Why is SHA-512 limited to an input of $2^{128}$ bits?












9












$begingroup$


Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?










share|improve this question











$endgroup$








  • 9




    $begingroup$
    Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
    $endgroup$
    – poncho
    Dec 9 '18 at 23:15








  • 1




    $begingroup$
    Universe has approximately $10^{80} = 2^{256}$ atoms.
    $endgroup$
    – kelalaka
    Dec 9 '18 at 23:43










  • $begingroup$
    @kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
    $endgroup$
    – poncho
    Dec 10 '18 at 5:36










  • $begingroup$
    @poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
    $endgroup$
    – kelalaka
    Dec 10 '18 at 7:15












  • $begingroup$
    @kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
    $endgroup$
    – forest
    Dec 10 '18 at 9:02


















9












$begingroup$


Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?










share|improve this question











$endgroup$








  • 9




    $begingroup$
    Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
    $endgroup$
    – poncho
    Dec 9 '18 at 23:15








  • 1




    $begingroup$
    Universe has approximately $10^{80} = 2^{256}$ atoms.
    $endgroup$
    – kelalaka
    Dec 9 '18 at 23:43










  • $begingroup$
    @kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
    $endgroup$
    – poncho
    Dec 10 '18 at 5:36










  • $begingroup$
    @poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
    $endgroup$
    – kelalaka
    Dec 10 '18 at 7:15












  • $begingroup$
    @kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
    $endgroup$
    – forest
    Dec 10 '18 at 9:02
















9












9








9


3



$begingroup$


Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?










share|improve this question











$endgroup$




Both SHA-384 and SHA-512 are limited to an input size of less than $2^{128}$ bits. Considering SHA-512 has a higher output size, couldn't it include more input data?







hash sha-512






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 10 '18 at 21:23









kelalaka

6,60022143




6,60022143










asked Dec 9 '18 at 22:15









w0fw0f

1483




1483








  • 9




    $begingroup$
    Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
    $endgroup$
    – poncho
    Dec 9 '18 at 23:15








  • 1




    $begingroup$
    Universe has approximately $10^{80} = 2^{256}$ atoms.
    $endgroup$
    – kelalaka
    Dec 9 '18 at 23:43










  • $begingroup$
    @kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
    $endgroup$
    – poncho
    Dec 10 '18 at 5:36










  • $begingroup$
    @poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
    $endgroup$
    – kelalaka
    Dec 10 '18 at 7:15












  • $begingroup$
    @kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
    $endgroup$
    – forest
    Dec 10 '18 at 9:02
















  • 9




    $begingroup$
    Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
    $endgroup$
    – poncho
    Dec 9 '18 at 23:15








  • 1




    $begingroup$
    Universe has approximately $10^{80} = 2^{256}$ atoms.
    $endgroup$
    – kelalaka
    Dec 9 '18 at 23:43










  • $begingroup$
    @kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
    $endgroup$
    – poncho
    Dec 10 '18 at 5:36










  • $begingroup$
    @poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
    $endgroup$
    – kelalaka
    Dec 10 '18 at 7:15












  • $begingroup$
    @kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
    $endgroup$
    – forest
    Dec 10 '18 at 9:02










9




9




$begingroup$
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
$endgroup$
– poncho
Dec 9 '18 at 23:15






$begingroup$
Are you actually considering computing the SHA-512 hash of an input $> 2^{128}$ bits long? Even if it were allowed, could you do it, say, before the heat death of the universe???
$endgroup$
– poncho
Dec 9 '18 at 23:15






1




1




$begingroup$
Universe has approximately $10^{80} = 2^{256}$ atoms.
$endgroup$
– kelalaka
Dec 9 '18 at 23:43




$begingroup$
Universe has approximately $10^{80} = 2^{256}$ atoms.
$endgroup$
– kelalaka
Dec 9 '18 at 23:43












$begingroup$
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
$endgroup$
– poncho
Dec 10 '18 at 5:36




$begingroup$
@kelalaka: what does the number of atoms have to do with it? SHA-512 computation isn't parallelizable; hashing $2^{128}$ requires $2^{119}$ successive hash compression operations; even if we could do one in a picosecond ($10^{-12}$), that'd still take over 20 quadrillion years (that is, over a million times the current age of the universe).
$endgroup$
– poncho
Dec 10 '18 at 5:36












$begingroup$
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
$endgroup$
– kelalaka
Dec 10 '18 at 7:15






