Which of the following algorithms has well documented collisions? (Select TWO).
Correct Answer: B,C
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, “Federal agencies should stop using SHA-1
for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010”, though that was later
Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1
in particular both have published techniques more efficient than brute force for finding collisions.
A: AES has much fewer hash collisions compared to both MD5 and SHA.
D: SHA-256 (also known as SHA-2) has much fewer hash collisions compared to both MD5 and SHA.
E: RSA has much fewer hash collisions compared to both MD5 and SHA.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 252, 255, 255-256