# Questions tagged as ['hash']

A cryptographic hash algorithm is a function which takes a variable size input and produces a fixed size output. The algorithm makes it difficult to find two inputs with the same output or reconstruct the input from the output.
Score: 1
Hashing function: Generate unique 3 letters Identifier

I need to create an id generation function that takes 4-digit number and returns a unique 3-letter identifier.

I already have a function that generates a 2-letter id from 3-digit number with some limitations (between 100 and 775), but I'm not sure how to change it to meet the new requirement.

if order_id < 775:
alphabet = list('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
alpha_index = ''
_i_1 = 0
_i_2 = 0 ...
Score: 0
I am confused on how to solve this question about one way hashing

I know that I have to use decryption, but I am confused about how it breaks one-way (preimage resistance)

Score: 0
Why is this image not pre-image resistant?

The answers to my HW say that a preimage of a single block is easily found. I do not understand how it is easily found. Please help.

Score: 1
Is $H:\mathbb{Z} \rightarrow \mathbb{Z}_{p}^{*}$ and $a \mapsto g^a\bmod p$ with $p$ prime (strongly) collision-free?

Let $$H:\mathbb{Z} \rightarrow \mathbb{Z}_{p}^{*}$$ and $$a \mapsto g^a\bmod p$$ for $$g \in \mathbb{Z}_{p}^{*}$$ where $$p$$ is prime. Is this function (strongly) collision-free meaning we cannot find practically $$x_1$$,$$x_2$$ such that $$H(x_1)=H(x_2)$$?

I argue no with the following reasoning: Let $$A$$ be an Algorithm which generates $$x_1 \neq x_2$$ such that $$H(x_1)=H(x_2)$$ and define $$A: \mathbb{N} \rightarro ...$$

Score: 1
Is the speed of hash functions a disadvantage when storing hashed passwords in a database?

I know one of the advantages of hash functions is that they are fast. However, I read somewhere (I don't know where exactly) that the speed is a disadvantage for password hashes when storing them in databases, but why is this so ? Would someone explain to me if being fast is a disadvantage for password hashing and why is this so ? (If possible could you also write some links to websites/papers describi ...

Score: 1
how high is the possibility of getting a hash collision in text files?

Just for an example, let's say I downloaded "the adventures of tom sawyer" from gutenberg in .txt file format and saved it to my usb thumb drive.

And as you can see, usb drive is not an ideal device for long term data retention. But if I insist on using it, there's possibility any files in my storage would finally be corrupted after long time without powering it up.

So what I will do now is to save  ...

Score: 1
Is it safe to store the hash of a plain text?

When encrypting data, I want to verify that the correct key was entered without hashing it. Is it safe to decrypt the ciphertext and compare the hash of it with the stored one or can the plaintext (which could be very long) be read from the hash?

Score: 2
How strong if I combine two hash functions, such as MD5(SHA256(input))?

If I try to do MD5(SHA256(input)), what is the strength of this so-called double hashing approach?

Is it as strong as SHA256, or as strong as MD5, or as strong as SHA256 + MD5?

This is not a homework question btw, I am asking because of a real issue in my project. By right, I only need to do SHA256(input) on the input, and store it in a column in one MySQL table. But my practical concern is: SHA256 is o ...

Score: 3
What hash based digital signature algorithms exist that have reasonably small signature sizes?

What hash based digital signature algorithms exist that have reasonably small signature sizes?

• By reasonably small, I mean not much bigger than what you would get with a 256-bit ECDSA (which I believe has a signature of about 64 bytes). If nothing close exists, then what's the smallest signature size I can get?

• I want 128 bit security or better (although its not a hard requirement).

• I will be si ...

Score: 0
What happens when we hash already hashed values, concatenated together?

I read on the page 16 of On the Security of Hash Function Combiners that

the classical combiner for collision-resistance simply concatenates the outputs of both hash functions $$Comb_{\mathbin\|}(M) = H_0(M) \mathbin\| H_1(M)$$ in order to ensure collision resistance as long as either of H0, H1 obeys the property.

Consider H, a secure internal hash function with 256-bit inputs and 128-bit outputs

...
Score: 0
Securely and Deterministically select a combination of objects from hash (cryptographic seed)

I am working on a project that is using a bit-commitment concept to authenticate information.

I need to select a combination of objects securely from a secure hash, then distribute that hash later. Then a client knows that only the authenticated server selected that combination of objects before distribution of the hash the combination derived from. In other words, I need to select a combination  ...

Score: 1
Is it insecure to use a hash function to map (potentially critical) inputs to the same length?

Say I have two values $$x$$ and $$y$$ of slightly different lengths. They can be passwords or keys or any other critical value, and I want to deterministically map them to two values of the same length.

Would using a secure hash function to achieve that purpose introduce any weakness into the system? We can assume the the output length of the hash function is not too small compared to the original inputs (e. ...

Score: 2
Pre-image attack on non-cryptographic hash functions

I am not good at cryptography so please :)

After reading this discussion it is now clear to me that xxHash is not resistant to collision attacks and is not secure for MAC usage. But after reading it, I still don't understand how resistant XXH3 (one of xxHash family) is to preimage attacks.

Yes, XXH3 output is $$64$$/$$128$$ bits which means that the probability to find image is $$2^{64}$$/$$2^{128}$$ correspondi ...

Score: 0
If $Hash(x)$ is indistinguishable from $Hash(x,a)$, where $x$ is variable and $a$ is a given number?