$begingroup$
@poncho Yes, definitely, SHA-512 is not parallelizable. I would like to give the impression about the amount of data to be stored then processed. Bitcoin reached $2^{91}$ in one year that is $2^{119}$ is $536.870.912$ years.
$endgroup$
– kelalaka
Dec 10 '18 at 7:15














$begingroup$
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
$endgroup$
– forest
Dec 10 '18 at 9:02






$begingroup$
@kelalaka It has approximately $10^{80}$ proton masses. While quite a few of its atoms are hydrogen, enough are not that there are far fewer atoms in general. Not to mention, that is only for the visible universe (one Hubble volume). If I recall correctly, the observable curvature proves that there are at least 200 Hubble volumes out there with unknown mass distribution, and possibly even an infinite number.
$endgroup$
– forest
Dec 10 '18 at 9:02












4 Answers
4






active

oldest

votes


















14












$begingroup$

The standard FIPS.180-4 defines a padding scheme that limits the upper input size.




Then append the 128-bit block that is equal to the number $l$ expressed
using a binary representation.




Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.






share|improve this answer









$endgroup$









  • 3




    $begingroup$
    Which is an artifact of Merkle-Damgaard construct
    $endgroup$
    – DannyNiu
    Dec 10 '18 at 2:26



















5












$begingroup$


Considering SHA-512 has a higher output size




Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.






share|improve this answer









$endgroup$





















    2












    $begingroup$

    This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.






    share|improve this answer









    $endgroup$





















      1












      $begingroup$

      The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.



      "The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:





      • "Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".


      • "$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".


      • "How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".


      • "A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".


      • "Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".





      While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?






      share|improve this answer









      $endgroup$













      • $begingroup$
        If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
        $endgroup$
        – peterh
        Dec 10 '18 at 6:44











      Your Answer





      StackExchange.ifUsing("editor", function () {
      return StackExchange.using("mathjaxEditing", function () {
      StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
      StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
      });
      });
      }, "mathjax-editing");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "281"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64714%2fwhy-is-sha-512-limited-to-an-input-of-2128-bits%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      14












      $begingroup$

      The standard FIPS.180-4 defines a padding scheme that limits the upper input size.




      Then append the 128-bit block that is equal to the number $l$ expressed
      using a binary representation.




      Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.






      share|improve this answer









      $endgroup$









      • 3




        $begingroup$
        Which is an artifact of Merkle-Damgaard construct
        $endgroup$
        – DannyNiu
        Dec 10 '18 at 2:26
















      14












      $begingroup$

      The standard FIPS.180-4 defines a padding scheme that limits the upper input size.




      Then append the 128-bit block that is equal to the number $l$ expressed
      using a binary representation.




      Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.






      share|improve this answer









      $endgroup$









      • 3




        $begingroup$
        Which is an artifact of Merkle-Damgaard construct
        $endgroup$
        – DannyNiu
        Dec 10 '18 at 2:26














      14












      14








      14





      $begingroup$

      The standard FIPS.180-4 defines a padding scheme that limits the upper input size.




      Then append the 128-bit block that is equal to the number $l$ expressed
      using a binary representation.




      Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.






      share|improve this answer









      $endgroup$



      The standard FIPS.180-4 defines a padding scheme that limits the upper input size.




      Then append the 128-bit block that is equal to the number $l$ expressed
      using a binary representation.




      Where the $l$ is the message length. Therefore, according to the standard, you can hash at most $2^{128}$-bit sized input messages.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Dec 9 '18 at 22:41









      kelalakakelalaka

      6,60022143




      6,60022143








      • 3




        $begingroup$
        Which is an artifact of Merkle-Damgaard construct
        $endgroup$
        – DannyNiu
        Dec 10 '18 at 2:26














      • 3




        $begingroup$
        Which is an artifact of Merkle-Damgaard construct
        $endgroup$
        – DannyNiu
        Dec 10 '18 at 2:26








      3




      3




      $begingroup$
      Which is an artifact of Merkle-Damgaard construct
      $endgroup$
      – DannyNiu
      Dec 10 '18 at 2:26




      $begingroup$
      Which is an artifact of Merkle-Damgaard construct
      $endgroup$
      – DannyNiu
      Dec 10 '18 at 2:26











      5












      $begingroup$


      Considering SHA-512 has a higher output size




      Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.






      share|improve this answer









      $endgroup$


















        5












        $begingroup$


        Considering SHA-512 has a higher output size




        Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.






