Decrypt hash using dicionary attack

Lets consider Im the attacker and have access to hashes of passwords of a given data base and I will attempt a dictionary attack. My question is once I generate the hash that matches any of the hashes in the data base will I be able by reverse engineering to find out how the primitive works and then manage to find all passwords matching the hashes or do I need to compute until I find another collision? In other words, after first password cracked, is it 1 – 1 or N – N.

Is there a collision free Hash Function for dynamic data that preserves already created hashes?

I am familiar with the concept of hash functions and fingerprints but I am new to the implementation of functions and the specific characteristics of all those hash functions out there.

What I need

Say I have a table of employee data {FirstName, LastName, Birthday, …} which is dynamic. New employees join the the company, old employees leave. I want to hash the employee data. I need to make shure that the data of new employees is not hashed to the same value as any other employee that has ever been in the database.

In this sense the data set is append only. While deleting the employee data of an retiring employee is mandatory, I can store the hash, that was once linked to that employee. (Which most likely is of no use because the hash of past employees data will not evaluate to itself once hashed again 🙁 )

Hashing does not need to be cryptographic. Yet hashes must not easily be tracked back to employee data. By this I mean you are not supposed to use an efficient method to calculate employee data from hash values. Since information is lost in the process of hashing I would assume that this requirement is easy to match.

The Goal

I want to reduce the size of the hash (meaning bit size) as much as possible.


I would assume that, without collision resistance, I need to pick a fairly large hash (2^32 or bigger) to assure a tolerable risk of collision. Avoiding this is the main interest behind the question.

I must guarantee that never ever a new employees data is hashed to the same value as one of the prior employees data was hashed to. I can make assumption like “Given infinite time there will in total never be more then 1.000.000 people in the company or retired from the company.” So the total number space of hashes is fixed.

Is this solvable? If not, what would be the best hashing procedure that assures maximum collision resistance (Rabin’s Fingerprinting?)

How secure is this combined sha1/md5 hash

Recently we outsourced some work for a website. While reviewing this code I came across the password hash function.

I am in no way a security expert besides some basic knowledge (hence outsourcing this), Nontheless it raised some red flags in my head and wanted to get this confirmed/debunked.

the complete function (in C#)

protected static string CreatePasswordHash(string pwd) {     return ByteArrayToString(new SHA1CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(ByteArrayToString(new MD5CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes("GHYETAZ86E9O"))) + pwd))); }  public virtual string GetPasswordhash(string password) {     return CreatePasswordHash(password); } 

I feel the like this has the following issues:

  • It uses Md5 (to hash the salt. Which I don’t really see the use of, This seems to imply it isn’t any more secure either)
  • It uses a static hardcoded salt that is the same for everyone (which will generate the same hashes for users with the same password)
  • No double salt (ties in with the above)
  • It uses SHA1 instead of SHA2 (We don’t need to stick to sha1 for any compatibility reasons or anything)

Now as far as i’m aware SHA1 isn’t truly unsecure (yet) but has already had collisions happening, and isn’t completely secure anymore.

Are these security concerns legit? Or is this a proper hashing implementation.

The ability to create an account is public and can be done by anyone who visits the website.


I hope this is the correct SE to ask this, but was doubting between here and code review. This seemed the better option. Let me know if I was wrong

how to calculate hash rate of your rig?

First going the easy way, I would use any online calculator but most of these mining calculators require the hash rate of my device. I am unable to find a suitable answer or a guide to easily compute this value for any device given its configurations. Will that be possible?

Scenario:

When I go to these online calculator sites, they again cross question me about the hash rate/ hashing power. I need to determine this value and feed in to these sites so that I can get the desired result. (e.g. cryptocompare.com). I want to know whether it is easy to calculate these values with some information about your machine like the processor, GPUs and all, how much time I am gonna run it. I know the calculator sites need the power input of the device.

How to dynamically generate the hash value of a file while it gets downloaded from any website?

I’ve tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn’t get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn’t get downloaded otherwise it can download.

I hope you understood my problem statement and I request you to help me in solving it.

What is Bitcoin’s “genesis hash”?

From Lightning Network documentation:

Used in several of the BOLT documents to denote the genesis hash of a target blockchain. This allows nodes to create and reference channels on several blockchains. Nodes are to ignore any messages that reference a chain_hash that are unknown to them. Unlike bitcoin-cli, the hash is not reversed but is used directly.

For the main chain Bitcoin blockchain, the chain_hash value MUST be (encoded in hex): 6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000.

However this wiki entry about Bitcoin’s genesis block has

GetHash() = 0x000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f

Indeed, inputting the latter value into blockchain.info yields Block 0, while the former value cannot be found on blockchain.info.

Why does the value 6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000 appear in Lightning Network as “Bitcoin’s genesis hash”?

Identify an unknown hash hash

I need some help to decode this hash. One APP send all data like this request and this data it’s decoded on server. Now… how to decode this?

tCEyQrMwfNFZN2+0qB+HQUy6qvOHmE/UUkBJIK9Gen+MBykJ7KD8a8hgLpWeo/P2125S8+v4Lmyj+mw2ReCPDkiCzYyXnVYEnDS5/rNIFjS16TEGJJjANplOD06854ccWIWrmTf4NEZfAL7Linzxc5xbJLc2CVdZ/brXdtkc15IIFOhTXmzcSac+YRapf/H4rw3d8D74tjCQUjQrfkqb+UsvClPsctVmGvmgHc1W+1p5Nhs4tPqGO3E4jmiglw2lTngzL1hy0oHVIJonBb0QkZsMlzy2uQXH0I8P10JpdwQKcD2nPujSPRBkhGmPGiqgDiVQlZiaVmhbDD43NsFp69FO12Lat2MVE6wD+Gdz6MrqZYqlzAfE6fFBfSOEX+MvROkwvOvT+h/5N7uK6aPaB/PZFGN/2xt69Wi9PFnwhdKMCCftOr23fGfiKyaeoA7gW/0gDR5qv1VcR218QzRszXX27zfNEISs4JHL6qb2fvBHXTqmsEnC0L/RTkC7AhL/04OtQ7DqhP6rgHdD1AZT6Q==


