[cryptography] Number of hash function preimages

natanael.l at gmail.com natanael.l at gmail.com
Fri Mar 9 11:58:58 EST 2012

On #2: There MUST be collisions with fixed-length hashes. But with 2^256 possible results and sufficiently strong algorithms, it will not matter IRL. We won't find any collisions ever. But of course, the algorithms MIGHT be weak. MD5 was thought to be strong when it was new.

2012-03-09 12:25 skrev Florian Weingarten:

Hello list,

first, excuse me if my questions are obvious (or irrelevant).

I am interested in the following questions. Let h be a cryptographic
hash function (let's say SHA1, SHA256, MD5, ...).

1) Is h known to be surjective (or known to not be surjective)? (i.e.,
is the set h^{-1}(x) non-empty for every x in the codomain of h?)

2) Is it known if every (valid) digest has always more than one
preimage? To state it otherwise: Does a collision exist for every
message? (i.e., is the set h^{-1}(x) larger than 1 for every x in the
image of h?).

3) Are there any cryptographic protocols or other applications where the
answers to 1) or 2) are actually relevant?

Thanks in advance!



cryptography mailing list

cryptography at randombit.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120309/f0487893/attachment.html>

More information about the cryptography mailing list