Is it possible for 2 messages to hash to the same value using a cryptographic hash function?
View Discussion Show
Improve Article Save Article View Discussion Improve Article Save Article Cryptographic Hash is a Hash function that takes random size input and yields a fixed-size output. It is easy to calculate but challenging to retrieve original data. It is strong and difficult to duplicate the same hash with unique inputs and is a one-way function so revert is not possible. Hashing is also known by different names such as Digest, Message Digest, Checksum, etc. Properties Of Cryptography Hash FunctionThe ideal cryptographic hash function has the following main properties:
Cracking HashWe often hear the term Cracking a Hash, there are a couple of ways to do that:
How to create a Cryptographic Hash
Javapackage java_cryptography; import java.io.ByteArrayOutputStream; import java.security.MessageDigest; import java.util.UUID; import javax.xml.bind.DatatypeConverter; import sun.security.provider.SecureRandom; public class Hashing { private static final String SHA2_ALGORITHM = "SHA-256"; public static byte[] Creating_Random_Salt() { byte[] salt = new byte[16]; SecureRandom secure_random = new SecureRandom(); secure_random.engineNextBytes(salt); return salt; } public static byte[] Creating_SHA2_Hash( String input, byte[] salt) throws Exception { ByteArrayOutputStream byte_Stream = new ByteArrayOutputStream(); byte_Stream.write(salt); byte_Stream.write(input.getBytes()); byte[] valueToHash = byte_Stream.toByteArray(); MessageDigest messageDigest = MessageDigest .getInstance(SHA2_ALGORITHM); return messageDigest .digest(valueToHash); } public static void main(String args[]) throws Exception { byte[] salt = Creating_Random_Salt(); System.out.println( "SALT_VALUE: " + DatatypeConverter.printHexBinary(salt)); String valueToHash = UUID.randomUUID().toString(); byte[] hash2 = Creating_SHA2_Hash(valueToHash, salt); byte[] hash2 = Creating_SHA2_Hash(valueToHash, salt); System.out.println( "HASH1_VALUE: " + DatatypeConverter .printHexBinary(hash2)); System.out.println( "HASH2_VALUE: " + DatatypeConverter .printHexBinary(hash2)); } } Note: Salt is a random value added to the input data(passwords) to defend against pre-computed hash attacks such as Rainbow tables. Output:
How to create Cryptographic Hashing PasswordsAs we have seen how to generate a Hash now, let us use Bcrypt to hash a password. Do not use broken Hashing algorithms for Hashing Passwords. Bcrypt is a password Hashing function based on Blowfish Cipher. Approach:
Code: Javapackage java_cryptography; import java.util.Scanner; import org.springframework .security .crypto .bcrypt .BCrypt; public class Hashing { private static Scanner sc; public static String Password_Hash( String password) { return BCrypt.hashpw( password, BCrypt.gensalt()); } public static boolean Verify_Password( String password, String hashed_password) { return BCrypt.checkpw( password, hashed_password); } public static void main( String args[]) throws Exception { sc = new Scanner(System.in); System.out.println( "Enter the password: "); String p = sc.nextLine(); String passwordHash = Password_Hash(p); System.out.println( "Hashed-password: " + passwordHash); System.out.println( "Verification: " + Verify_Password( p, passwordHash)); } } Output:
Hash Uses
Can two hashes be the same?"Two files can have the same md5 hash only if their contents are exactly the same, even a single bit of variation would generate a completely different hash value." – This is wrong. Because of the Pigeonhole Principle, there are in fact an infinite number of files which have the same hash.
Can you have two different messages with the same hash value?Yes, it is “possible” to find two messages that share a hash value. This is known as a hash collision.
What is it called when two messages result in the same hash?A cryptographic hash function must be deterministic, meaning that the same message always results in the same hash. Ideally it should also have the following properties: it is quick to compute the hash value for any given message.
Can two inputs have the same hash?You are correct. This is called a hash collision, and it's a real thing. The reason it's not a bigger deal is that the number of hashes is so overwhelmingly large that these types of collisions are rare.
|