Why unhashing is not possible?

Why unhashing is not possible?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Why unhashing is not possible? Randell_D 12-25-2007
Posted by Walter Roberson on December 27, 2007, 6:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>> > roberson@hushmail.com (Walter Roberson) wrote:

>> >>>> Barry Margolin wrote:
>> >>>>> How could the hash possibly be guaranteed to be unique?
>> >>>> For a limited set of inputs, this is very easy.
>> >>> Yes. then it is not a hash. It may be an encryption, or a translation.

>> >> "Minimal perfect hashing"

>But the types of hashes and their properties are very dependent on WHY
>you're hashing. The algorithms you use to implement a symbol table
>(which is where perfect hashing becomes useful) are completely different
>from those used for cryptography (where it's important that it be
>difficult to generate the same hash) or password encryption (where
>irreversibility is critical).

Types of hashes and their properties exist apart from why
you are hashing. Why you are hashing governs your choice of which
type of hash (and thus which properties) you would rationally
select. Your choice of whether to use an axe or a shovel to dig
a hole in the ground does not change the properties of axes and
shovels, but sometimes the axe would be the better choice (e.g.,
ice axes in ice, or digging axes when dealing with a forest fire);
sometimes a shovel would be better.

The point is not relevant to Bill Unruh's statement that a "hash"
which is unique is "not a hash", which is what this subthread is about.
Your paragraph, quoted above, implicity agrees that "perfect hashing"
is a type of hashing; as perfect hashing hashes to a unique result
(over input it was designed for), Bill's statement appears to
be incorrect in context (which the original poster did not restrict
to cryptographic hashes.)

Sebastian's definition of what a "hash" is appears to me to be valid.
It's just that most things which are technically hashes are not
very useful for specific purposes (just like most things that
are "compression" functions aren't very useful for much.)

Posted by Unruh on December 27, 2007, 7:39 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
roberson@hushmail.com (Walter Roberson) writes:


>>> > roberson@hushmail.com (Walter Roberson) wrote:

>>> >>>> Barry Margolin wrote:
>>> >>>>> How could the hash possibly be guaranteed to be unique?
>>> >>>> For a limited set of inputs, this is very easy.
>>> >>> Yes. then it is not a hash. It may be an encryption, or a translation.

>>> >> "Minimal perfect hashing"

>>But the types of hashes and their properties are very dependent on WHY
>>you're hashing. The algorithms you use to implement a symbol table
>>(which is where perfect hashing becomes useful) are completely different
>>from those used for cryptography (where it's important that it be
>>difficult to generate the same hash) or password encryption (where
>>irreversibility is critical).

>Types of hashes and their properties exist apart from why
>you are hashing. Why you are hashing governs your choice of which
>type of hash (and thus which properties) you would rationally
>select. Your choice of whether to use an axe or a shovel to dig
>a hole in the ground does not change the properties of axes and
>shovels, but sometimes the axe would be the better choice (e.g.,
>ice axes in ice, or digging axes when dealing with a forest fire);
>sometimes a shovel would be better.

And sometimes I can use a shovel as an axe and an axe as a shovel. But this
does not mean that we should take the meaning of both to be so broad that
there is no distinction between them ( eg, an axe is something made of
metal with a handle-- purpose comes into the definition of axe).

>The point is not relevant to Bill Unruh's statement that a "hash"
>which is unique is "not a hash", which is what this subthread is about.
>Your paragraph, quoted above, implicity agrees that "perfect hashing"
>is a type of hashing; as perfect hashing hashes to a unique result
>(over input it was designed for), Bill's statement appears to
>be incorrect in context (which the original poster did not restrict
>to cryptographic hashes.)

I will admit that my statement was technically wrong. However, in the
context that the OP seemed to be asking his question, it was I believe not.
The OP wanted to have some explanation for a friend as to why hashes were
hard to invert, since you knew the process which produced the hash. Now,
the typical time that hashes are hard to invert ( find a preimage ) is if
they are cryptographic hashes. Clearly the hash which takes the first bit
of the input as the output is NOT hard to invert, and thus the OPs question
makes no sense for that hash. However, I will admit that it is a hash.
The OP was clearly confused over the question he was asking, and as such
one had to try to understand what he really meant. I may have misunderstood
the context, but I do not think so. I do believe that he WAS asking about
cryptographic hashes. That is the context in which I answered the question.
Also, a hash which is unique and invertible to me is an encryption, but I
agree that in some contexts it could be a hash and in some an enctyption. I
for example would not call the messages sent using PGP a hash, even though
they are a mapping from the space of input function to the space of output
functions of length m where m=10^80. On the other hand, I could imagine
using the encryption of a 10 character input as a 10 character hash in some
contexts.

Thus this message, under the definition of any function from input to output
being a hash, could be considered a hash, but anyone who used that
definition would in most context be considered an idiot.



>Sebastian's definition of what a "hash" is appears to me to be valid.

No, it is overbroad. It certainly captures an aspect of a hash, but is so
broad that it does not distinguish a has from anything else. Ie, it is so
broad that the word loses all meaning. So it is true, but meaningless.

>It's just that most things which are technically hashes are not
>very useful for specific purposes (just like most things that
>are "compression" functions aren't very useful for much.)

And use/purpose should be part of the meaning of hash to make the meaning
useful. Words should be specific, so that when they are used, the person
listening actually gets some information transfered to them.



Posted by Volker Birk on December 29, 2007, 4:14 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> I've never seen Perfect Hashing referred to as an encryption or
> translation, only ever as a "hash function".

"Perfect hashing" usually is only part of a hashing implementation.
First step usually is trunctating or simple hashing. Your source
<http://en.wikipedia.org/wiki/Perfect_hash_function> describes it as "A
Perfect hash function of a set S is a hash function which maps different
/keys/ (elements) in S to different numbers" for that reason.

Or, from <http://en.wikipedia.org/wiki/Hash_function>
| Typical hash functions have an infinite domain, such as byte strings
| of arbitrary length, and a finite range, such as bit sequences of some
| fixed length.

And, from the same source:
| Hash functions that are one-to-one are also called permutations.

Maybe, we should call a perfect hash function a permutation, and not a
typical hash function.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Posted by Walter Roberson on December 29, 2007, 4:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>Or, from <http://en.wikipedia.org/wiki/Hash_function>

>And, from the same source:
>| Hash functions that are one-to-one are also called permutations.

>Maybe, we should call a perfect hash function a permutation, and not a
>typical hash function.

Perfect hash functions are seldom one-to-one. A one-to-one function
has the same domain and range (i.e., the numeric range of the
inputs is the same as the numeric range of the outputs), whereas
perfect hash functions typically take multiple octets of input
(strings) and produce an integer output representable in a small
number of octets (log 2 of the number of inputs, not log 2 of the
size needed to represent the inputs.)

Posted by Sebastian G. on December 25, 2007, 8:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Unruh wrote:


>> For a limited set of inputs, this is very easy.
>
> Yes. then it is not a hash. It may be an encryption, or a translation.


A hash is a function of A^* -> B^m for a fixed value of m. Nothing else.

A very interesting example would be: Take the first 12 bytes of the input
(pad with zero if necessary), concatenate it with the SHA1 checksum of the
input. This hash has a length of 256 bit, is cryptographically
collision-resistant, yet leaks information and for any message up to 12 byte
is trivially invertible.

>> This is only true for cryptographic hashes.
> That was what he said, in the parts you erased.

You were the first to talk about cryptographic hashes. The OP just talked
about hashes, and hashes serve a wide variety of purposes other than
cryptography.


The site map in XML format XML site map

Contact Us | Privacy Policy