Last active
December 5, 2017 19:09
-
-
Save ewuehler/db1348d3ba9c604fd8db8c7812c6f494 to your computer and use it in GitHub Desktop.
Script for checking SHA256 hash of first N chars on a MAC byte...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env /usr/bin/python | |
# Quick script to map a MAC byte (0x00-0xFF) to the first n chars of a sha256 | |
# hash to look for collisions. However, I do not understand why we bother | |
# hashing a single byte when it is trivial to reverse the hash -- it | |
# can't be for privacy or anonymization reasons, so why? | |
import hashlib | |
itoh = {} | |
htoi = {} | |
DEBUG = False | |
def loopHash(ix, hx): | |
for h, i in htoi.iteritems(): | |
if h == hx and DEBUG == True: | |
print "Collision: new key '{}' & prev key '{}' have same hash '{}'".format(ix, i, h) | |
def loopAll(charcheck): | |
countCollisions = 0 | |
for x in range(0xFF): | |
# Check all variants of the hash | |
numxx = "%.2x" % x | |
numXX = "%.2X" % x | |
numxX = numXX[0].lower()+numXX[1] | |
numXx = numXX[0]+numXX[1].lower() | |
numx = '\%.2x' % x | |
#print "{} or {} ({} or {})".format(numxx, numXX, numxX, numXx) | |
# Hash all the things | |
hashedxx = hashlib.sha256(numxx).hexdigest() | |
hashedXX = hashlib.sha256(numXX).hexdigest() | |
hashedxX = hashlib.sha256(numxX).hexdigest() | |
hashedXx = hashlib.sha256(numXx).hexdigest() | |
hashedx = hashlib.sha256(numx).hexdigest() | |
# Assuming the first n chars are unique (maybe true for such a small subset) | |
hxx = str(hashedxx)[:charcheck] | |
if htoi.get(hxx, False): | |
# We've added this hash before... | |
loopHash(numxx, hxx) | |
countCollisions = countCollisions+1 | |
else: | |
itoh[numxx] = hxx | |
htoi[hxx] = numxx | |
# Hash of all caps, but don't add if 00 == 00 kinda thing... | |
hXX = str(hashedXX)[:charcheck] | |
if numxx != numXX: | |
if htoi.get(hXX, False): | |
loopHash(numXX, hXX) | |
countCollisions = countCollisions+1 | |
else: | |
itoh[numXX] = hXX | |
htoi[hXX] = numXX | |
# Hash of first char not capitalized, but second yes - but don't add if already added | |
hxX = str(hashedxX)[:charcheck] | |
if numxx != numxX and numXX != numxX: | |
if htoi.get(hxX, False): | |
loopHash(numxX, hxX) | |
countCollisions = countCollisions+1 | |
else: | |
itoh[numxX] = hxX | |
htoi[hxX] = numxX | |
# Hash of second char not capitalized, but first yes - but don't add if already added | |
hXx = str(hashedXx)[:charcheck] | |
if numxx != numXx and numXX != numXx: | |
if htoi.get(hXx, False): | |
loopHash(numXx, hXx) | |
countCollisions = countCollisions+1 | |
else: | |
itoh[numXx] = hXx | |
htoi[numxX] = hxX | |
# Hash of the number as a number | |
hx = str(hashedx)[:charcheck] | |
if htoi.get(hx, False): | |
loopHash(numx, hx) | |
countCollisions = countCollisions+1 | |
else: | |
itoh[numx] = hx | |
htoi[hx] = numx | |
return countCollisions | |
def main(): | |
for count in range(10): | |
x = loopAll(count+1) | |
print "{} Collisions using first {} chars of sha256".format(x, count+1) | |
if DEBUG: | |
for (key, val) in itoh.iteritems(): | |
print "{} :\t{}".format(key, val) | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just a mental exercise...