Which of the following algorithms has well documented collisions? (Select TWO).
A.
AES
B.
MD5
C.
SHA
D.
SHA-256E. RSA
Explanation:
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer
recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of
Standards and Technology said, “Federal agencies should stop using SHA-1 for…applications that require
collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these
applications after 2010″, though that was later relaxed.
Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs
does not give the same output.
Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that
were once thought to be collision resistant were later broken. MD5 and SHA-1 in particular both have
published techniques more efficient than brute force for finding collisions.
Incorrect Answers:
A: AES has much fewer hash collisions compared to both MD5 and SHA.
D: SHA-256 (also known as SHA-2) has much fewer hash collisions compared to both MD5 and SHA.
E: RSA has much fewer hash collisions compared to both MD5 and SHA.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 250, 252, 255, 255-256