How do one-way hash functions work? (Edited)

by

Since everyone until now has simply defined what a hash function was, I will bite.

A one-way function is not just a hash function — a function that loses information — but a function f for which, given an image y (“SE” or 294 in existing answers), it is difficult to find a pre-image x such that f(x)=y.

This is why they are called one-way: you can compute an image but you can’t find a pre-image for a given image.

None of the ordinary hash function proposed until now in existing answers have this property. None of them are one-way cryptographic hash functions. For instance, given “SE”, you can easily pick up the input “SXXXE”, an input with the property that X-encode(“SXXXE”)=SE.

There are no “simple” one-way functions. They have to mix their inputs so well that not only you don’t recognize the input at all in the output, but you don’t recognize another input either.

SHA-1 and MD5 used to be popular one-way functions but they are both nearly broken (specialist know how to create pre-images for given images, or are nearly able to do so). There is a contest underway to choose a new standard one, which will be named SHA-3.

An obvious approach to invert a one-way function would be to compute many images and keep them in a table associating to each image the pre-image that produced it. To make this impossible in practice, all one-way function have a large output, at least 64 bits but possibly much larger (up to, say, 512 bits).

EDIT: How do most cryptographic hash functions work?

Usually they have at their core a single function that does complicated transformations on a block of bits (a block cipher). The function should be nearly bijective (it shouldn’t map too many sequences to the same image, because that would cause weaknesses later) but it doesn’t have to be exactly bijective. And this function is iterated a fixed number of times, enough to make the input (or any possible input) impossible to recognize.

Take the example of Skein, one of the strong candidates for the SHA-3 context. Its core function is iterated 72 times. The only number of iterations for which the creators of the function know how to sometimes relate the outputs to some inputs is 25. They say it has a “safety factor” of 2.9.

More Related Contents:

  1. MD5 algorithm in Objective-C
  2. How come MD5 hash values are not reversible?
  3. Is it possible to decrypt MD5 hashes?
  4. How to hash some string with sha256 in Java?
  5. Is SHA-1 secure for password storage?
  6. Why is XOR the default way to combine hashes?
  7. Which cryptographic hash function should I choose?
  8. PKCS#1 and PKCS#8 format for RSA private key [closed]
  9. RSA Encryption Problem [Size of payload data]
  10. Is it possible to get identical SHA1 hash? [duplicate]
  11. Is calculating an MD5 hash less CPU intensive than SHA family functions?
  12. Can two different strings generate the same MD5 hash code?
  13. C# SHA-1 vs. PHP SHA-1…Different Results?
  14. MD5 hashing in Android
  15. Slow AES GCM encryption and decryption with Java 8u20
  16. How to hash some String with SHA-256 in Java?
  17. Is it possible to decrypt MD5 hashes?
  18. Digital signature for a file using openssl
  19. What is the clash rate for md5? [closed]
  20. How do I hash a string with Delphi?
  21. Is “double hashing” a password less secure than just hashing it once?
  22. Why does SSL handshake give ‘Could not generate DH keypair’ exception?
  23. Is Math.random() cryptographically secure?
  24. iOS AES Encryption – Fail to Encrypt
  25. How can it be impossible to “decrypt” an MD5 hash? [duplicate]
  26. Self signed X509 Certificate with Bouncy Castle in Java
  27. AES/CBC/PKCS5Padding in iOS objective c result differs from Android
  28. How do I calculate the MD5 checksum of a file in Python? [duplicate]
  29. Load an PEM encoded X.509 certificate into Windows CryptoAPI
  30. How random is crypto#randomBytes?

Leave a Comment