On #2: There MUST be collisions with fixed-length hashes. But with 2^256
possible results and sufficiently strong algorithms, it will not matter IRL. We
won't find any collisions ever. But of course, the algorithms MIGHT be weak.
MD5 was thought to be strong when it was new.
2012-03-09 12:25 skrev Florian Weingarten:
Hello list,
first, excuse me if my questions are obvious (or irrelevant).
I am interested in the following questions. Let h be a cryptographic
hash function (let's say SHA1, SHA256, MD5, ...).
1) Is h known to be surjective (or known to not be surjective)? (i.e.,
is the set h^{-1}(x) non-empty for every x in the codomain of h?)
2) Is it known if every (valid) digest has always more than one
preimage? To state it otherwise: Does a collision exist for every
message? (i.e., is the set h^{-1}(x) larger than 1 for every x in the
image of h?).
3) Are there any cryptographic protocols or other applications where the
answers to 1) or 2) are actually relevant?
Thanks in advance!
Florian
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
