What is a good cryptographic challenge to use?

[michielbdejong]

So far, I've used signing a cleartext with a key type that is supported by WebCrypto.

Finding the cleartext which has a certain hash given a certain strong secure hashing algorithm would probably be another option.

What is a challenge that is:

• easy to generate (in various programming environments)
• easy to describe in a few JSON fields
• easy to verify (in various programming environments)
• hard to solve without the secret from which it was created
• easy to solve with the secret from which it was created (in various programming environments)

[michielbdejong]

SHA-256 seems to be a good one-way hash function which satisfies all these conditions. I'm not sure whether it would be better to, for instance, to apply SHA-256 1000 times instead of just once. Since the string that's being hashed is random, we probably don't have to think about things like padding and salt.

[michielbdejong]

it's important though, I think, to state that both the random string and the hash value are represented in base64, but the hash function is applied to the raw bytes (not to the base64 representation).