> Another interesting pattern that I perceive in these results is that maybe sometime between 1996 (Tiger) and 2000 (Whirlpool), humanity learned how to make collision-resistant hash functions,
I actually feel that this can be even more generalized: At some point people learned to create unbreakable algorithms.
There is literally no mainstream crypto algorithm beyond the 2000s that has seen any significant breakage. And very likely there never will be, with one exception: quantum computers will break modern ECC.
I think there's simply a dark age of crypto research with 90s algos and earlier. Which isn't surprising: Back then people were fighting whether it's even legal to do that kind of research.
This is far too optimistic - just look at the "History" chart. The average age of 90s hashes when they were broken was 10-15 years. It's equally probable that the "modern" algorithms are just too young for us to see them broken.
There's some aspect you miss: For both major hash breakages there was a ~10 year warning phase (for md5 the first breakthrough was 1996, for sha1 2004), where it was basically clear these hashes were bad, just noone had done the full attack yet.
There's no such warning from any modern hash yet.
SHA-2 was originally published in 2001. The digest sizes are also much bigger. I don't think it's really 'equally probable'. There are even cryptographers who think it's not at all probable, ever.
It should've been clear from my comment that I don't mean "provably theoretically unbreakable", but "practically unbreakable". Meaning no human will build a machine in the near future to break them.
Oh, my comment was actually meant as a simple clarification. It may have come out a bit harsher than that, I now realize in the clear, cold light of morning.
I actually feel that this can be even more generalized: At some point people learned to create unbreakable algorithms. There is literally no mainstream crypto algorithm beyond the 2000s that has seen any significant breakage. And very likely there never will be, with one exception: quantum computers will break modern ECC.
I think there's simply a dark age of crypto research with 90s algos and earlier. Which isn't surprising: Back then people were fighting whether it's even legal to do that kind of research.