0

Lets say for example I used a function such as:

int someHash(string someValue)
{
    return crc32(someValue) + 10 - 5 * 20;
}

How easy would it be to deduce how the hash was manipulated in order to reproduce the same hash value?

JSON
  • 1,819
  • 20
  • 27
  • If the original string is greater than four bytes, crc32 it cannot be reverse engineered - only brute forced - see https://stackoverflow.com/questions/1514040/reversing-crc32 – Daniel Aug 27 '17 at 07:27
  • 1
    I think the question is about if hash involves custom manipulation to the hash value. – ramailo sathi Aug 27 '17 at 07:28
  • @ramailosathi is correct. Assume that the original string/data is known but is not supposed to be changed. data is hashed and hash value is saved along with data. – JSON Aug 27 '17 at 07:35
  • 1
    In general is not possible. Suppose the change is to compute low32(sha256(0x76123bed ^ crc32(x))). How do you figure that out? Without some limitations on what changes were made it's not do-able. – President James K. Polk Aug 27 '17 at 13:56

1 Answers1

2

This depends on the transformation. In the case of your someHash function, this is very easy. Notice that the transformation you are applying is an easy linear function. Your transformation can be expressed as:

Where h' is the new hash and h is the original hash. If you have one hash and its altered hash, you can solve the equation for c. (c = h' - h = -90).

This example is one of many, why we often say that rolling your own crypto is often not a really good idea. The scheme actually needs two properties:

  1. The scheme has to generate output that looks random.
  2. The scheme cannot be easily guessed.

The attack mentioned above is one reason why 1. is important. In this case, the transformation has a very clear structure, which we can easily exploit.

2. is needed, because even if we did not have a scheme that had this structure, we can still enumerate over c. After having tried a really small amount of numbers, we still find the constant c = -90.

This does not mean that this is impossible. Quite the contrary: We use a block cipher to re-encrypt the hash. This works, because a block cipher produces an output that looks random and it takes a randomly generated ≥128 bit key, (which is large enough such that it cannot be guessed easily).

dusk
  • 1,799
  • 18
  • 25