<div style="font-family: Arial, sans-serif; font-size: 14px;"><br></div>
<div style="font-family: Arial, sans-serif; font-size: 14px;"><br></div><div class="protonmail_quote">
Op vrijdag 10 november 2023 om 01:49 schreef Ray Dillinger <bear@sonic.net>:<br><br>
<blockquote class="protonmail_quote" type="cite">
<p><br>
</p>
<div class="moz-cite-prefix">On 11/8/23 03:25, McDair wrote:<br>
</div>
<blockquote type="cite">
<br style="font-family:sans-serif;font-size:12.8px">
<div style="font-family: Arial, sans-serif; font-size: 14px;"><span style="font-family:sans-serif;font-size:12.8px;display:inline !important">As
stated, there is no guessing involved here, meaning a fixed
number of iterations that will lead to the/a valid input
message.</span><br style="font-family:sans-serif;font-size:12.8px">
<br style="font-family:sans-serif;font-size:12.8px">
</div>
</blockquote>
<p>This wouldn't be true if your code is generating a preimage
(reconstructing the input). In what sense, specifically, are you
using the word 'decrypt'? Because in precise usage it does not
have a defined meaning with respect to a hash function, so it's
not clear what you're claiming. <br>
</p>
<p>Are you assuming that the input which you're trying to
reconstruct is also a single block, or at any rate shorter than
the hash? That's what's required for there to be a unique
solution which is what you're claiming when you say 'no guessing'
- but in that case it wouldn't be a hash function at all. <br>
</p>
<blockquote type="cite">
<div style="font-family: Arial, sans-serif; font-size: 14px;"><span style="font-family:sans-serif;font-size:12.8px;display:inline !important">Because
the SHA-256 output hash still fits in a single input block,
the same 'decryption'/reversion method (limited to 8 rounds
here) can also be used for SHA-256D (by also applying it
twice). Or a multitude of hashes of hashes for that matter.</span><br style="font-family:sans-serif;font-size:12.8px">
<br style="font-family:sans-serif;font-size:12.8px">
</div>
</blockquote>
<p>Again the notion of applying a hash to a single block message.
That doesn't make any sense. <br>
</p>
<p>For that matter I don't think your VB code works for SHA-256 at
all if implementation of the hash rounds are the same as the
published algorithm. It looks like you are generating a hash of a
single-block input rather than generating a preimage (of any
length) given a single-block output. <br>
</p>
<p>Bear</p>
<p><br>
</p>
</blockquote><div style="font-family:sans-serif;font-size:12.8px"><div style="overflow-wrap:break-word;display:block;margin:16px 0px;user-select:auto"><div><div dir="ltr"><i>><br>> As stated, there is no guessing involved here, meaning a fixed number<br>> of iterations that will lead to the/a valid input message.<br>><br>This wouldn't be true if your code is generating a preimage<br>(reconstructing the input). In what sense, specifically, are you using<br>the word 'decrypt'? Because in precise usage it does not have a defined<br>meaning with respect to a hash function, so it's not clear what you're<br>claiming.</i><br><br>By decrypting, I mean finding a preimage.<br><br>In code, I found 'Encrypt' and 'Decrypt' clearer counterparts than 'Hash' and 'FindPreImage' or something like that. Especially for subroutines.<br>Also 'Encryption' is a general term wrt cryptography/cryptology.<br>Additionally, when the message is supposed to stay hidden (password hashes for instance), the message is arguably the key, or the key is the message. In that case 'decryption' also makes sense imo.<br><br><br><i>Are you assuming that the input which you're trying to reconstruct is<br>also a single block, or at any rate shorter than the hash? That's<br>what's required for there to be a unique solution which is what you're<br>claiming when you say 'no guessing' - but in that case it wouldn't be a<br>hash function at all.</i><br><br>The 'reconstruction' method finds the exact original input message in case of maximum 8 rounds.<br>8 rounds of SHA-256 covers eight 32-bit integers, or 256 bits. Which matches the output (hash) size.<br><br>As you can see later on, when expanded to the full 64 rounds, the method finds 'a' valid input message (so not necessarily the original message). Valid at least from the perspective of the main compression function.<br><br>By no guessing I mean not iteratively going through a range of possible (integer) values and see whether they fit or not.<br>Finding a preimage (again, not taking into account additional validation), even for 64 rounds happens therefore in negligible time.<br><br><br><i>> Because the SHA-256 output hash still fits in a single input block,<br>> the same 'decryption'/reversion method (limited to 8 rounds here) can<br>> also be used for SHA-256D (by also applying it twice). Or a multitude<br>> of hashes of hashes for that matter.<br>><br>Again the notion of applying a hash to a single block message. That<br>doesn't make any sense.<br><br>For that matter I don't think your VB code works for SHA-256 at all if<br>implementation of the hash rounds are the same as the published<br>algorithm. It looks like you are generating a hash of a single-block<br>input rather than generating a preimage (of any length) given a</i><br><i>single-block output.</i><br><br>Ah yes, appearances.<br>Maybe you are confused about the 'Encrypt' usage in the 'Decrypt' function?</div></div></div><div style="display:block;height:0px"></div></div><br><br>
</div>