Hacker News new | ask | show | jobs
by jacquesm 1587 days ago
> The thing is you don't know the length of the password. It could be more than the number of hydrogen atoms in the universe, or 12.

I'll take 12 then.
1 comments
bushbaba 1587 days ago
Well we know it has to fit in a string data type. And there’s only soooo much ram available to a JavaScript variable.
link
AdamJacobMuller 1587 days ago
Not necessarily. The hash could have been generated with something other than javascript.

In fact because functions like sha256 are iterative it's possible to hash a password which is longer than the RAM in a system. Technically possible to hash a password which is longer than storage in a system too, if you don't care about storing the password.

link
kzrdude 1587 days ago
so the puzzle author could "cheat" and just present a 256-bit number and not know the preimage at all, which would be a fun shortcut.
link
mulmen 1587 days ago
Huh, I realize I don’t know the answer to this seemingly simple question. Are all 256 bit vectors valid sha-256 hashes?
link
talkin 1586 days ago
Yes.

In a secure hash function, all output bits are without bias. So all combinations exist.

link
kzrdude 1586 days ago
Sounds like the ideal. Can we prove that sha256 has this property?
link