Is there an algorithm that computes the strength of a digest alg?

Xuelei Fan at
Sun Oct 23 20:24:47 PDT 2011

I don't think we have similar methods.

I was wondering, sometimes, we may not be able to compare the strength
of two hash functions strictly. There are different "attacks" on
different hash functions. One hash function maybe safe to one attack
method but may be weak for another attack method.

In another case, before 2004 (SHA-1 is reported broken this year), we
can say SHA-1 is "stronger" than "MD2". But now, we may not be able to
say it any more, because it is a little easier (in complexity) to crack
SHA-1 than MD2 according to some researchs.


On 10/24/2011 9:52 AM, Weijun Wang wrote:
> Hi Andrew
> I need a method
>   boolean isWeakerThan(String a1, String a2)
> so that isWeakerThan("MD5", "SHA1") returns true and
> isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a
> lot of constraints works in JDK 7. Do you have an existing one?
> Otherwise, I plan to manually assign a value to each known algorithm and
> compare it.
> Thanks
> Max

More information about the security-dev mailing list