• 520@kbin.social
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Nope. Think of the key like a massively long password. Only that password is going to be able to open the file.

    • JackbyDev
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      Yeah but in theory multiple passwords can open an account because hashing doesn’t produce unique output.

      • 520@kbin.social
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Actually it does. That’s literally what hashing is supposed to do.

          • 520@kbin.social
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            That is what we call an attack, or a vulnerability. It isn’t supposed to happen, and at the point where it does, that algorithm becomes cryptographically insecure and should not be used.

            I see what you’re thinking though, as it would be such an old hash that collisions must be known, right?

            Well unfortunately, what we are dealing with here is encryption, not hashing, and hash collisions do not apply as an attack vector to encryption.

            You could in theory try a cryptographic attack on the encrypted data but then you run into a few other problems:

            1. you’re effectively distributing a DRM bypass tool, expressly forbidden under DMCA

            2. Attacking even the likes of RC4 takes considerable compute time on modern systems

            3. If you do crack it, you legally can’t store it, which compounds problem number 2.

            • JackbyDev
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Legality aside because I’m sure there’s always going to be some random law that they will use (or twist) to fight this… With 3DS I remember there was a community provided cloud cracking service. I’m guessing it was either some comically weak algorithm or they found some vulnerability they were able to exploit.

              But even then that’s not really a good comparison because if there was some master key (I don’t know the specifics) it is still physically on your 3DS and they weren’t sending them around (or worse, hosting it on a store).

              The situation sucks but I understand it from Valve’s point of view. It’s not about whether they think it is okay or not, it’s about them being concerned about liability from Nintendo who are well known for protecting their IP.

              • 520@kbin.social
                link
                fedilink
                arrow-up
                4
                ·
                1 year ago

                Oh the shit on the 3DS was absolutely comical.

                Get this: their digital licensing protection scheme was entirely client side. Which meant anybody with a hacked 3DS could just request any game they liked directly from the eShop.

              • 520@kbin.social
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                …what are you even talking about? A hashing algorithm takes one data input and makes one hash from said data input.

                • conciselyverbose@kbin.social
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  A hash converts a large input into a small output. If a hash takes up to 128 ASCII characters and outputs 64, there will be ~10^135 collisions per output. This is completely normal and not a design flaw. It’s simple math.

                  The strength of a cyyptographic hash function (not the only kind of hash or the only useful kind) is in not being predictable, not in avoiding collisions.

                  • 520@kbin.social
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    edit-2
                    1 year ago

                    Your understanding is a little lacking.

                    Hash algorithms don’t take an input and make it smaller. What they do is, they take an input, plug it into a mathematical formula and that outputs a string of text of fixed size, the actual size being determined by the algorithm used.

                    There are a few key factors people take into account while making a hashing algorithm:

                    1. collision resistance. It won’t ever be possible to make it completely resistant, so they aim to make it unfeasible to do with the foreseeable future of technology. Many technologies we rely on, such as TLS, rely on hashes for verification purposes, so collision resistance is very important for that.

                    2. irreversibility. This is a big reason why it doesn’t simply convert big output into small output (the other being that hashes can actually be bigger than the input data itself). Information is lost in the hashing process to the point where you can’t take a hash and unhash it into the original data.

                    3. reliability. The algorithm must create the same output given the exact same data.

                    4. predictability, like you said, but only kinda. While it is true that a requirement is that an attacker must not be able to derive even part of the original data, a lot of the onus here is actually on the user to not use predictable inputs when using hashes for secure things. As said before, a hashing algorithm must give the same output when given the same input, so someone using, let’s say a hashed timestamp for something secure is being a moron.