Thought experiment on broken hashes

Alphax wrote:
> - Some hash algorithms are "broken"; it is
possible to generate the
> inputs for a given input (of a given size), reducing
the number of
> "possible" inputs by some amount - I'm
guessing by the size of the hash.
> So even though there are still however many milllion
possible files with
> that filesize, how many /also/ have that particular
hash value for that
> particular algorithm?

Depends a lot on how they're broken.  Broken algorithms
have properties
very far from the Platonic ideals which make the math work
out nicely.

> - What if we have two hash values from different
algorithms? Three?
> Four? N? Does this make it any easier?

Assuming you have N different perfect M-bit hash algorithms
and they're
all perfectly independent of each other, you've recovered
(N*M) bits.
Again, if you assume they're not perfectly independent,
your mileage
will vary--however, it's far more likely you'll recover
fewer than (N*M)
bits than you'll recover more.  (And by 'far' more
likely, I mean 'I
think Claude Shannon would like to have a talk with you if
this ever
happens'.)



____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> Alphax wrote:
> 
>>- Some hash algorithms are "broken"; it
is possible to generate the
>>inputs for a given input (of a given size), reducing
the number of
>>"possible" inputs by some amount - I'm
guessing by the size of the hash.
>>So even though there are still however many milllion
possible files with
>>that filesize, how many /also/ have that particular
hash value for that
>>particular algorithm?
> 
> 
> Depends a lot on how they're broken.  Broken
algorithms have properties
> very far from the Platonic ideals which make the math
work out nicely.
> 

Ok, I wondered if that was the case.

> 
>>- What if we have two hash values from different
algorithms? Three?
>>Four? N? Does this make it any easier?
> 
> 
> Assuming you have N different perfect M-bit hash
algorithms and they're
> all perfectly independent of each other, you've
recovered (N*M) bits.
> Again, if you assume they're not perfectly
independent, your mileage
> will vary--however, it's far more likely you'll
recover fewer than (N*M)
> bits than you'll recover more.  (And by 'far' more
likely, I mean 'I
> think Claude Shannon would like to have a talk with you
if this ever
> happens'.)
> 

Well, assuming we have two 512-bit hashes which are
perfectly unique,
we've just recovered a 256kB file...

But I see what you're getting at. As the subject line says,
this was a
thought experiment. Like most others, it's been disproved
fairly
quickly. However, this is why we experiment - so that we can
learn.

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon
Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email
& vCards
http://tinyurl.com/cc9up
   |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc1: (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


iQEVAwUBQ/sNWbMAAH8MeUlWAQgUnAf/Y6vLO6wyj7MKTf7X3BiPth/Zx1XM
qTTT
AEC2IWeaMtjRxXvqEqvyc+zF7IkwyrJq3g9I1G4emy8cXxOxI3OEsdVYEku4
SDov
cSfmCExpYIjpIkEi8GleJEICP0a5wYhSqvPaW8riDJeHjiO6JjE+N9SR4o36
rpUQ
9FzZTT8Y7WTyN3BIfTljiMb74QW+M/tCwii4bfF2yzvNQ3fiuVYrjbENl9F8
TdZ7
sKlWqDCdDj1EC6wcCFP03wJkjV3J2YvFopzsmr/gblhPO6DlJrcGON/e9g4g
0Wgh
TTkKnXOnPWDu1ZuBwWg4edSiklEL7xJxDiz0aPgRAIAClIGw9hJPVQ==
=yg8+
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

Alphax wrote:
> Well, assuming we have two 512-bit hashes which are
perfectly unique,
> we've just recovered a 256kB file...

Umm... how?

Two perfectly independent 512-bit hashes let you recover 128
bytes, no
more, no less.  Or am I missing something really obvious
here?



____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> Alphax wrote:
> 
>>Well, assuming we have two 512-bit hashes which are
perfectly unique,
>>we've just recovered a 256kB file...
> 
> 
> Umm... how?
> 
> Two perfectly independent 512-bit hashes let you
recover 128 bytes, no
> more, no less.  Or am I missing something really
obvious here?
> 
> 

*checks time of post*

Oops. That'll teach me to do maths at 11pm... :(

- --
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon
Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email
& vCards
http://tinyurl.com/cc9up
   |   / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3rc1-4015cvs: (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


iQEVAwUBQ/wVD7MAAH8MeUlWAQjl1wgAiLa/t2maH+DQCzOwsAcdSRtW9ZvM
sx80
4LFRjXwbA8gn9gGJzRSQJ7HG7lJxRAM7zL1ig6PseUTyvu2S2dxIAgURCKK3
AhcO
ZcJAYWTcNxk01D+fUmx/Y21jvdim/ET46Ep4XCvHwmiW0ZAHORQZkdUc+DI+
Cnvp
r5s7E1Qa3gCiPCv7vp5WZfCtDWm8TS4I3JOfatseqnkhKP5SKxuD2XLUTjhG
942s
biK5bzy1xCM2d/55YEU2MgsDAHyOYDQCnvRu9+qAz6NUshl1jCv2+ziSaA8E
p2Gt
ldqEU5/sP9IUVuwESO+WpNi/FnKYJPsKDguWFfpYVtVd/ki0qurcjQ==
=ACrT
-----END PGP SIGNATURE-----


____________________________________________________________
__
Archives:         htt
p://groups.yahoo.com/group/PGP-Basics/messages
OT List:          http://gr
oups.yahoo.com/group/PGP-Basics-OT
OT Subscribe:    
mailto:PGP-Basics-OT-subscribe@yahoogroups.com 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://grou
ps.yahoo.com/group/PGP-Basics/

<*> To unsubscribe from this group, send an email to:
    PGP-Basics-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/