Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I am working on a project testing a hash that protects some data, and I\'ve alre

ID: 648955 • Letter: I

Question

I am working on a project testing a hash that protects some data, and I've already eliminated hash length extension attacks as a possible point of compromise, and I'm trying to educate myself on all the variables.

Say I have some data that is hashed via SHA1 - will knowing parts of that hash (the end piece - basically a known value with an unknown prepended salt) help in breaking the hash/finding the salt at all, other than speeding up a brute force?

By knowing a portion of the hashed data, and the hashed output, would that help in finding the missing, unknown portion of the hashed data? Would it matter if this was hashed using a nonce, and you have multiple versions of the partial data and ending hash? (For example, two hundred hashes, all with the same salt, same known data, changing nonce)

From everything I've read, I BELIEVE the answer to all of the above is "No, it's of no help, you still need to spend years brute forcing it", correct? I just want to cover all my bases before I put faith, and my I'm-no-expert-why-are-you-asking-me seal of approval on/in a security setup I don't have direct control over (If it were up to me I'd HMAC it - but it's not - and I cannot).

Explanation / Answer

It all depends on whether the rest of the input is guessable.

The best attack we know for finding the input to SHA1, given the output and partial knowledge about the input, is a brute-force attack:

So, the running time of the attack will be proportional to the number of candidates we need to try. If part of the input is known, the running time will depend on how easy it is to guess/predict the rest of the input.

For instance, if the unknown part of the input is a 4-digit PIN, and the rest of the input is all known, then the system is definitely vulnerable. There are only 104=10000 candidates for the full input, so you can try each one of them. This won't take very long.

As another example, if the unknown part of the input is a 128-bit secret value, and you have no way of predicting that input, and all 128-bit values are equally likely, then the system is safe. There are 2128 candidates for the input, and you can't try them all. Also, they're all equally likely, so you can't even get a speed-up by trying the most likely candidates first -- all the candidates are equally likely.

In general, if the entropy of the secret part is at least 128 bits, you should be good.

Related Questions

I am working on a chemistry problem which asks what is the ideal bond angles of
Question #690211
I am working on a circle class that stores the center point and radius in a circ
Question #3926052
I am working on a class assignment where I have a collection and it will be filt
Question #3663914
I am working on a code writing assignment and I am not sure what I am doing wron
Question #3866808
I am working on a computer systems puzzle that works with bit representations. I
Question #3549441
I am working on a discuss post. Here are the guidelines: pick a company/industry
Question #1134960
I am working on a electromagnetics project and I have created a replica of the b
Question #2265708
I am working on a final project for one of my classes. The final is divided up i
Question #1165573
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I am working on a project on Greenfoot. I am having trouble with Boss projectile
Next
I am working on a project that creates helping to build a business plan for a ne

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.