Join Log in
Score:3
Loris Foe avatar Crypto

Does adding a known text to an input decrease hash security?

cn flag
Loris Foe

Imagine I want to hash a private key K (i.e hash(K)), but what if I hashed a concatenation of the key K and the username let's say the following hash : hash("john cena" + K )

Suppose everyone (even the hacker) knows that "john cena" is used to do the hash : can it help hackers to reverse the hash?

In other words, is there a difference in security of doing hash(K) or hash("john cena" + K ) (where "john cena" is known by everyone)?
Because it feels like that giving information of the input intuitively should provide help for an attack of any sort.

525
2 + 1
kelalaka avatar
in flag
kelalaka
A related even dupe of [Does knowledge of SHA256(secret ∥ known constant) in addition to SHA256(secret) give any information about the secret?](https://crypto.stackexchange.com/q/66743/18298)
0
Reply
Score:3
bk2204 avatar Crypto
fr flag
bk2204

A secure cryptographic hash function provides preimage resistance, which Wikipedia defines this way:

[F]or essentially all pre-specified outputs, it is computationally infeasible to find any input that hashes to that output; i.e., given y, it is difficult to find an x such that h(x) = y.

That means that for a secure cryptographic hash function, the most efficient way to determine the input is by brute force. How easy brute force is depends on the entropy in the input. If your cryptographic key is 128 bits and you're using SHA-256, which provides 256 bit security against preimage attacks, then the best brute force attack is to guess the 128-bit input.

When you use a fixed string, it doesn't add any entropy to the hash, so it doesn't make it any harder. But it also doesn't make it any easier to guess the input because guessing the input (performing a preimage attack) is supposed to be computationally infeasible regardless.

One thing that should be noted is that SHA-256 is vulnerable to length-extension attacks where an attacker knowing one output can produce valid hashes that start with the same prefix without knowing that prefix. If this matters in your situation, use a hash that isn't vulnerable to this, like one of the SHA-3 hashes or BLAKE2.

0 + 5
poncho avatar
my flag
poncho
Just beat me to it...
0
Reply
Loris Foe avatar
cn flag
Loris Foe
Thank you for your answer! But : "given y, it is difficult to find an x such that h(x) = y" Does the "it is difficult to find an x" part remains true even if we know **a part of x** (the "john cena" string) ?
0
Reply
bk2204 avatar
fr flag
bk2204
Yes, it remains true. Practically, it can be shown that if knowing part of the input weakened the hash, then it wouldn't meet its security guarantees anymore.
1
Reply
za flag
hanshenrik
nothing wrong with BLAKE2, but there is a [better alternative](https://github.com/BLAKE3-team/BLAKE3/blob/master/README.md) out there ^^
0
Reply
bk2204 avatar
fr flag
bk2204
BLAKE3 is faster, but I personally find it insufficiently conservative for my liking and I haven't found a sufficient amount of cryptanalysis to change my mind on that. As a result, I chose not to recommend it here.
0
Reply
Score:2
Gilles 'SO- stop being evil' avatar Crypto
cn flag
Gilles 'SO- stop being evil'

it feels like that giving information of the input intuitively should provide help for an attack of any sort.

Well, yes, but actually no. If you know that h = hash("john cena" + K), then you have some information about the preimage of h. But that information is that it starts with "john cena". That doesn't help in finding K.

(More precisely, h probably has multiple preimages, and you know that one of the preimages starts with K. That's not really important since for a hash function, you can't find a collision.)

Hash functions in common use are calculated in a streaming fashion from left to right: the calculation of hash(P + K) consists of processing P, then processing K, and applying a finalization function. With this design, calculating hash(P + Ki) for many values of Ki is exactly as expensive as calculating hash(Ki), plus a single calculation to process P which doesn't need to be repeated for each Ki. On the other hand, calculating hash(Ki + S) for many values of Ki requires processing S again each time, so it's somewhat more expensive than calculating Ki.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.