I am using hash for authenticating the signature of the message. since the hash

Question

I am using hash for authenticating the signature of the message. since the hash will be part of a url that is used for QR code, I would like to keep the hash as short as possible in order to generate a less complicated qr code which is easy to scan.

Now I am using md5 hmac to compute the hash which already generates a shorter one(32) than SHA256. But it isn't short enough and I am thinking of truncating the hash to get a even shorter one. say length of 16.

I would like to get your opinion on how is this method, does it make the hash easily cracked practically? or if there is better method?

thanks!

Explanation / Answer

Truncating a well designed cryptographic hash digest should not result any security weaknesses other than a reduction in the collision space. As these hash algorithms have a key design requirement of being uniformly distributed across the hash space.

All other things equal, using a more modern hash algorithm (SHA) and truncating it is safer than using an older one (MD5).

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.