I am retrieving lists of crc32 hashes that contain names of files, not there contents.
I need to be able to decrypt the strings which are hashed names like "vacationplans_2010.txt"
which are less then 25 characters long.
is this possible?
downvoters, please give your arguments before clicking.
Andrey
2010-04-08 13:55:26
Didn't downvote you, but notice: CRC is not a one-way hash function, it is just an insecure hash function.
M.A. Hanin
2010-04-08 17:13:12
It is still one way.
Lasse V. Karlsen
2010-04-08 17:26:14
No, it isn't... Google shall reveal this fact quite fast. For example, see criterions for cryptographic hash functions at Wiki: http://en.wikipedia.org/wiki/Cryptographic_hash_function
M.A. Hanin
2010-04-08 17:37:11
Don't confuse Cryptographic hash function and hash function. "A hash function is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum, usually a single integer that may serve as an index to an array." - http://en.wikipedia.org/wiki/Hash_function thats exactly what crc does
Andrey
2010-04-08 18:22:15
I figured that, thanks much. and brute forcing is not an option.
tcables
2010-04-12 13:21:19
@tcables don't forget to mark as accepted ;)
Andrey
2010-04-12 13:29:10
If I have the hash's Salt is it decryptable?
tcables
2010-05-17 16:32:40
no. salt becomes part of the message that crc is calculated for.consider function crc(x) = y. There is no inverse function. Now let's add salt: crc(x + salt) = y. Ok, you know y and salt. Is it better? No, because you still can find inverse of crc.
Andrey
2010-05-17 16:47:38
+2
A:
A hash function like CRC32 calculates a simple value given (variable) input. The calculation is not reversible - i.e. you cannot reliably get the original value given only the hash.
lingvomir
2010-04-08 13:51:11
+1
A:
Despite what other users answered, CRC32 is not a cryptographic hash function; it is meant for integrity checks (data checksums). Cryptographic hash functions are often described as "one-way hash functions", CRC32 lacks the "one-way" part.
That being said, you should consider the following: since the set of all possible 25-characters-or-less filenames is more than 2^32, some file names are bound to have the same hash value. Therefore, it might be that for some of the CRC32 values you get - there will be several possible sources (file-names). You will need a way to determine the "real" source (i assume that human-decision would be the best choice, since our brain is a great pattern-recognition device, but it really depends on your scenario).
Several methods can be used to partially achieve what you are asking for. Brute-force is one of them (although, with 25 characters long file names, brute-force may take a while). A modified dictionary attack is another option. Other options are based on analysis of the CRC32 algorithm, and will require that you dive into the implementation details of the algorithm (otherwise you'll have a hard time understanding what you're implementing). For example, see this article, or this artice.
EDIT: definitions by Bruce Schneier (author of Applied Cryptography, among other things):
One-way functions are relatively easy to compute, but significantly harder to reverse. … . In this context, "hard" is defined as something like: It would take millions of years to compute x from f(x), even if all the computers in the worlds were assigned to the problem.
A hash function is a function, mathematical or otherwise, that takes a variable length input string and (called a pre-image) and converts it to a fixed length (generally smaller) output string (called a hash value).
The security of a one-way hash function is its one-wayness.
M.A. Hanin
2010-04-08 17:11:52
With this description, all hash algorithms are "lacking the one-way part", as you can always run brute-force on data to find which one(s) are producing the desired outcome. I would very much like you to describe why CRC32 lacks the "one-way" part, and, say, SHA384, doesn't.
Lasse V. Karlsen
2010-04-08 17:28:35
I didn't define the "one-way" part. If you consider brute-force, then everything is insecure except for One Time Pads and derived algorithms (like some secret-sharing schemes).The "one-way" part depends on the algorithm being "hard to reverse", meaning that given an image it is hard to learn anything about the source. Being "one-way" is not a well-defined criterion; it depends on current research and study of the algorithm. It can change, based on new knowledge spreading through the research community.CRC was never built to be "one-way", the designers didn't try to make it that way.
M.A. Hanin
2010-04-08 17:35:22
http://en.wikipedia.org/wiki/Hash_functionhttp://en.wikipedia.org/wiki/Cryptographic_hash_functionsee the difference?
Andrey
2010-04-08 18:22:59