search

osirislab / ctf101

CTF101, a wiki-project documenting Capture The Flag techniques.
https://ctf101.org/
MIT License
152 stars 28 forks source link

Hashing Functions - Misleading Explanation #48

Open ruben-vl opened 2 weeks ago

ruben-vl commented 2 weeks ago

In the hashing functions introduction, it is stated

Hashing functions are one way functions which theoretically provide a unique output for every input. MD5, SHA-1, and other hashes which were considered secure are now found to have collisions or two different pieces of data which produce the same supposed unique output.

This statement is not true. They don't theoretically provide a unique output for every input. Simple proof of this is that the space it maps the input to - the output space - is smaller than the input space itself (the hashed output is almost always shorter/smaller in size than the input), so there cannot be a mapping without collisions. This is however not a problem, as long as it is not computationally feasible to find those collisions (one of the desired properties of a good hashing algorithm).

Hashing algorithms that were "broken due to collisions", were just algorithms where someone figured out how to reliably find collisions, enabling certain attacks.

The first paragraph on wikipedia explains this in other words: https://en.wikipedia.org/wiki/Collision_resistance

ruben-vl commented 2 weeks ago

Link to the specific page: https://ctf101.org/cryptography/what-are-hashing-functions/

ColdHeat commented 2 weeks ago

I got an email for this so I looked into it for a few minutes. I think the sentence suffices for it's intended purpose but you can PR better language.

https://en.wikipedia.org/wiki/Perfect_hash_function