Is it possible to have SHA-512 collisions using this hash creation strategy?
https://stackoverflow.com/questions/9368252
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
Assuming that I am using this code to generate hashes:
static void Main(string[] args) {
string id = Guid.Parse("8681941A-76C2-4120-BC34-F800B5AAB5A5".ToLower()).ToString();
string date = DateTime.Today.ToString("yyyy-MM-dd");
Console.WriteLine(id);
Console.WriteLine(date);
using (System.Security.Cryptography.SHA512Managed hashTool =
new System.Security.Cryptography.SHA512Managed()) {
Byte[] PasswordAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(id, date));
Byte[] EncryptedBytes = hashTool.ComputeHash(PasswordAsByte);
hashTool.Clear();
Console.WriteLine(Convert.ToBase64String(EncryptedBytes));
}
Console.ReadLine();
}
In a real world example, I'll generate hashes with a GUID and Date as you see on the sample. I will get those values from database.
Is it ever possible to have the same hash result with different values with this approach?
Edit:
As I indicated I will pull the values form database. As you can guess, the Guid is the id key which is unique (if I do not come across a miracle and sql server generates the same Guid for me for multiple times). And the datetime value will be the payment due date for the record. I demonstrated here with DateTime.Today but I won't definitely use this on prod.
Lösung
You will definitely get a hash collision for a given GUID that was pulled more than once on the same day. For example, if you generate a hash for a particular GUID g, then pulling g at 2012-02-20 at 12:00 yields the same hash as if you pulled it at 18:00, since you only take into account the date, and not the time.
For unrelated GUIDs, it is still possible to have a hash collision. The space of possible hashes is 64 bits, which is less than infinity, which means that there are bound to be repeats by virtue of the pigeonhole principle. However, it's exceedingly unlikely -- in fact, it's so unlikely that you should treat it as zero.
Andere Tipps
As in any hash function, it might happen very very very rarely.
A good hash function produces a different result from two neighbour inputs. SHA512 is considered a good hash algorithm, so it should not be a problem in your case.
I don't understand all those discussions? even if you have 10 million entries in your db the chance of a collision is like
0.000000000003% (looked that up for sha256, so the chances for sha512 are even less)
even if you have 100 million entries you shouldn't worry about it, and if you really want to be sure, put something in between the text and then hash it.
$newtext= wordwrap("mytexttexttext", 8, "myspliter", true);
