Difference between breaking the one way hash property by _brute force_ and proving collision

For any Hash function, conceptually speaking or otherwise, What is the difference between aforementioned 2 operations. I have approached the problem in the following manner:

H=hash(someplaintext)
n=0
while 1:
    if hash(str(n))==H:
        print n
开发者_Python百科    n+=1

Both the properties could be proven this way, is there something wrong? Ignore the efficiency, memory usage or any such property. Please answer my question, strictly on the basis of correctness

"One-way" means that given a function output, you cannot find a matching input, except by trying many potential inputs and getting lucky. A collision is about finding two distinct inputs which yield the same output, without any predefined constraint on said output.

There are three classical properties which a good (cryptographic) hash function should have:

• Resistance to preimages: given x, it should be infeasible to find m such that h(m) = x.
• Resistance to second preimages: given m, it should be infeasible to find m' distinct from m, such that h(m) = h(m').
• Resistance to collisions: it should be infeasible to find m and m', distinct from each other, such that h(m) = h(m').

This can be viewed as three challenges for the attacker, sorted by decreasing difficulty. For preimages, I give you an output, and I challenge you to find a matching input. For second preimage, I give you an input (and implicitly the corresponding output), and I challenge you to find another matching input. For collisions, this is like the second preimage challenge, except that I do not require that you find a specific output; any one will do. Or, to state it the other way round: a challenge for a second preimage is like a challenge for a collision in which one of the colliding messages cannot be freely chosen by the attacker.

Without exploiting any weakness in the hash function itself, the generic methods for finding preimages, second preimages, and collisions, for a hash function with a n-bit output, have cost roughly 2ⁿ (for preimages and second preimages) and 2^n/2 (for collisions). Finding collisions is thus vastly easier. For preimages, you just try inputs until you get lucky (that's what you call "brute force"); each try has probability 2^-n to succeed. For collisions, this relates to the birthday attack: basically, once you have accumulated about sqrt(2ⁿ) pairs input/output, the probability of two of those pairs having the same output rises quite fast.

In terms of birthdays, this means that if you take 20 people at random, chances are high that two of them will have the same birthday -- but you do not get to choose which day or which people. On the other hand, if you want to find someone with the same birthday than you, then you will have to sample through 365 people on average.

I may not be understanding your question correctly, but here is my take on it:

Brute-forcing a collision will always work, regardless whether it is collision resistant. An one-way hash function doesn't mean it's impossible to find a collision, it means an adversary has a negligible chance of finding one, this is often defined by

\epsilon < \frac{1}{p(n)}

where p(n) denotes a polynomial in terms of n (pardon the latex syntax)

In your case, you simply found a collision, it doesn't prove that the hash function is not one-way because you are looping through all possibilities, meaning that you didn't break the 1/p(n) condition.