securitycryptographypbkdf2hashalgorithm

Does PBKDF2 generate the unique hash?


I want to generate a hash of some data. Going through some hash algorithms I could find out bcrypt and PBKDF best suitable for my application. There might be the case that with the different data algorithm generates a same hash (like in MD5, it could generate the same hash for different sort of data).

By the reviews of many expertise, bcrypt is the best secure hash algorithm and its provides uniqueness among different hashes.

But, does the PBKDF2 provides the uniqueness for hash?

Edit 1

I need to generate hash with the same input data (hash key will be generated more than one time for same input) but it should not generate same hash for different input data (might happens in some hash algorithms).


Solution

  • Algorithms such as one of the SHA-2 suffice. The hash generated is not unique to the message. It is even true that there are an infinite number of messages that hash to the same value. The trick is that it is impossible to find one of the other messages that create this hash.

    The chance of generating a collision when generating two hashes with different messages is equal to 1/2^256 for SHA-256. You could however generate and store hashes and then calculate the chance that one of all the possible pairs is identical. In that case the birthday problem is in effect. That's why a hash only provides half the bits of security. So the chance of generating a collision giving 2^128 hashes is (about) 1/2^128 or 1 in 340282366920938463463374607431768211456. This is why you only have to worry about collisions in broken hash functions such as MD5 (and possibly SHA-1 in the near future).

    Actually the inner state of PBKDF2 is the same as the internal hash that is used. Using PBKDF2 (besides being a Key Derivation Function instead of a hash) won't help you at all. It is just as vulnerable (or rather, not vulnerable) to collisions as the inner hash.