Comment by Cpoll
3 days ago
> I'd argue that the mathematical operations themselves are usually not that complicated. More importantly, the whole book seems to be about ways to derive the (probable) input of a hash function from the output. It is not literally impossible.
I think you're not being pedantic enough here. "Probable" is doing some heavy lifting. And the phrasing is "derive the input," which I think is fair to say. The best you can do with a proper hash is discover one or more possible inputs, but you're not deriving them from the output; the output is just used to check the result. The many-to-one nature of a hash precludes determining the exact input.
Fair point. I was initially thinking about rainbow tables. Taking a hash and looking up associated passwords in a table feels like deriving to me - but I'm not a native speaker so I might have a wrong feeling here.
(It is obvious that one cannot directly derive the exact input - but one can derive potential inputs and then use other means to find the exact one.)
To me, "deriving from x" means performing a mathematical function operating on input x. By my own definition, I suppose a rainbow table lookup is a derivation, but I wouldn't consider actually computing the table to be one. Hash-cracking is more like guess-and-check than mathematical decoding; the hash to be cracked is just a verifier and not an input, which is why I make the (admittedly pedantic) distinction.