1

Assuming that I am using this code to generate hashes:

static void Main(string[] args) {

    string id = Guid.Parse("8681941A-76C2-4120-BC34-F800B5AAB5A5".ToLower()).ToString();
    string date = DateTime.Today.ToString("yyyy-MM-dd");

    Console.WriteLine(id);
    Console.WriteLine(date);

    using (System.Security.Cryptography.SHA512Managed hashTool = 
        new System.Security.Cryptography.SHA512Managed()) {

        Byte[] PasswordAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(id, date));
        Byte[] EncryptedBytes = hashTool.ComputeHash(PasswordAsByte);
        hashTool.Clear();

        Console.WriteLine(Convert.ToBase64String(EncryptedBytes));

    }
    Console.ReadLine();
}

In a real world example, I'll generate hashes with a GUID and Date as you see on the sample. I will get those values from database.

Is it ever possible to have the same hash result with different values with this approach?

Edit:

As I indicated I will pull the values form database. As you can guess, the Guid is the id key which is unique (if I do not come across a miracle and sql server generates the same Guid for me for multiple times). And the datetime value will be the payment due date for the record. I demonstrated here with DateTime.Today but I won't definitely use this on prod.

tugberk
  • 57,477
  • 67
  • 243
  • 335
  • 4
    Every hash algorithm can give collision sooner or later, but in most cases "later" is so long so you should never care of it. – zerkms Feb 20 '12 at 20:54
  • @zerkms thanks! Assuming this is an e-commerce app, should I carry on not caring? – tugberk Feb 20 '12 at 20:56
  • 1
    **Voting to reopen.** This question has several properties that make it interesting and different from other "can hash functions collide?" questions, since we're talking about the _inputs_ to the hash here as well. – John Feminella Feb 20 '12 at 21:03
  • @L.B I don't understand what u are getting at. It produces the same result as expected. – tugberk Feb 20 '12 at 21:04
  • @JohnFeminella - so you think that as a variation of [Are GUID collisions possible?](http://stackoverflow.com/q/184869/60761) it is more interesting? – H H Feb 20 '12 at 22:35
  • @HenkHolterman I think it's a distinct question entirely. OP is asking about whether _a specific strategy_ for generating the inputs to the hash function is likely to collide, not whether it's possible at all. – John Feminella Feb 20 '12 at 22:37
  • If you can salt the password hash, then collisions will be even more rare. – Davin Tryon Feb 20 '12 at 22:49

3 Answers3

1

You will definitely get a hash collision for a given GUID that was pulled more than once on the same day. For example, if you generate a hash for a particular GUID g, then pulling g at 2012-02-20 at 12:00 yields the same hash as if you pulled it at 18:00, since you only take into account the date, and not the time.

For unrelated GUIDs, it is still possible to have a hash collision. The space of possible hashes is 64 bits, which is less than infinity, which means that there are bound to be repeats by virtue of the pigeonhole principle. However, it's exceedingly unlikely -- in fact, it's so unlikely that you should treat it as zero.

John Feminella
  • 303,634
  • 46
  • 339
  • 357
  • Thanks! As I indicated I will pull the values form database. As you can guess, the Guid is the id key which is unique (if I do not come across a miracle and sql server generates the same Guid for me for multiple times). And the datetime value will be the payment due date for the record. I demonstrated here with `DateTime.Today` but I won't definitely use this on prod. – tugberk Feb 21 '12 at 08:08
0

I don't understand all those discussions? even if you have 10 million entries in your db the chance of a collision is like

0.000000000003% (looked that up for sha256, so the chances for sha512 are even less)

even if you have 100 million entries you shouldn't worry about it, and if you really want to be sure, put something in between the text and then hash it.

$newtext= wordwrap("mytexttexttext", 8, "myspliter", true);
Botz3000
  • 39,020
  • 8
  • 103
  • 127
Marcel Ilner
  • 1
0

As in any hash function, it might happen very very very rarely.

A good hash function produces a different result from two neighbour inputs. SHA512 is considered a good hash algorithm, so it should not be a problem in your case.

P L
  • 1
  • 1