Why unhashing is not possible?

Why unhashing is not possible?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Why unhashing is not possible? Randell_D 12-25-2007
Posted by Randell_D on December 25, 2007, 11:04 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I've always led the belief that if something can be created/built,
then it can be "uncreated/unbuilt". In technology this is sometimes
referred to as reverse-engineering. I understand too how hashing can
be used within programs and fast database lookups but I failed
miserably discussing the subject of hashes with someone who could not
understand when I told them that you cannot reverse the process... I
know you can crudely hack it (using John the Ripper for example) but
you cannot "uncompress it" so to speak.

So... my question here to you good people is... why can't a hash be...
well... unhashed?

Surely if the hash is unique, we know the process that got us the hash
we have only to reverse the process... we can't... so... but why not?

Posted by Sebastian G. on December 25, 2007, 11:16 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Randell_D wrote:


> So... my question here to you good people is... why can't a hash be...
> well... unhashed?


Because a hash is lossy, and some are even cryptographically secure?

> Surely if the hash is unique,


A hash is not unique.

Posted by Bit Twister on December 25, 2007, 11:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Tue, 25 Dec 2007 08:04:44 -0800 (PST), Randell_D wrote:
>
> So... my question here to you good people is... why can't a hash be...
> well... unhashed?

It is not an encrypted content but the result of a mathematical computation.

> Surely if the hash is unique, we know the process that got us the hash
> we have only to reverse the process... we can't... so... but why not?

This example is nothing like a hash, but think about taking 11, 6 digit
numbers, multiply each with each other, keep only the last 5 digits of
the result.

That is the example hash value. Take that number, and recreate the
original 11 numbers.


Posted by Barry Margolin on December 25, 2007, 1:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
In article

> Surely if the hash is unique, we know the process that got us the hash
> we have only to reverse the process... we can't... so... but why not?

How could the hash possibly be guaranteed to be unique? Input texts are
usually many kilobytes or megabytes long, while the hash code is
typicaly in the 10's of bytes. Consider a really simple hash function
for a decimal number: take the last last 20 digits, and then every other
digit of this. If you start with a 100-digit number, 10^90 inputs map
to the same hash.

What the hash code designers try to do is make it very hard to find
another input that will hash to a given code. Even harder is finding
another input that's MEANINGFUL. So if someone is distributing a
computer program, and sends the hash code separately, it would be
virtually impossible for someone to modify the program in such a way
that it will still have the same hash and also run. Or if the original
input were natural language text, even if someone could find a
replacement with the same hash, it will almost certainly be total
gibberish.

Of course, my toy example above doesn't have this attribute. But hash
functions used in crytography do.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Posted by Sebastian G. on December 25, 2007, 4:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Barry Margolin wrote:


>> Surely if the hash is unique, we know the process that got us the hash
>> we have only to reverse the process... we can't... so... but why not?
>
> How could the hash possibly be guaranteed to be unique?


For a limited set of inputs, this is very easy.

> What the hash code designers try to do is make it very hard to find
> another input that will hash to a given code. Even harder is finding
> another input that's MEANINGFUL.


This is only true for cryptographic hashes.


The site map in XML format XML site map

Contact Us | Privacy Policy