A cryptographic hash function (CHF) is an equation used to verify the validity of data. Like SHA-256, they are also one-way functions which means that finding the output is not too difficult if you have the input. On the other hand, it is impossible to find the input if you already have the output.
However, if you knew the hashes of some common inputs, then you could brute-force guess at the output or create a Rainbow Table to determine what that input is.
It’s easy to find that the SHA256 hash of “abc123” is 0x6ca13d...118090. If this was a likely input, a hacker could search for it specifically and know that the input was "abc123"! 😱
⚠️ For security purposes, it’s important to remember to use a random salt which you can add to your input to make it unguessable via the methods mentioned above!
No given a SHA256 hash, we can find the color input that would generate that hash. You can assume that all the hashes be generated only from colors provided in the COLORS array.
- To take the hash of a color, first use
utf8ToBytesto translate the string to bytes. Then, usesha256to hash it. - When you want to compare two hashes, first use
toHexto turn each hash from a Uint8Array to a string of hexadecimal characters.
So comparing two hashes would look like this:
const a = "apple";
const b = "banana";
const aBytes = utf8ToBytes(a);
const bBytes = utf8ToBytes(b);
const aHash = sha256(aBytes);
const bHash = sha256(bBytes);
console.log(toHex(aHash) === toHex(aHash)); // true
console.log(toHex(aHash) === toHex(bHash)); // false
Writing the code, it would look similar to this:
const { sha256 } = require("ethereum-cryptography/sha256");
const { toHex, utf8ToBytes } = require("ethereum-cryptography/utils");
// the possible fruits that the hash could represent
const FRUITS = ['mango', 'calamansi', 'orange', 'apple', 'banana', 'avocado'];
// given a hash, return the fruit that created the hash
function findFruit(hash) {
return FRUITS.find(x => toHex(sha256(utf8ToBytes(x))) === toHex(hash));
}
module.exports = findFruit;Now all that just to tell you that this type of finding the cryptographic hash using brute-force is similar to the concept of mining haha! 🤯✨
