Geek Answers Handbook

Given the hashing algorithm, is there a better way to unleash besides bruteforce?

So, I have a code for a hash function, and from his looks there is no way to just parse it (a lot of bitwise AND, OR, Shifts, etc.). My question is: if I need to know the original value before being hashed, is there a more efficient way than just crudely forcing the set of possible values?

Thanks!

EDIT: I have to add that in my case the original message will never be longer than a few characters for my purposes.

EDIT2: Out of curiosity, are there any ways to do this on the go, without pre-computed tables?

+4
source share
4 answers

Yes; rainbow table attacks . This is especially true for hashes of shorter strings. those. hashes of small lines, such as true, false, etc., can be stored in the dictionary and can be used as a comparison table. This greatly speeds up the cracking process. Also, if the hash size is short (i.e. MD5), the algorithm becomes especially easy to crack. Of course, the way around this problem is to combine cryptographic salts with passwords before hashing them.

There are two very good sources of information on this subject: Coding Horror: Rainbow Hash Cracking and Wikipedia: Rainbow Table

Edit: Rainbox tables can bind tens of gigabytes, so downloading (or playing) can take several weeks to do simple tests. Instead, there are some online tools for accessing simple hashes: http://www.onlinehashcrack.com/ (i.e. try canceling 463C8A7593A8A79078CB5C119424E62A, which is the MD5 hash of the word 'crack')

+3
source

Blur is called a profile attack: based on the hash output, find the corresponding input.

If the hash function is "secure", then it is better not to use an attack than to try to use possible inputs until a hit is found; for a hash function with n-bit output, the average number of calls to the hash function will be about 2 n, i.e. the path is too much for the current ground-based technology if n is greater than 180 or so. To state it differently: if the attack method is faster than this brute force method for a given hash function, then the hash function is considered to be irreparably broken.

MD5 is considered broken, but for other weaknesses (there is a published method for pre-images with a cost of 2 123.4 which is thus about 24 times faster than the cost of brute force - but it is still still technologically unfeasible that it cannot be confirmed).

When the input of the hash function, as you know, is part of a relatively small space (for example, it is a β€œpassword”, therefore, it can enter the human user's brain), then it is possible to optimize the accident using pre-computed tables: the attacker still has to pay the cost search once, but it can reuse its tables to attack multiple instances. Rainbow tables are pre-computed tables with a spatial compressed representation: with rainbow tables, the bottleneck for an attacker is processor power, not the size of its hard drives.

+2
source

Assuming the "normal case", the original message will be many times longer than the hash. Therefore, in principle, it is absolutely impossible to receive a message from a hash, simply because you cannot calculate information that is not there.

However, you can guess that this is probably the correct message, and there are methods to speed up this process for general messages (such as passwords), such as rainbow tables. It is very likely that if something that looks reasonable is the correct message, if the hash matches.

Finally, it may not be necessary to find a good message at all until it can be found which will pass. This is the subject of a famous attack on MD5. This attack allows you to create another message that gives the same hash.
Whether this is a security issue or not depends on what exactly you use the hash for.

+1
source

This may seem trivial, but if you have code for hashing, you can always override the hash() table container class function (or similar, depending on your programming language and environment). That way you can use hash strings of 3 characters or less, and then you can save the hash as a key, with which you get the original string, which seems to be exactly what you want. Use this method to build your own rainbow table, I suppose. If you have code in a software environment in which you want to find these values, you can always change it to store hashes in a hash table.

+1
source

More articles:


All Articles