Re: Call for review: Hashing by hand algorithm

On Apr 26, 9:09 am, bmearns <mearn...@xxxxxxxxx> wrote:
I actually opened my request for review to a slightly broader audience
over the weekend, and so the algorithm is described on the following
webpage:http://brianpmearns.com/bpm/shufflehash

It seems like it should be somewhat vulnerable to pre-image attack for
very short message lengths. For example, it is trivially reversible
for messages of just one letter (e.g. if you 'hashed' a single letter
then the card for the letter right after it (e.g. 'B' if you hashed
'A') would be at the bottom of the deck -- I am assuming the output of
the hash is simply the full deck after all shuffles are completed).
And with 52 cards, even after two or three letters have been added to
the hash, most cards remain in their starting order relative to each
other. It seems like it should be easy (easier than a brute force pre-
image attack) to restrict the guesses the cards that are no longer in
their original order relative to the other cards (which would be a
significant subset of the full deck for very short messages). For
example, I used your code to hash a 3 letter message with a deck of 26
cards. The output is this:
[18, 19, 20, 21, 22, 23, 24, 25, 4, 0, 1, 2, 3, 5, 8, 6, 7, 9, 16, 10,
11, 12, 13, 14, 15, 17]
Note that the letters from 18 to 25 are in relative order, so a good
guess is that the hash did not include any number in that range.
Similarly, 0 to 3 is in order, as is 10 to 15. In fact, a superficial
glance reveals that the numbers most radically out of the starting
order are 4, 8 and 16 (which, not incidentally, was the message). A
pre-image attack restricted to those three letters would very quickly
find the message (much faster than a standard brute force pre-image
attack on 3 letter messages).

This sort of guess-work becomes much more problematic after several
more letters are added to the hash -- but a good cryptographic hash
shouldn't be easily reversible no matter how long the message is.

.

Relevant Pages

  • Re: Call for review: Hashing by hand algorithm
    ... the hash is simply the full deck after all shuffles are completed). ... And with 52 cards, even after two or three letters have been added to ... pre-image attack restricted to those three letters would very quickly ...
    (sci.crypt)
  • Re: Call for review: Hashing by hand algorithm
    ... can get using a hand hash, ... the algorithm in general, but not the specific use of the algorithm I ... that bits of the factoradic system are not ... By a single swap in a sequence of 6 cards, ...
    (sci.crypt)
  • Re: Judge questions - a competent help needed!
    ... Hash: SHA1 ... playing some time ago, IIRC. ... I haven't bought any cards since Most Wanted, and I guess I won't in ...
    (rec.games.trading-cards.jyhad)
  • hash collisions ???
    ... hash pre-image attack. ... The process of finding two arbitrary values whose hashes collide is ... called a collision attack; the process of finding one arbitrary value ... how is this different from a pre-image attack because ...
    (sci.crypt)
  • Re: [SLE] early vi -- ed -- edlin
    ... Hash: SHA1 ... > 1983, the XT would have been available, IIRC. ... cards, adaptors, clones, and software. ...
    (SuSE)