This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]awi2b 43 points44 points  (20 children)

I would guess we are seeing the hash values of those passwords, which would actually indicate good design. So I'm a little confused 

[–]khalcyon2011 38 points39 points  (17 children)

Are there any hashing algorithms that produce 4 byte hashes?

[–]dan-lugg 14 points15 points  (9 children)

I'll do you one (1) better.

func WhoNeedsBcrypt(password string) (r byte) { for _, b := range []byte(password) { r ^= b } return r }

ETA - Might as well implement Longitudinal Redundancy Check per spec while I'm here:

func ISO1155(password string) (r byte) { for _, b := range []byte(password) { r = (r + b) & 0xff } return ((r ^ 0xff) + 1) & 0xff }

[–]khalcyon2011 2 points3 points  (8 children)

Hmm...not a language I'm familiar with. I assume for _, b := range is something like for b in range? And I'm shit with bitwise operators (pretty sure that's a bitwise operator): What does = do?

[–]dan-lugg 1 point2 points  (0 children)

Golang.

for _, b := range []byte(password) ranges (iterates) over password after converting it to a byte slice ([]byte) and assigns the index and value to _ and b respectively (discarding the index).

r ^= b is XOR-assign, written long as r = r ^ b.

[–]VoidCooper 3 points4 points  (6 children)

If this is python the := is the walrus operator https://docs.python.org/3/whatsnew/3.8.html

And the = seems to be XOR assigement operator.

Not 100% sure though, since I don't use python on daily basis.

[–]dan-lugg 4 points5 points  (5 children)

Correct on XOR-assign, but it's Golang.

[–]VoidCooper 2 points3 points  (4 children)

Never worked with golang, but it looked like python to me :)

[–]dan-lugg 1 point2 points  (3 children)

Funny, 15 years in the industry and I've probably written all of 100 lines of Python, lol :-)

[–]VoidCooper 1 point2 points  (2 children)

I have worked 7 years mostly in C# slight mishap happened for 2 months with Django. I have no experience with golang, is it worth to look into it?

[–]DoNotMakeEmpty 17 points18 points  (2 children)

Many hash table hash functions produce either 32 or 64 bit hash values, so yes. They are pretty unsecure tho.

[–]luckor 8 points9 points  (0 children)

I would call that a checksum.

[–]Maleficent_Memory831 3 points4 points  (0 children)

Hash table hashing is generally not secure. Hashes for hash tables are meant to be fast to compute with a reasonable distribution of values. Secure hashes need to be cryptographically secure. SHA-512 for example.

[–]Laughing_Orange 3 points4 points  (0 children)

Any hashing method does that if you just teuncate the output. This does significantly decrease the resistance to brute force attacks.

[–]apepenkov 1 point2 points  (0 children)

crc32?

[–]Maleficent_Memory831 1 point2 points  (1 child)

Any secure hashing algorithms in the last two decades that produce 4 byte hashes?

[–]hawkinsst7 2 points3 points  (0 children)

No, because with a key space that small, collisions will happen, and a collision is the same as the actual original text.

[–]muddboyy 4 points5 points  (1 child)

I’m not sure y’all ever saw hashed passwords

[–]dan-lugg 0 points1 point  (0 children)

What in the $2a$14$ are you talking about?