Highest Voted 'hash' Questions - IT Security Stack Exchange

81

votes

5 answers

How does hashing work?

I have been interested in Information Security. I was recently introduced to the idea of hashing. What I currently understand about hashing is that it takes the password a user enters. Then it randomly generates a "hash" using a bunch of variables…

hash

asked Apr 06 '13 at 21:14

Griffin Nowak

1,190
1
12
19

49

votes

8 answers

Can you find out how big the changes are by comparing two hashes?

I realize that a hash function is a one way function, and that changes in the hash are suppose to tell us that the original data has changed (that the entire hash changes on even the slightest changes to data). But is there a way to find out to what…

hash

asked Feb 19 '20 at 10:45

Maria Ahmed

623
1
5
5

39

votes

2 answers

How bad is it to truncate a hash?

I'm wondering how bad it is to truncate a SHA1 and only compare, say, the first 10/12 bytes, etc. I'm working with a fixed length of 8 bytes that I need to hash for uniqueness but store with the smallest footprint possible (8 other bytes would be…

hash

asked Nov 10 '14 at 18:02

Agnar

493
1
4
6

28

votes

5 answers

Doesn't hashing passwords server side mean a compromised website could leave passwords vulnerable?

So the traffic is encrypted to a website so the password is safe during transmission and also if the website is hacked then the database only contains hashes. But couldn't the hacker create a server side script to store the usernames and passwords…

hash

asked Aug 12 '15 at 19:37

James

281
3
3

28

votes

3 answers

Is using the concatenation of multiple hash algorithms more secure?

Is it more secure in practice to use the output of multiple hash algorithms instead of a single one (assuming that the output size is the same)? By secure, in this context, I mean protecting against both collisions and function reversibility. One…

hash

asked Mar 16 '15 at 12:23

watchowl

5,458
2
23
23

25

votes

13 answers

How are hashing algorithms useful if the implementation is public?

I may be misunderstanding, but if I want to use a hashing algorithm such as argon2, what's stopping from someone seeing how it works and reversing what it does?

hash

asked Mar 06 '20 at 00:46

Jan Trindal

401
4
4

22

votes

5 answers

Which hash-length is more secure?

If a hash algorithm has an option for selecting the output-hash-length (e.g., 128 vs. 512 bits), and all other aspects of the hash function are the same, which hash-length is probably more secure/useful, and why?

hash

asked Apr 17 '17 at 17:08

rpach17

345
2
3

21

votes

6 answers

Can any password hash ever be secure?

My understanding is the the main reason MD5 is insecure, is that it can be calculated too quickly, allowing too many attempts to be tried. People recommend instead using a hash that has been designed to be deliberately slow, to provide better…

hash

asked Dec 09 '15 at 15:12

Benubird

326
2
6

20

votes

2 answers

Secure way to shorten a hash

If I want to save a hash of a certain number of bits, but my hashing algorithm gives me more bits than I need, then what is the safest way to shorten it? Should I: Just remove the first or last few bits XOR the first or last few bits with the part…

hash

asked Aug 20 '15 at 17:59

user28763

19

votes

2 answers

Methods for slowing down a hashing algorithm

I understand why a hashing algorithm should be slow but is the method that makes it slow important to the strength of the hash? Everything I've read says that the algorithm should be computationally slow - hash the thing over thousands of…

hash

asked Aug 08 '14 at 15:14

Matthew

293
2
6

19

votes

8 answers

Won't all hashes collide after enough iterations with a static salt?

We all know that we're supposed to take a fairly slow hashing algorithm, salt the password, and run the hash for many iterations. Let's say that I'm following almost everything except for one rule, and I have a static salt. Something like…

hash

asked Jun 23 '14 at 23:53

user24386

19

votes

5 answers

What is the name of this concept involving hashes?

I'm looking for the name of a concept that works as follows: I post a hash of a file publically e.g. on Twitter Whenever needed, I provide the file with the contents that make up the given hash The purpose is maybe to proof ownership or otherwise…

hash

asked Aug 18 '22 at 12:46

Thomas Weller

3,392
3
24
40

18

votes

1 answer

What fuzzy hashing algorithms exist?

I have been trying to find information on fuzzy hashes, and I have found surprisingly little. I know that fuzzy hashes can be used to detect if a piece of malware has changed slightly. I would rather not develop my own algorithm since that seems…

hash

asked Mar 18 '16 at 17:24

Jeff

666
1
6
12

15

votes

2 answers

Trustworthiness of kernel.org post attack

What are the security implications of the compromise of kernel.org on the trustworthiness of the code base hosted on the site’s Git repository? The announcement today explained the mitigations provided by 160 bit hashes, site mirroring, and the…

hash

asked Sep 01 '11 at 20:49

zedman9991

3,387
16
22

13

votes

4 answers

Is it common practice to take multiple hashes of the same object?

I was recently participating in a CTF with a challenge that required contestants to find two .pdf files with the same md5 hash, and that got me thinking about how that could be a potential vulnerability in some systems (though not necessarily a…

hash

asked Sep 21 '23 at 01:12

Blue Herring

246
2
7

Questions tagged [hash]