# HAVAL

Short description: Cryptographic hash function

HAVAL is a cryptographic hash function. Unlike MD5, but like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths – 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits. HAVAL also allows users to specify the number of rounds (3, 4, or 5) to be used to generate the hash. HAVAL was broken in 2004.[1]

HAVAL was invented by Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry in 1992.

## HAVAL hashes

The HAVAL hashes (also termed fingerprints) are typically represented as 32-, 40-, 48-, 56- or 64-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding HAVAL hash (256 bits, 5 passes):

HAVAL("The quick brown fox jumps over the lazy dog", 256, 5) =
b89c551cdfe2e06dbd4cea2be1bc7d557416c58ebb4d07cbc94e49f710c55be4


Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing the letter d to a c produces the following hash value:

HAVAL("The quick brown fox jumps over the lazy cog", 256, 5) =


The hash of a zero-length string is:

HAVAL("", 256, 5) =
be417bb4dd5cfb76c7126f4f8eeb1553a449039307b1a3cd451dbfdc0fbbe330


## Security

Research has uncovered weaknesses which make further use of HAVAL (at least the variant with 128 bits and 3 passes with 26 operations) questionable. On 17 August 2004, collisions for HAVAL (128 bits, 3 passes) were announced by Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu.[2]