Why unhashing is not possible?

Why unhashing is not possible?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Why unhashing is not possible? Randell_D 12-25-2007
Posted by Sebastian G. on December 26, 2007, 7:27 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Unruh wrote:


>> Unless you reach its maxixum output length (which is typically very short in
>> comparison to the input), any good cryptographic hash does its best in
>> preserving as much information as possible.
>
> No, it does its best at not preserving any information as possible if it is
> a cryptographic hash.


This is ridiculous. Consider an input of the length of the output 'n' with
maximum conditional entropy. If the output would contain significantly less
entropy, say m < n, then the average runtime for a bruteforce search would
be 2^m instead of 2^n, and you'd have an attack against the hash.

Short to say, cryptographic hashes are best at mixing in all available
information without throwing anything away. That is, every little input
influences the output with maximum significance.

> Yes, he did. He implied that he was talking about a situation in which is
> was very hard or impossible to reverse the hash. Or did you not happen to
> read the OP post.


If the input is longer than the output, a hash is always impossible to
invert for arbitrary inputs - that's the very purpose of a hash. No one
every talked about that it should also be hard for specific inputs.

> ??? Where did I say you know the key?


It's part of the algorithm if you use it solely as a hash.

Posted by Unruh on December 26, 2007, 1:17 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>Unruh wrote:


>>> Unless you reach its maxixum output length (which is typically very short in
>>> comparison to the input), any good cryptographic hash does its best in
>>> preserving as much information as possible.
>>
>> No, it does its best at not preserving any information as possible if it is
>> a cryptographic hash.


>This is ridiculous. Consider an input of the length of the output 'n' with
>maximum conditional entropy. If the output would contain significantly less
>entropy, say m < n, then the average runtime for a bruteforce search would
>be 2^m instead of 2^n, and you'd have an attack against the hash.

???? A cryptographic hash tries very hard to look like a random selection
of the 2^N possible outputs(for a N bit hash). That preserves no
information. Information is what distinguishes the input from other inputs,
and a cryptographic has tries its best not to distinguish the outputs from
any other outputs. It, it tries its best to destroy all information in the
input. The reason for the "each bit influences the output" is precisely to
make this as true as possible. You also want to make sure that different
inputs produce different outputs. Ie, each input is a statistically
independent random choice of output. If one of the bits did not influence
the output, then you would not have an independent random choice.
Of course the output is actually a deterministic function of the input, but
one wants that deterministic function to act as much like a random
selection as possible-- ie to preserve the "no information transfer" as
possible.



>Short to say, cryptographic hashes are best at mixing in all available
>information without throwing anything away. That is, every little input
>influences the output with maximum significance.

>> Yes, he did. He implied that he was talking about a situation in which is
>> was very hard or impossible to reverse the hash. Or did you not happen to
>> read the OP post.


>If the input is longer than the output, a hash is always impossible to
>invert for arbitrary inputs - that's the very purpose of a hash. No one
>every talked about that it should also be hard for specific inputs.

Yes, you are again repeating what others said.


>> ??? Where did I say you know the key?


>It's part of the algorithm if you use it solely as a hash.

Who was using it as a hash? Using a keyed encryption as a cryptographic hash is
silly
both because it preserves the length of the input, and because it is easily
invertible.

Posted by Sebastian G. on December 26, 2007, 2:00 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Unruh wrote:


> ???? A cryptographic hash tries very hard to look like a random selection
> of the 2^N possible outputs(for a N bit hash). That preserves no
> information.


Why don't you simply use a purely random function? This would really
preserve no information, and would be absolutely useless.

> Information is what distinguishes the input from other inputs,
> and a cryptographic has tries its best not to distinguish the outputs from
> any other outputs.


Which is nonsense as well, since the same input leads to the same output -
so obviously is does distinguish outputs.

> It, it tries its best to destroy all information in the input.


Then the function f(X) = "0" would be much better.

> The reason for the "each bit influences the output" is precisely to
> make this as true as possible.


Wrong again. The purpose is to make every little bit of information in the
input influence the output, thus preserving it as much as possible (and the
limit being the output size and the randomness demand).

> If one of the bits did not influence the output, then you would not

> have an independent random choice.

That is, this bit of information is not discarded.

> Of course the output is actually a deterministic function of the input, but
> one wants that deterministic function to act as much like a random
> selection as possible-- ie to preserve the "no information transfer" as
> possible.


Nonsense. Now get yourself familiar with the term "conditional entropy".

>> It's part of the algorithm if you use it solely as a hash.
>
> Who was using it as a hash?


I throught we were talking about hashes.

> Using a keyed encryption as a cryptographic hash is silly
> both because it preserves the length of the input, and because it is easily
> invertible.


Until you stop behaving stupid and think a little bit how one can use a
symmetric cipher to produce a hash function which is invertible for all
inputs shorter than output (including the padding).

Posted by Randell_D on December 26, 2007, 10:57 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thanks everyone...

Hash references/explanations that I read referred to hashing as being
unique however from what you folks are telling me, "unique" in this
sense means "extreme remote chance of a duplicate being found".

Cheers / Health / Wealth / Peace to you all!

Posted by Unruh on December 28, 2007, 5:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>Thanks everyone...

>Hash references/explanations that I read referred to hashing as being
>unique however from what you folks are telling me, "unique" in this
>sense means "extreme remote chance of a duplicate being found".

Yes. It is mathematically clear that if the input is longer than the
output, then the output cannot be different for all inputs. It can be
different for all inputs you happen to ever try.




The site map in XML format XML site map

Contact Us | Privacy Policy