And, no, the probablity of a cryptographic hash collision is not a function of source string length. Part of the definition of a cryptological hash or encryption algorithm is that a one bit change in the source string results in, on average, in changes to 50% of the output bits.
A short password is vulnerable to brute force or dictionary attacks but not hash collisions. Jim Starkey > On Dec 8, 2014, at 9:08 AM, Jim Starkey <[email protected]> wrote: > > If sha-1 were a perfect cyptological hash, the probability of a hash > collision for a given password would be 1 in 2^160, which, incidentally, is a > huge, honking, big number. It isn't however, so the probability is a lttle > less. Still, using all of the computing resources on earth the many, many > millenia would take a lot of luck. > > There are theoretical attacks on sha-1 that might enable generations of > source string pairs with a probability of much less than 2^160, but this has > nothing to do with sha-1 as a password hash. > > > > Jim Starkey > > >> On Dec 8, 2014, at 7:02 AM, Mark Rotteveel <[email protected]> wrote: >> >> On Mon, 08 Dec 2014 13:44:36 +0300, Alex Peshkoff <[email protected]> >> wrote: >>> Yes. For password >20 bytes sooner of all exists shorter one with same >>> hash value. >> >> But that is technically irrelevant. Although identical hashes are certain >> due to pigeon holing, that doesn't mean shorter passwords (or passwords >> near the hash length) are better than longer passwords. And even then, >> making the assumption that most passwords only use characters between 0x20 >> and 0x7E (95 characters out of potentially 256 in a byte) then a very rough >> estimate is that identical hashes might only happen after 50 characters >> (based on 256/95 * 20 = 53.9; a calculation that a cryptologist would >> probably kill me for because it is either totally wrong or too >> conservative). >> >> Mark >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & more >> Get technology previously reserved for billion-dollar corporations, FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk >> Firebird-Devel mailing list, web interface at >> https://lists.sourceforge.net/lists/listinfo/firebird-devel ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
