# Questions tagged as ['hash']

I need to create an id generation function that takes 4-digit number and returns a unique 3-letter identifier.

I already have a function that generates a 2-letter id from 3-digit number with some limitations (between 100 and 775), but I'm not sure how to change it to meet the new requirement.

```
if order_id < 775:
alphabet = list('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
alpha_index = ''
_i_1 = 0
_i_2 = 0 ...
```

Let $H:\mathbb{Z} \rightarrow \mathbb{Z}_{p}^{*}$ and $a \mapsto g^a\bmod p$ for $g \in \mathbb{Z}_{p}^{*}$ where $p$ is prime. Is this function (strongly) collision-free meaning we cannot find practically $x_1$,$x_2$ such that $H(x_1)=H(x_2)$?

I argue no with the following reasoning: Let $A$ be an Algorithm which generates $x_1 \neq x_2$ such that $H(x_1)=H(x_2)$ and define $A: \mathbb{N} \rightarro ...

I know one of the advantages of hash functions is that they are fast. However, I read somewhere (I don't know where exactly) that the speed is a disadvantage for password hashes when storing them in databases, but why is this so ? Would someone explain to me if being fast is a disadvantage for password hashing and why is this so ? (If possible could you also write some links to websites/papers describi ...

Just for an example, let's say I downloaded "the adventures of tom sawyer" from gutenberg in .txt file format and saved it to my usb thumb drive.

And as you can see, usb drive is not an ideal device for long term data retention. But if I insist on using it, there's possibility any files in my storage would finally be corrupted after long time without powering it up.

So what I will do now is to save ...

When encrypting data, I want to verify that the correct key was entered without hashing it. Is it safe to decrypt the ciphertext and compare the hash of it with the stored one or can the plaintext (which could be very long) be read from the hash?

If I try to do `MD5(SHA256(input))`

, what is the strength of this so-called double hashing approach?

Is it as strong as SHA256, or as strong as MD5, or as strong as SHA256 + MD5?

This is not a homework question btw, I am asking because of a real issue in my project. By right, I only need to do `SHA256(input)`

on the input, and store it in a column in one MySQL table. But my practical concern is: SHA256 is o ...

**What hash based digital signature algorithms exist that have reasonably small signature sizes?**

By reasonably small, I mean not much bigger than what you would get with a 256-bit ECDSA (which I believe has a signature of about 64 bytes). If nothing close exists, then what's the smallest signature size I can get?

I want 128 bit security or better (although its not a hard requirement).

I will be si ...

I read on the page 16 of On the Security of Hash Function Combiners that

the classical combiner for collision-resistance simply concatenates the outputs of both hash functions $Comb_{\mathbin\|}(M) = H_0(M) \mathbin\| H_1(M)$ in order to ensure collision resistance as long as either of H0, H1 obeys the property.

Consider H, a secure internal hash function with 256-bit inputs and 128-bit outputs

...I am working on a project that is using a bit-commitment concept to authenticate information.

I need to select a combination of objects securely from a secure hash, then distribute that hash later. Then a client knows that only the authenticated server selected that combination of objects before distribution of the hash the combination derived from. In other words, I need to select a combination ...

Say I have two values $x$ and $y$ of slightly different lengths. They can be passwords or keys or any other critical value, and I want to deterministically map them to two values of the same length.

Would using a secure hash function to achieve that purpose introduce any weakness into the system? We can assume the the output length of the hash function is not too small compared to the original inputs (e. ...

I am not good at cryptography so please :)

After reading this discussion it is now clear to me that xxHash is not resistant to collision attacks and is not secure for MAC usage. But after reading it, I still don't understand how resistant XXH3 (one of xxHash family) is to preimage attacks.

Yes, XXH3 output is $64$/$128$ bits which means that the probability to find image is $2^{64}$/$2^{128}$ correspondi ...

I try to use a sequence of games to prove a scheme is CCA secure. In the final two games, the ciphertexts are $(c_1^*, Hash(x)\oplus m_b, Hash(x,a))$ and $(c_1^*, random, Hash(x,a))$ respectively, where $c_1 ^*$ and $a$ can be viewed as given numbers, $x$ is a variable and $m_b$ is the challenge message.

