2

Are there ANY text strings that will generate the same SHA-512 Hash output? Please provide an example, and how you came to that conclusion.

I've tried thousands of variations, including ".." vs. "." and "..." vs "..,". I believe it IS possible, I just don't know HOW I can find those 2 magic text strings.

synicalsyntax
  • 29
  • 1
  • 2
  • 9
    Yes, but it's supposed to be hard to find an example. $;$ –  Aug 28 '15 at 04:55
  • You could do it, provided you checked all the possibilities. Count them, and you'll know. – Konrad Gajewski Aug 28 '15 at 05:07
  • Typically similar strings will produce vastly different SHA hashes but it would be very interesting if there was a case where two similar strings produced the same hash – parker.sikand Aug 28 '15 at 06:21
  • Comments and answers use the phrase "hard to find". More accurate might be "possible in theory, but no-one has yet done it despite many attempts". – Neil Slater Aug 28 '15 at 06:57
  • Already answered at http://crypto.stackexchange.com/q/12301/351 and http://crypto.stackexchange.com/q/8765/351; see also http://crypto.stackexchange.com/q/301/351 and http://crypto.stackexchange.com/q/8092/351. In the future please make more of an effort to search for related questions here before posting a new one. Thank you! – D.W. Aug 28 '15 at 07:21
  • @D.W. It must be said that those questions would be hard to link to each other if you're not a cryptographer. Then again, maybe we don't want this question for every hash algorithm... We could rework this question somewhat to mean every possible SHA-2 hash maybe. That would at least take care of the most common 4 (+ 2). – Maarten Bodewes Aug 28 '15 at 08:54
  • @Neil Slater: In cryptography, the term 'hard' means that there is no known practical way to compute a solution in a reasonable time (e.g., it would take billions of years). – Chris Aug 28 '15 at 09:46
  • @Chris: I didn't think OP would be familiar with that meaning, it is jargon. – Neil Slater Aug 28 '15 at 10:06

1 Answers1

11

This is trivially true via the pigeonhole principle. SHA-2/512 has $2^{512}$ possible outputs, but $2^{2^{128}} - 1$ possible inputs. Trying $2^{512}+1$ unique inputs is sufficient to produce at least one collision.

That said, SHA-2/512 is designed to be collision resistant, which implies that it should be hard to find two inputs that hash to the same value. Finding a way to quickly create such a collision would be considered a catastrophic break in the algorithm.

Today it is considered unfeasible to even find one SHA-512 collision - none have been found so far. There have been efforts to find a collision for SHA-1 though (notably the IAIK "SHA-1-Collison Search Graz Project"); it is thought that the SHA-1 algorithm is sufficiently broken to find one. These attacks don't translate to SHA-512 because of the increased complexity of the algorithm and the higher output size of the hash.

Stephen Touset
  • 11,002
  • 1
  • 38
  • 53
  • Added a paragraph about slowly finding a hash collision instead of "quickly* – Maarten Bodewes Aug 28 '15 at 08:55
  • See this article about why finding such a collision is really, really unlikely. To just count from 0 to 2^512 would take much more energy then the whole universe is likely to contain. – gnur Aug 28 '15 at 09:01
  • 2
    There isn't an infinite number of possible inputs. SHA-512 uses a 128 bit length field, which means it is undefined for inputs which are $2^{128}$ bits or longer. So the total number of possible inputs is $2^{2^{128}}-1$. – kasperd Aug 28 '15 at 09:22
  • Good point. I've edited the answer to reflect that. – Stephen Touset Aug 28 '15 at 17:09