Hi guys,
Is there a way to convert between hashes? Say you have the MD5 of a given object, and you want to know the SHA-1 hash of it. Is there away to do a mathematical conversion between the two aside from using data tables?
Thanks
-
SecretSoftware
Code to live, but Live to code.
-
Larsenal
ready to give an answer
I'm going to take a wild guess and say no.
-
jsampsonPC
SampsonBlog.com SampsonVideos.com
Larsenal wrote:I'm going to take a wild guess and say no.
I'm going to take a not-so-wild guess and agree with Larsenal on this. Hashes exist for the simple purpose of not knowing what their value is
So you couldn't 'un-hash' it back into plain-text and then hash that into SHA-1.
If you know what the hash was, then you could encrypt that text. But Hash - > Plain Text - > Encryption...not going to happen. Or atleast not going to happen easily
-
staceyw
Before C# there was darkness...
Only way is to brute force the current hash to get the clear value, then re-hash.
-
so it depends on what kind of hashing algorithm you are using.
You can think of a hash like a factory...
you send you message in, and get som numbers back. You provide the numbers (hash) along with the message to your friend, and he sends the message to his factory, and get som numbers back.He then compares his numbers with the ones provied from your end. If they are equal, then he can be resonably sure that the message
are original and not modified in any way.In a security context, one normally sign the hash to make sure that
that they are not forged. And since the hash is only useful if you have access to the source data, ( you need to compare two hashes created from the same source), you might think that one can convert between different hash alorithms...But the hash is created by inspecting the original message block by block, its a one way function...you can get the hash by inspecting the message, but you cant get the message by inspecting the hash.
If you culd get an unseen message from a hash ( what you actually must do to convert from md5 to sha1), or find two different messages with the same hash, then the hash function
is considered insecure. -
littleguru
<3 Seattle
That would mean that you could construct the original object from the hash... If that would be possible, you would have discovered a wonderful way to compress data
It's not possible with the common hashes like MD5, CRC etc. -
The other thing is, multiple pieces of data may produce the same hash under the same algorithm, but they are more than likely to produce completely different hashes under a different algorithm, i.e.
hash1(a) == hash1(b)
but
hash2(a) != hash1(a)
hash2(a) != hash2(b)
So the answare is: no freaking way -
jsampsonPC
SampsonBlog.com SampsonVideos.com
blackstar wrote:The other thing is, multiple pieces of data may produce the same hash under the same algorithm, but they are more than likely to produce completely different hashes under a different algorithm, i.e.
hash1(a) == hash1(b)
but
hash2(a) != hash1(a)
hash2(a) != hash2(b)
So the answare is: no freaking way
++
-
staceyw
Before C# there was darkness...
littleguru wrote:That would mean that you could construct the original object from the hash... If that would be possible, you would have discovered a wonderful way to compress data It's not possible with the common hashes like MD5, CRC etc.
It is not only possible, it is done all the time to crack passwords. Large messages would be much harder. Just depends on the data and what you can infer to make your guesses as few as possible. -
Sven Groot
I'm Commander Shepard and this is my favourite store on the Citadel.
staceyw wrote:
littleguru wrote: That would mean that you could construct the original object from the hash... If that would be possible, you would have discovered a wonderful way to compress data It's not possible with the common hashes like MD5,
CRC etc.
It is not only possible, it is done all the time to crack passwords. Large messages would be much harder. Just depends on the data and what you can infer to make your guesses as few as possible.
No, what Littleguru is referring to is impossible. It is not possible to mathematically derive the original string from a hash.
Password cracking tools just try different possibilities until they find one that matches the hash (i.e. brute forcing). That's not the same thing. -
staceyw
Before C# there was darkness...
Sven Groot wrote:
staceyw wrote: littleguru wrote: That would mean that you could construct the original object from the hash... If that would be possible, you would have discovered a wonderful way to compress data It's not possible with the common hashes like MD5,
CRC etc.
It is not only possible, it is done all the time to crack passwords. Large messages would be much harder. Just depends on the data and what you can infer to make your guesses as few as possible.
No, what Littleguru is referring to is impossible. It is not possible to mathematically derive the original string from a hash.
Password cracking tools just try different possibilities until they find one that matches the hash (i.e. brute forcing). That's not the same thing.
Got ya. Read that wrong. Naturally reversing is not possible. There are an infinite number of collisions possible because the domain is infinite and the hash is bounded.
Thread Closed
This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.