The advantage of the adversary in the latter game obviously is 1/2, so if the two games are indis ...

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

According to https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The le ...

Would it be beneficial to create a cryptographic hash function for more security. A cryptographic hash function is pretty much a pseudorandom string generating algorithm and it can easily be made difficult to break by increasing the number of possible hashes that can be generated.

## Why make another cryptographic hash function

I want to hash passwords in a database such that the attacker cannot find ...

I am using AES-CBC as a hash function which is encrypting a block of length n. The blocks, m = (m1, m2, ..., mn). The IV is one block long and the encryption key is length 128, 192 or 256 bits.

Will I get collisions? And if so, how could I find examples?

I expect to find collisions every 2^(n/2) hashes but I don't imagine this would allow me to find any matches in the next 10000000 years.

Is it possible to use HMAC while performing encryption of blocks?

I think that the main problem with the approach would be to get the same output size as the block, from the HMAC function.

Also, the hash function is one-way, so how would one perform the decryption?

Are there any real-world examples for this approach, or is it not feasible?

I have written a raw (textbook) RSA implementation (just for fun) and I wonder is there an easy way to make it secure enough so it can be used in real life (without implementing OAEP+ and RSASSA-PSS)? Are there any simple algorithms for padding and generating secure digital signatures?

Consider that an online shop subscribes an embedded external service for their customers. This external webpage is accessible through a clickable banner on the online shop.

On the subscription area of this external service, the registration form asks about the base url domains where the banner will be published:

```
companya.com
companyb.org
companyc.net
```

The purpose is to create a query string dynamically f ...

Neven et al. stated in their paper Hash Function Requirements for Schnorr Signatures following theorem (using the forking lemma): $\mathbb{G}$ is the generic group (section 2), $s \approx \log_2q$, hash function $H: \lbrace 0,1 \rbrace^* \rightarrow \lbrace 0,1 \rbrace^n$.

**Theorem 1**
If the discrete logarithm problem in $\mathbb{G}$ is $(t_\text{dlog}, \epsilon_\text{dlog}$-hard, then the Schnorr Signatu ...

I am working on doing a naive Python implementation of SHA-1,SHA-2, and SHA-3 and I need to test and debug because the hash result right now is not correct.

I have found a step-by-step working out of SHA-256 here. https://docs.google.com/spreadsheets/d/1mOTrqckdetCoRxY5QkVcyQ7Z0gcYIH-Dc0tu7t9f7tw/edit#gid=1025601888

Can somebody link me a step-by-step working out of SHA-1, SHA-2, and SHA-3 for an ex ...

According to keccak strengths you have:

Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with the key.

Meaning I can get a MAC of a `message`

by just computing $\operatorname{SHA-3-256}(KEY \mathbin\| message)$. If this is the case, why then does

I am facing a problem in programming with the charm-crypto library. The hash functions for pairing group elements in charm-crypto can only map from a string to a specific field: $\mathbb Z_r$, $G_1$ or $G_2$.

Examples: $$\begin{align} H_1: \{0, 1\}^*\to\ &G_1\\ H_2: \{0, 1\}^*\to\ &Z_r\\ H_3: \{0, 1\}^*\to\ &G_2\\ \end{align}$$

I am implementing a certificateless public key encryption ...

suppose no salt or pepper is used and passwords are hashed plain, will entering incorrect password that just hashes to the same let me in? i know that one use of salting/peppering techniques is to, aside from making brute force more time consuming, prevent one hash compromise all the users using same pass. but how does it work for preventing colliding passwords being used interchangeably? in other words ...

I came up with the following question:

Given a hash function *H()* and a hash value *h* that is in the codomain/range of outputs of *H()*, can you determine if *h* can be produced by *H()* (i.e. is *h* in the image of *H()*)?

Can the question be answered? Does it contradict to the preimage resistance property?

Is there any benefit you can think of for a hash function having the above property (that you can/can't ...

I am reading a textbook and in there they explain the property of hash functions. In particular, they give an example of how unlikely it would be to find a second input value that would match the hash output of the original input. Here's the example:

We show now how Oscar could turn his ability to find collisions (modifying two messages) into an attack. He starts with two messages, for instance: