In cryptography, a preimage attack on cryptographic hash functions tries to find a message that has a specific hash value. A cryptographic hash function should resist attacks on its preimage (set of possible inputs).
In the context of attack, there are two types of preimage resistance:
preimage resistance: for essentially all pre-specified outputs, it is computationally infeasible to find any input that hashes to that output; i.e., given y, it is difficult to find an x such that h(x) = y.[1]
second-preimage resistance: for a specified input, it is computationally infeasible to find another input which produces the same output; i.e., given x, it is difficult to find a second input x′ ≠ x such that h(x) = h(x′).[1]
These can be compared with a collision resistance, in which it is computationally infeasible to find any two distinct inputs x, x′ that hash to the same output; i.e., such that h(x) = h(x′).[1]
Collision resistance implies second-preimage resistance. Second-preimage resistance implies preimage resistance only if the size of the hash function's inputs can be substantially (e.g., factor 2) larger than the size of the hash function's outputs.[1] Conversely, a second-preimage attack implies a collision attack (trivially, since, in addition to x′, x is already known right from the start).
^ abcdRogaway, P.; Shrimpton, T. (2004). "Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance" (PDF). Fast Software Encryption. Lecture Notes in Computer Science. Vol. 3017. Springer-Verlag. pp. 371–388. doi:10.1007/978-3-540-25937-4_24. ISBN 978-3-540-22171-5. Retrieved 17 November 2012.
should resist attacks on its preimage (set of possible inputs). In the context of attack, there are two types of preimage resistance: preimage resistance:...
root does not indicate the tree depth, enabling a second-preimageattack in which an attacker creates a document other than the original that has the same...
collision attack on a cryptographic hash tries to find two inputs producing the same hash value, i.e. a hash collision. This is in contrast to a preimage attack...
computing cluster. In April 2009, an attack against MD5 was published that breaks MD5's preimage resistance. This attack is only theoretical, with a computational...
{2^{n}}}=2^{n/2}} , with 2 n − 1 {\textstyle 2^{n-1}} being the classical preimage resistance security with the same probability. There is a general (though...
generate collisions in less than two MD4 hash operations. A theoretical preimageattack also exists. A variant of MD4 is used in the ed2k URI scheme to provide...
(45-bit) pseudo-collision attack on the Shabal compression function with time complexity 284 was presented. A preimageattack with 2497 time and 2400 memory...
Ma, et al, describe a preimageattack that takes 2496 time and 264 memory or 2504 time and 211 memory to find a single preimage of GOST-512 reduced to...
the hash function being exposed to attacks including collision attacks, length extension attacks, and preimageattacks. Constructing a cipher or hash to...
allow an attacker to devise a forgery attack on HMAC. Furthermore, differential and rectangle distinguishers can lead to second-preimageattacks. HMAC with...
{\displaystyle 2^{n}} (a practical example can be found in § Attacks on hashed passwords); A second preimage resistance strength, with the same expectations, refers...
sliding computational cost, used to reduce vulnerability to brute-force attacks. PBKDF2 is part of RSA Laboratories' Public-Key Cryptography Standards...
in 1999. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be...
cracking attacks. It accesses the memory array in a password dependent order, which reduces the possibility of time–memory trade-off (TMTO) attacks, but introduces...
Newbold. "Observations and Attacks On The SHA-3 Candidate Blender" (PDF). Retrieved December 23, 2008. Florian Mendel. "PreimageAttack on Blender" (PDF). Retrieved...
not detected by a hash comparison. In cryptography, this attack is called a preimageattack. For this purpose, cryptographic hash functions are employed...
Arch Linux. The function is more resistant to offline password-cracking attacks than SHA-512. It is based on Scrypt. Lyra2 Password Hashing Competition...
the hands of attackers, they can use a precomputed rainbow table to recover the plaintext passwords. A common defense against this attack is to compute...
transformation function f. In hash applications, resistance to collision or preimageattacks depends on C, and its size (the "capacity" c) is typically twice the...
Encrypt-then-MAC approach) implies security against an adaptive chosen ciphertext attack, provided that both functions meet minimum required properties. Katz and...