1

I am looking for an example of a simple hashing algorithm that can be shown to be vulnerable to multiple preimage attacks for a specified input length.

For example, if I know that the input data is exactly 160 bytes and generates a 16 byte hash, then there exists some method of finding other inputs that are 160 bytes in length and generate an identical 16 byte hash without resorting to pure brute forcing.

Please note that I do not mean using something like MD5 or SHA1. I understand that these are designed to make this impractical. This algorithm would be a textbook example of the flawed design of a hashing algorithm and how that flaw can be practically exploited. I have tried Google, but much of what turns up is theoretical research on known, secure algorithms.

Improve this question

2 Answers 2

Reset to default
2

A simple example is the TEA-based hash function that was used in the XBOX. This hash function was susceptible to a simple second preimage attack. The flaw was that it used the cipher TEA in a Davis-Meyer construction. The attack exploits that TEA has equivalent keys. Hash collisions can be found by simple bit flipping.

A book that describes this attack is "Hacking the XBOX" by Andrew "bunnie" Huang.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

What you're asking for is a weak hashing algorithm. Strong hashing algorithms are hard. Weak ones are easy.

Here's one off the top of my head in pseudocode:

hash[0..15] = all 0
for i in range(0..159):
    hash[i % 16] ^= data[i]

Here, each hash byte is the xor of ten data bytes. Very easy to solve, yes? I'm sure you can think of equally easy ones.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.