undefined | Better HN

0 pointsenkid4y ago0 comments

I mean, anything past 256 bits is going to have a collision, so that doesn't matter, but you're right that the entire point of a hash is that even if you know the hash, it's very very hard to find what the plaintext is.

0 comments

mtreis864y ago

There are a number of reversible hash algos. The point of hash is that the small changes in the input produce big changes in the output so even a 1-bit change to the input produces a completely different output. Some hash algos having trap door functionality is really more of a bonus.

eru4y ago

You can only reverse your hash function, if you output is at least as long as your input.

The kind of function you describe is useful, too, of course. You can build something like them out of almost any modern encryption method:

Encryption methods have to be reversible, so you can decrypt; and they are expected not to betray anything about their inputs, so there are probably some that have this avalanche property, or can be patched to have it fairly simply.

enkidOP4y ago

Sure, I guess I wasn't being specific enough. Once of the reasons to use SHA-256 is because that's hard to do.

thaumasiotes4y ago

It's true that any input length larger than 256 bits will exhibit a collision. It isn't true that it will necessarily exhibit every possible output. Maybe there's an output value that is only available for ridiculously large input.

eru4y ago

Yes, that's possible in general. Though fairly unlikely, if the hash was 'random'.

We know the structure of SHA256, so we could actually answer that question.

https://en.wikipedia.org/wiki/Preimage_attack says that pre-image attacks on hash function in general only take 2^n time (ie you don't need to look for passwords longer than 256 bits), but I don't see how they conclude that.

j / k navigate · click thread line to collapse

0 comments

mtreis864y ago

eru4y ago

You can only reverse your hash function, if you output is at least as long as your input.

The kind of function you describe is useful, too, of course. You can build something like them out of almost any modern encryption method:

enkidOP4y ago

Sure, I guess I wasn't being specific enough. Once of the reasons to use SHA-256 is because that's hard to do.

thaumasiotes4y ago

eru4y ago

Yes, that's possible in general. Though fairly unlikely, if the hash was 'random'.

We know the structure of SHA256, so we could actually answer that question.

j / k navigate · click thread line to collapse