2

This question is a little obscure, I'm trying to find out if its possible to "solve" for a value inputted into a hash in ruby, it looks like this:

I have: @hash = Digest::SHA512.hexdigest(value1 + value2 + value3)

Value2 & value3 are known, and the value of @hash is known. Value 1 is "unknown". In this situation is it possible to solve for value1 in ruby, or would this require a ton of computing power/time?

BTHarris
  • 300
  • 3
  • 19
  • The question can be simplified as: Given h = SHA512(i), can i be solved knowing h? If we let i = v1 + v2 + v3 and know i, v2, and v3 then v1 can be trivially solved. – user2246674 Jun 04 '13 at 16:30
  • Any idea how to do that, in ruby if possible? – BTHarris Jun 04 '13 at 16:35
  • No. It's not possible. This is *the point* of a cryptographic hash function. It is a *one way* process. Also note that there is an unbound number of values for i (if it is not otherwise constrained) for a given h (see the Pigeon Hole Principle). – user2246674 Jun 04 '13 at 16:37
  • http://stackoverflow.com/questions/4948322/fundamental-difference-between-hashing-and-encryption-algorithms/4948393#4948393 , http://stackoverflow.com/questions/2003776/is-md5-encryption-symmetric-or-asymmetric/2003818#2003818 , http://stackoverflow.com/questions/1501230/unhashing-a-hash-c-sharp/1501233#1501233 – user2246674 Jun 04 '13 at 16:38

2 Answers2

1

If v2 and v3 are integers. You could theoretically attempt to brute force it by just running through numbers and finding when the hashes match. Then subtract v2 and v3. If your set of possible numbers is all real numbers though, this would be extremely hard. And you'd be better off running it on multiple machines with greatly varying rotating subsections of real numbers. That's you're best bet. And that's assuming the values are integers.

JoshEmory
  • 644
  • 6
  • 20
1

Only way to do this is: brute-force

  1. Guess a possible value for value1
  2. Compute the hash
  3. Check if it matches the target hash. If not goto 1

This is only feasible if value1 is easy enough to guess. GPUs are faster at this than CPUs, so you'd probably use a bunch of ATI CPUs to attack this.

Not having a cheap way to compute an input matching a given output is an essential property of a secure hash function, which is called first pre-image resistance. For SHA-512 we know no way faster than brute-force to do this.

CodesInChaos
  • 106,488
  • 23
  • 218
  • 262