|Which Flavor of SHA-3 Should We Use for Forensics?
||[Nov. 12th, 2012|11:30 am]
Now that the SHA-3 algorithm has been selected, it's time to get serious about using it in computer forensics. Before that can happen, however, we need to decide on which flavor of SHA-3 we should be using.
There are four flavors. They use the same algorithm but have different input parameters. The result is four different hashes with four different output lengths. These four variants, SHA-3-224, SHA-3-256, SHA-3-384, and SHA-3-512, have outputs of 224, 256, 384, and 512 bits respectively. Although this may seem odd, it's the same situation as with the SHA-2 standard. There are four flavors of the SHA-2 algorithm, SHA-2-224, SHA-2-256, SHA-2-384, and SHA-2-512. For better or worse, we've been calling SHA-2-256 just "SHA-256" and SHA-2-512 "SHA-512".
You can see some sample SHA-3 test vectors (i.e. sample hashes) on the SHA-3 Wikipedia entry and at http://www.di-mgt.com.au/sha_testvectors.html.
My goal is to have a default "sha3deep" which computes hashes using the default length for forensics SHA-3 hashes, like this, assuming the standard was SHA-3-256:
$ sha3deep abc.txt
A secondary goal would be to have a way to generate SHA-3 hashes for the other flavors too. Here are some possible options for that:
Have a command line flag to indicate the flavor:
$ sha3deep -L 512 [FILES]
Having separate commands for each flavor:
$ sha3-512-deep [FILES]
What do you think should be the default bit-length for SHA-3 hashes? Which option would you prefer for computing the other flavors using the Hashdeep suite? Let me know by commenting below, tweeting at me, or sending an email to firstname.lastname@example.org.