I try to use a sequence of games to prove a scheme is CCA secure. In the final two games, the ciphertexts are $$(c_1^*, Hash(x)\oplus m_b, Hash(x,a))$$ and $$(c_1^*, random, Hash(x,a))$$ respectively, where $$c_1 ^*$$ and $$a$$ can be viewed as given numbers, $$x$$ is a variable and $$m_b$$ is the challenge message.

The advantage of the adversary in the latter game obviously is 1/2, so if the two games are indis ...

Score: 1
What is the difference between "Elliptic Curve Function" and "Hash Functions" like SHA256?

I am reading about bitcoin and I am a little confused about "elliptic curve function" and "SHA256". Do they have the same properties? Can both be used to generate private and public key pairs?

Score: 1
Which passphrase length is good so it's hard to break bitcoin's PBKDF2 key?

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The le ...

Score: 1
Would it be any good to create a new cryptographic hash function?

Would it be beneficial to create a cryptographic hash function for more security. A cryptographic hash function is pretty much a pseudorandom string generating algorithm and it can easily be made difficult to break by increasing the number of possible hashes that can be generated.

## Why make another cryptographic hash function

I want to hash passwords in a database such that the attacker cannot find ...

Score: 1
AES-CBC Hash Function Collision Resistance

I am using AES-CBC as a hash function which is encrypting a block of length n. The blocks, m = (m1, m2, ..., mn). The IV is one block long and the encryption key is length 128, 192 or 256 bits.

Will I get collisions? And if so, how could I find examples?

I expect to find collisions every 2^(n/2) hashes but I don't imagine this would allow me to find any matches in the next 10000000 years.

Score: 0
Use HMAC for every block encryption operation

Is it possible to use HMAC while performing encryption of blocks?
I think that the main problem with the approach would be to get the same output size as the block, from the HMAC function.
Also, the hash function is one-way, so how would one perform the decryption?
Are there any real-world examples for this approach, or is it not feasible?

Score: 3
Is there an easy way to make textbook RSA secure enough so it can be used in real life?

I have written a raw (textbook) RSA implementation (just for fun) and I wonder is there an easy way to make it secure enough so it can be used in real life (without implementing OAEP+ and RSASSA-PSS)? Are there any simple algorithms for padding and generating secure digital signatures?

Score: 0
Decrypt one cipher with multiple and independent passwords

Consider that an online shop subscribes an embedded external service for their customers. This external webpage is accessible through a clickable banner on the online shop.

On the subscription area of this external service, the registration form asks about the base url domains where the banner will be published:

companya.com
companyb.org
companyc.net


The purpose is to create a query string dynamically f ...

Score: 3
Hash function requirements for short Schnorr Signature

Neven et al. stated in their paper Hash Function Requirements for Schnorr Signatures following theorem (using the forking lemma): $$\mathbb{G}$$ is the generic group (section 2), $$s \approx \log_2q$$, hash function $$H: \lbrace 0,1 \rbrace^* \rightarrow \lbrace 0,1 \rbrace^n$$.

Theorem 1 If the discrete logarithm problem in $$\mathbb{G}$$ is $$(t_\text{dlog}, \epsilon_\text{dlog}$$-hard, then the Schnorr Signatu ...

Score: 1
Step-by-step working out with example input for NIST Hash Functions like SHA-1,SHA-2, and SHA-3

I am working on doing a naive Python implementation of SHA-1,SHA-2, and SHA-3 and I need to test and debug because the hash result right now is not correct.

Can somebody link me a step-by-step working out of SHA-1, SHA-2, and SHA-3 for an ex ...

Score: 4
Is KMAC just SHA-3-256(KEY || message)

According to keccak strengths you have:

Unlike SHA-1 and SHA-2, Keccak does not have the length-extension weakness, hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with the key.

Meaning I can get a MAC of a message by just computing $$\operatorname{SHA-3-256}(KEY \mathbin\| message)$$. If this is the case, why then does

Score: 2
How to have a hash function that maps from a group element to a binary string of a certain size in charm-crypto?

I am facing a problem in programming with the charm-crypto library. The hash functions for pairing group elements in charm-crypto can only map from a string to a specific field: $$\mathbb Z_r$$, $$G_1$$ or $$G_2$$.

Examples: \begin{align} H_1: \{0, 1\}^*\to\ &G_1\\ H_2: \{0, 1\}^*\to\ &Z_r\\ H_3: \{0, 1\}^*\to\ &G_2\\ \end{align}

I am implementing a certificateless public key encryption  ...

Score: 1
if i enter a password that's incorrect but that collides with one when hashed, will it let me in?

suppose no salt or pepper is used and passwords are hashed plain, will entering incorrect password that just hashes to the same let me in? i know that one use of salting/peppering techniques is to, aside from making brute force more time consuming, prevent one hash compromise all the users using same pass. but how does it work for preventing colliding passwords being used interchangeably? in other words ...

Score: 2
Given a hash function and a hash value, can you tell if it can produce such value?

I came up with the following question:

Given a hash function H() and a hash value h that is in the codomain/range of outputs of H(), can you determine if h can be produced by H() (i.e. is h in the image of H())?

Can the question be answered? Does it contradict to the preimage resistance property?

Is there any benefit you can think of for a hash function having the above property (that you can/can't  ...

Score: 2
$2^{64}$ versions of the same message

I am reading a textbook and in there they explain the property of hash functions. In particular, they give an example of how unlikely it would be to find a second input value that would match the hash output of the original input. Here's the example:

We show now how Oscar could turn his ability to find collisions (modifying two messages) into an attack. He starts with two messages, for instance: