> Secure cryptographic hashing (use at your own risk)

Well that's a whole lot of nonsense. Holding out a hash function as secure while providing no analysis is laughable.

From the linked page

> Why say crypto if it's not analyzed?

> It's intention is to be a cryptohash so it should be analyzed to verify and understand if it's secure and how secure. The inclusion of these words is to indicate the intention and invite people to analyze, break, or improve it.

Certified* deep water submarine

* The inclusion of this word is to indicate the intention and invite people to analyze, break, or improve it.

Yes, I read the page. This is crayon cryptography. The author has presented no reason for anyone to take this seriously.

You might be right.

I second the GP: laughable.

Calling a hash function "rainbow" when this term is already used for "rainbow tables" in the same domain is grade A confusing.

It is indeed a hash collision.

Based on the feedback here, I modified the README:

<// Rain //>

This repository houses the Rainbow and Rainstorm hash functions, developed by Cris Stringfellow and licensed under Apache-2.0. The 64-bit variants have passed all tests in the SMHasher3^0 suite. Results can be found in the results/ subdirectory.

    Algorithm  | Speed        | Hash Size    | Purpose                      | Core Mixing         | Security
    -----------|------------- | ------------ | ---------------------------- | ------------------- | -----------------
    Rainbow    | 13.2 GiB/sec | 64 to 256    | General-purpose              | Multiplication,     | Not designed
               |              | bits         | non-cryptographic  hashing   | subtraction/add,    | for cryptographic
               |              |              |                              | rotation, XOR       | security
    -----------|------------- | ------------ | ---------------------------- | ------------------- | -----------------
    Rainstorm  | 4.7 GiB/sec  | 64 to 512    | Potential cryptographic      | Addition/sub,       | No formal security
               | (at 4 rounds)| bits         | hashing                      | rotation, XOR       | analysis yet
  

-= Rainbow =-

Rainbow is a fast hash function (13.2 GiB/sec, 4.61 bytes/cycle on long messages, 24.8 cycles/hash for short messages). It's intended for general-purpose, non-cryptographic hashing. The core mixing function utilizes multiplication, subtraction/addition, rotation, and XOR.

-= Rainstorm - Unvetted for Security =-

Rainstorm is a slower hash function with a tunable-round feature (with 4 rounds runs at 4.7 GiB/sec). It's designed with cryptographic hashing in mind, but it hasn't been formally analyzed for security, so we provide no guarantees. The core mixing function uses addition/subtraction, rotation, and XOR. Rainstorm's round number is adjustable, potentially offering additional security. However, please note that this is hypothetical until rigorous security analysis is completed.

-= Note on Cryptographic Intent =-

While Rainstorm's design reflects cryptographic hashing principles, it has not been formally analyzed and thus, cannot be considered 'secure.' We strongly encourage those interested to conduct an analysis and offer feedback.

-= Stability =-

The hashes' stability may change over time, as we might modify constants, mixing specifics, and more as we gather insights. Should such changes alter the hashes' output, we will denote the changes with new version numbers. As of now, Rainstorm is at v0, and Rainbow is at v1.

-= Contributions =-

We warmly welcome any analysis, along with faster implementations or suggested modifications. Collaboration is highly encouraged!

-= Genesis =-

The fundamental concept for the mixing functions derived from Discohash, but has been significantly developed and extended. The overall architecture and processing flow of the hash were inspired by existing hash functions.

0^: https://gitlab.com/fwojcik/smhasher3