Re: Why unhashing is not possible?

Unruh wrote:


???? A cryptographic hash tries very hard to look like a random selection
of the 2^N possible outputs(for a N bit hash). That preserves no
information.


Why don't you simply use a purely random function? This would really preserve no information, and would be absolutely useless.

Information is what distinguishes the input from other inputs,
and a cryptographic has tries its best not to distinguish the outputs from
any other outputs.


Which is nonsense as well, since the same input leads to the same output - so obviously is does distinguish outputs.

It, it tries its best to destroy all information in the input.


Then the function f(X) = "0" would be much better.

The reason for the "each bit influences the output" is precisely to
make this as true as possible.


Wrong again. The purpose is to make every little bit of information in the input influence the output, thus preserving it as much as possible (and the limit being the output size and the randomness demand).

If one of the bits did not influence the output, then you would not

> have an independent random choice.

That is, this bit of information is not discarded.

Of course the output is actually a deterministic function of the input, but
one wants that deterministic function to act as much like a random
selection as possible-- ie to preserve the "no information transfer" as
possible.


Nonsense. Now get yourself familiar with the term "conditional entropy".

It's part of the algorithm if you use it solely as a hash.

Who was using it as a hash?


I throught we were talking about hashes.

Using a keyed encryption as a cryptographic hash is silly
both because it preserves the length of the input, and because it is easily
invertible.


Until you stop behaving stupid and think a little bit how one can use a symmetric cipher to produce a hash function which is invertible for all inputs shorter than output (including the padding).
.