Score:0

Deciphering input from known output using SHA512?

in flag

Basic question. I'm doing self-study on hash functions.

If I insert hello as input in a SHA512 hash function (e.g. using this) I get the following hash: 9b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec043

I noticed that the SHA512 algorithm yields the same output whether I input hello today or tomorrow, or if I use my computer or my sister's.

Given the above, does this mean that knowing the above outputted hash code a priori allows me to decipher that its corresponding SHA512 input is 'hello'?

pigeonburger avatar
co flag
Yes (unless there's an overlap where a completely different random string happens to clash and they both have identical hashes). If you memorize that a beef burger patty came from a cow, you can decipher that other beef burger patties are likely made from cows. The only thing you can't do is turn the beef patty back into a cow - you have to have the *prior knowledge* of how it was made. Same thing with hashes.
Score:2
my flag

I noticed that the SHA512 algorithm yields the same output whether I input hello today or tomorrow, or if I use my computer or my sister's.

Well, yes - hash functions wouldn't be very useful if they gave different answers at times.

The classical usage for a hash function is within a signature algorithm; the core algorithm typically handles only limited sized values, and we often want to sign quite lengthy messages. So, what we do is pass our lengthy message through a hash function (to create a short value, in this case, 512 bits in length), and sign that short value. If the verifier called the hash function on the same original message, and got a different value, the verification wouldn't work.

Given the above, does this mean that knowing the above outputted hash code a priori allows me to decipher that its corresponding SHA512 input is 'hello'?

Well, what you could do is try performing SHA512 on various different inputs; if one of the inputs just happens to be 'hello', then yes, you'll see the same output, and deduce that (barring an incredible coincidence) the original input was also 'hello'.

However, that is essentially the best you can do; with a good hash function (and SHA512 is a good hash function), there is essentially no way to recover the original string (or another string that hashes to the same value) without trying various guesses.

Score:0
it flag

does this mean that knowing the above outputted hash code a priori allows me to decipher that its corresponding SHA512 input is 'hello'?

Yes and no...

-- Yes, you can compare hash to figure out it's from plain text 'hello'. The hashes you collect from a word or a phrase are elements of a so-called rainbow table in industry. A table that holds hash of a lot of known popular words and patterns for password.

That's also the reason why using your birthday or 123456 is bad choice since their hashes are so easily recognized by the table.

-- No, it is not a deciphering. You labelled the question as "one-way function", right? So there is no returning way of deciphering for hash operation.

Score:0
ng flag
SSA

Cryptographic Hash functions are not the Random output generator function. so with same input it gives same output always. Hash functions here, are used to check the message integrity, so that if any bit is changed when a receiver receives the sender's message, the Hash value will be different, and become repudiable.


Now your question about how to check the given Hash is unique to an input. i.e., its one-to-one ness. so, over the time because of collision, new hash functions came to existence for ex. MD4,MD5, SHA1,SHA2.. It is extremely difficult with brute force to get the input of the Hash o/p for newer hash like SHA512 or SHA256.


JFYI, password storing mechanism also uses Hash function along with salt (random number) to avoid collision, as many people tend to use password that can be easily guessed and can lead to serious issue.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.