Secure usage of SHA512
-
09-12-2019 - |
Frage
I have a question about the security of the following usage of SHA512:
If I have two strings, x and y. Is it possible to derive SHA( x ) and SHA( y ) from SHA( x+y ) or reversed? x+y is string x concatenated with y.
Thanks in advance!
Lösung
SHA512 is pre-image, second-primage and prefix-preimage resistant.
Consequently:
- Finding any X given a SHA512(X) is hard.
- Finding any X given a SHA512(X+Y) and Y is hard
- Finding any X given a SHA512(Y+X) and Y is hard.
Given SHA512(X) and SHA512(Y) it is also hard to compute SHA512(X+Y) because SHA512 is not a linear function.
Generally speaking SHA512 is resistant to all known attacks other than a brute-force of X is X comes from a small set -- so for example if the SHA512(X) is the SHA512 of a password and the password is weak, it may be possible to find X by brute force, but this is due to the fact that your choice of X is broken, not that SHA512 is broken.
In general, if X is difficult to guess, SHA512(X) does not reveal any features of X.
Andere Tipps
The short answer is "no". That would make a hash function (like SHA512) useless for keyed hashing schemes like HMAC.