[plug] Redhat passwords - max 8 chars!?

Thu Sep 14 16:08:15 WST 2000

On Thu, Sep 14, 2000 at 03:53:09PM +0800, David Griffiths wrote:

> Ah <nods sagely>. If I understand you correctly then the important
> distinction then is not so much the "one-way-ness/reversibility" of hashes
> (which in principle can succumb to brute force methods for reversal) as the
> _non-uniqueness_ of input data giving rise to the hash (implying the brute
> force reversal results will probably be meaningless if the collision space
> is large enough).

Well, I guess the important distinction is that you can't really
"reverse" (as such) a hash.  You can make a guess at the pre-image
(which is what you're referring to by "brute force methods for
reversal") but this isn't anything like a brute-force known
plaintext/ciphertext attack on a cipher.  The main reason for this is
that there is no key involved in the hashing process.  Just some input,
a the hashing algorithm and the fixed-length output.  The output is
a unique (within the range of the length of the hash output) fingerprint
of the input but there is no way of "reversing" it as such.  On the
other hand, a cipher has a way of reversing it -- a key.  This is what I
would be stressing in terms of explaining the difference between a
one-way hash function and encryption.

> If the mapping between input text and possible hashes is unique with
> precisely zero chance of collision, (input data space would have to be
> stricly limited to be less than or equal to hash space) does the hash then
> also fulfill the definition of encryption? Does the DES hashing of 8 char
> unix passwords have a 1 to 1 mapping?

There won't ever be precisely zero chance of collision but the
probability can be so tiny that zero is close enough for *most* intents
and purposes.  For example strong 160-bit hash algorirthms are
considered to be secure against birthday attacks so this is almost
equivalent to saying that the chance is virually zero.  Either way, the
hash will never been the definition of encryption because it doesn't
have a key.  A hash is not meant to be reversible, a cipher is.

For your next question, if I understand you correctly, there isn't a
one-to-one mapping of DES crypt() passwords to the hash output because
these passwords include a 12-bit salt (makes 4096 possible outputs to
one input of the hash function).  If you took away the salt then hashing
the same password would give the same output (and this is necessarily
true of any hash function).  Am I understanding your question correctly?

> Hey you're shaking up a few brain cells here Christian! I haven't thought
> about this stuff for ages :-)

Lucky you, I think about it all the time. :P

Regards,

Christian.