        share|improve this answer









        $endgroup$
















          5












          5








          5





          $begingroup$


          Considering SHA-512 has a higher output size




          Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.






          share|improve this answer









          $endgroup$




          Considering SHA-512 has a higher output size




          Here's where I think you're making a mistake. The space of the output of SHA-512 is $2^{512}$. However, the number of possible inputs is not $2^{128}$, but a whooping $2^{2^{128}}$. You will have reached all possible output spaces well before even a minuscule fraction of the input space has been exhausted.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 10 '18 at 9:18









          forestforest

          3,0351034




          3,0351034























              2












              $begingroup$

              This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.






              share|improve this answer









              $endgroup$


















                2












                $begingroup$

                This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.






                share|improve this answer









                $endgroup$
















                  2












                  2








                  2





                  $begingroup$

                  This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.






                  share|improve this answer









                  $endgroup$



                  This is not a question of output size (even a 16-bit CRC can handle an unlimited input) but depends on the specification. You could use the SHA-2 compression function in an algorithm with larger input size, but then it would not be SHA-512.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 9 '18 at 22:41









                  gammatestergammatester

                  9251711




                  9251711























                      1












                      $begingroup$

                      The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.



                      "The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:





                      • "Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".


                      • "$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".


                      • "How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".


                      • "A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".


                      • "Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".





                      While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?






                      share|improve this answer









                      $endgroup$













                      • $begingroup$
                        If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
                        $endgroup$
                        – peterh
                        Dec 10 '18 at 6:44
















                      1












                      $begingroup$

                      The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.



                      "The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:





                      • "Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".


                      • "$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".


                      • "How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".


                      • "A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".


                      • "Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".





                      While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?






                      share|improve this answer









                      $endgroup$













                      • $begingroup$
                        If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
                        $endgroup$
                        – peterh
                        Dec 10 '18 at 6:44














                      1












                      1








                      1





                      $begingroup$

                      The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.



                      "The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:





                      • "Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".


                      • "$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".


                      • "How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".


                      • "A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".


                      • "Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".





                      While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?






                      share|improve this answer









                      $endgroup$



                      The limitation is not a fault but a practical limit. A limit which does not impair it's usefulness.



                      "The Bug Charmer's" blog "How big is 2**128?" makes several comments about the value, here are a few:





                      • "Most people realize that it’s a “big number” but don’t comprehend exactly how big. Who can blame them? Outside of a few disciplines such as cryptography and astrophysics, most people will never encounter a number this large.".


                      • "$2^{128}$ is 340 undecillion - 340,282,366,920,938,463,463,374,607,431,768,211,456".


                      • "How long would it take to brute-force a 128-bit key? If your PC can try $2^{40}$ keys per day, it would take you about 847,904,136,496,835,804,725,427 (848 sextillion) years in the worst case. We expect the sun to run out of hydrogen and collapse into a white dwarf in only about 5 billion years.".


                      • "A computer that can try $2^{90}$ keys per day will take millions of years to guess a 128-bit key.".


                      • "Storage on the order of $2^{128}$ will remain impossible. As I discussed in a previous post, storage for rainbow tables for each of $2^{128}$ salt values would require a storage device at least as large as the Earth.".





                      While some of those points refer to cracking and not the input text length the problem remains the same, what if the actual message was contained in the last sentence. Someone (or a computer) must create the input, it requires storage, and then there's the processing time; what if it turns out to be a compressed file?







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Dec 10 '18 at 5:23









                      RobRob

                      230128




                      230128












                      • $begingroup$
                        If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
                        $endgroup$
                        – peterh
                        Dec 10 '18 at 6:44


















                      • $begingroup$
                        If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
                        $endgroup$
                        – peterh
                        Dec 10 '18 at 6:44
















                      $begingroup$
                      If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
                      $endgroup$
                      – peterh
                      Dec 10 '18 at 6:44




                      $begingroup$
                      If the computer has also a big space, it can also try a birthday attack, halving the bit length. If there is no more help, it is realistic around until 80 bit on a home pc.
                      $endgroup$
                      – peterh
                      Dec 10 '18 at 6:44


















                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Cryptography Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      Use MathJax to format equations. MathJax reference.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f64714%2fwhy-is-sha-512-limited-to-an-input-of-2128-bits%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Berounka

                      Fiat S.p.A.

                      Type 'String' is not a subtype of type 'int' of 'index'