes and the tools used for it. Explore the ethical considerations and best practices for password security.
Mia August 29, 2023 3 min read Blog
What is the SHA-1 Algorithm and How is it Used in C++?
What is the SHA-1 Algorithm and How is it Used in C++?
Hash Encoding Decoding
Provides a comprehensive explanation of the SHA-1 cryptographic hash algorithm and demonstrates its implementation in C++ with detailed code examples.
Mia August 29, 2023 3 min read Blog
What is Hashing, and How Does it Differ From Encryption?
What is Hashing, and How Does it Differ From Encryption?
Hash Encryption
Explains the key differences between hashing and encryption in purpose, process, output, use cases, benefits and limitations.
Mia August 29, 2023 3 min read Blog
Why was LinkedIn using unsalted SHA-1 to hash passwords?
Why was LinkedIn using unsalted SHA-1 to hash passwords?
Hash
This article examines why LinkedIn used insecure unsalted SHA-1 for password hashing, the risks it posed, LinkedIn's response, and lessons learned.
Mia August 29, 2023 4 min read Blog
Where do the beginning of most SHA hashes fall?
Where do the beginning of most SHA hashes fall?
Hash
Explore the probability distribution of the beginning bits in SHA hashes and understand its implications in cryptography and security measures.
Mia August 24, 2023 4 min read Blog
How can an encryption algorithm (SHA) be broken?
How can an encryption algorithm (SHA) be broken?
Hash
Learn how an encryption algorithm (SHA) can be broken and the potential vulnerabilities in SHA. Understand the importance of data security and encryption.
Mia August 24, 2023 3 min read Blog
Has the SHA-256 encryption shown any vulnerability?
Has the SHA-256 encryption shown any vulnerability?
Hash
SHA-256 has demonstrated no significant real-world vulnerabilities since being standardized over 20 years ago due to its conservative design.
Mia August 24, 2023 3 min read Blog
What is a Simple, Secure Mental Hashing Algorithm?
What is a Simple, Secure Mental Hashing Algorithm?
Hash Encoding Decoding
This article explains mental hashing algorithms, provides an example algorithm, and discusses considerations for simplicity, security, benefits and limitations.