HM5mSnh9Tkx0h/GlVpy46Fb7P4vPJmfV/GaOQqT3ZAg9gtdHcS7Gt7eHvZ17HyfL33NF2n+80RB9vQCHaX52xq7ydf8DSKbNxOU3QZ50XUeK4PoSMIAnsaHXyyEFR9iSWdJCqNPmIHOqkmwtrlYOUQmza7WZyCZhlqhNA5ifdvbktWmzQx9h0+67sbb1FDGMW4LUFdiQnaPdhXSEbYgmftSBj+hCmWE9xqkqPb6WuWW528E9aLySdMFDFvs0WKwOSTbC+RKTIkmKyB1yZfUjCKu3tZe4iILTZ2jliHruMPnGrsS7R2dgABR8WBuwu0mpk66OGE5I7MkNtgDrQtN0tCJwuKpoQKbSgHamzEivvA6EB0hHZU4XeWzyVrRym1p0htKrODi+TxgjiyRis+WuJa7WbLxUJC88mn9uPZ0CEyo2XCsUVKkou25qAy2B5JiqeyoFbqHVGZ997fGL8Q6TK5DYXJlarmFS38Cpxlidwe5mSqiGmys4cTls3vtbkZ/FHuz/mybe5+kiqlEn4M6hw+hF2wuf385Q0Ks4ks1zxohPIdA6RyCGfBwIKaWYSS14VeDeVMEWCkzyzR4fxdlgFZBzK6gGJ5iHZRx14fGeRsU=


hPUQA2g7P8lBGEc1j4OLZ0X93PQPU5CxcyPa003Dw4zGIehXXA19UF75G6g4g49q3FrMJkv1oghrQiZvUEHddxRmriE7pGfPFTg8/2iau54Fxw9t7W1qEpSt9XXyTSkRlqAf5xumD3VfmuRPB6D4PYCJDuumQ2hvghmB6TmASW3lpj2shmSeGDRFS9qjUnbo8TJLmxWObXReCXb8Wp94iiRsabGGz2XqBqKwtVmTuLtDLg21MgbL8w/0Zwv2A2skomNZ1/0ef3Icqi4RJX8iAqEfa/lfWEEEDcRi/H4+CUbz7Z2UAF+7xJi9Ct8PdfnzzcGbyCu6YY48NtO8m9VRPhk5q25dq6XGXWlqlHGooI7r7lUKdSMe+r+thJ01o7a5lgQ2N9pExd8hL0eP+t/5Yc+k1tOCsIXod229edLqPAYrCASu7bsj67QJmeo4ol8pUL+ac0eJML/1sNIheIYWtteZvkKR0MS0lZGkfG5ycDREY7Eih+6HYxUUZusW8z1wGtRZuUESWxMfFDSKwT2fXR0R8F0w9//Y+LNQ5oAy0Gfc87+GIKvicMM8ABtnG6vG


z3n2jD/CayoBHcFcY1b2wFrfzNETupFkOrBgFj50LM8YM34B2yst1TfXX5wbwu1l7DwFdaI3/J7MvOT5aJ676kqwLs81zK2ajEx45QsDUDYvY/wEKSsCYkmvp+D5Z4yiFzrqsA9gcK2p1LqOYjdeQm3KfExXd7XNlhXdv30HGeKHDmkjGmPQfz4e3Q7du0KzMq+NdIApzUCq4xzsaaES2gW8QkkvcNK0SA5vGzXWWeW9hRdzmPNlc5OsVE1ap5T+ZIbr28YqncHpt8Z/8jSuwshuN7pMmogGRePBLLAwMEZFudSYOwxeLr17skFyMw4bMtKYiV6AUetdAKKCxI+WpcNfco68VRBm6FMWx35tAY3jMuD+N8xjVk3a0g4a+W61pC9mVOsNngrc5yugexQk5OwXnnJ4S1Fvfo1oJ+IlPsf2miGnlxYlNs4cHUN7KvfBji0Rzp8dS2C5s52FazZyT8cU/0pfs7NcJRsvY09VKWafjwwj8xSs6JdL+D6wbpdGyf4lpZelUXYMDp3ePrW/y++VKfoTxvj3HtsSVk0lq3WRzrEOcgRMu9P+IurWNfiuiDRN7sfQB5Qtx23wmOwj/yKX2LLQ0JnvN4fENQlon7I=

Drupal hash salt / private key is changing?

I’ve created a token that I store in database, here is how I create my token :

$  token = drupal_hmac_base64($  pid . " " . $  order_id . " " . $  solde, drupal_get_private_key() . drupal_get_hash_salt()); 

And then when a user go to my url that looks like that :

https://mycustomwebsite.com/order_id/token 

With the token and another value : order_id, I get the line in my database with the order_id and then I create a new token :

$  new_token = drupal_hmac_base64($  pid . " " . $  order->order_id . " " . $  solde, drupal_get_private_key() . drupal_get_hash_salt()); 

I compare these two tokens just for a verification to grant the access or not.

This works fine but couple days after when I try to go on a link the access doesn’t work anymore. When I look at the new_token generated for verification it’s not the same ! But the value used to make this token (pid, order_id and solde) are the same, so here is why I ask my question.

Does the drupal_get_hash_salt() or drupal_get_private_key() can return different values in the time ?