hash – Clarification on evenly dispersing modular hashing

I’m going over “Algorithms fourth edition” by Robert Sedgewick and Kevin Wayne.

In the chapter on hash tables I have encountered an easy hashing method called “modular hashing”

hash = k % m

Where k is the key and m – 1 is the size of array (minus 1) that stores the values. Authors suggest to use primary numbers for m because:

If m is not prime, it may be the case that not all of the bits of the key play a role, which amounts to missing an opportunity to disperse the values evenly.

I get why non-primary numbers might be a bad m. If we take a look at m = 10 and k = {17,27,37…}. They will all produce hash equal to 7.

However, I’m not entirely sure as to why primary numbers are superior alternative.

Is it because primary numbers are (due to their definition) never a divisor to the keys that we want to hash (ignoring instances where key=m)?

hash – Why is it impossible to modify a transaction in the blockchain?

Keep in mind two things:

  • Digest functions or hash functions ((see here))1

  • proof of work – Finding a hash that satisfies some conditions (see here)

Briefly, hash functions take a data structure (of any length) and give it a “fingerprint” in a default size. Minor changes to the input info change the fingerprint wildly.

Proof of work, in Bitcoin requires that you assemble a block (with all the transactions AND the previous block hash) and try out values (in the nounce field) until you reach a valid hash. It is called proof of work because the only way to reach a valid hash is by trying different inputs (thus working) until you reach it.

So, it is hard to change a tx after it has been confirmed as the latest block references the previous block’s hash, which in turn references the previous block and so on. If any data changes in any of those blocks, all subsequent hashes will change, leading the proof of work on all these blocks to become invalid.

The only way is to go all the way back and solve the PoW again for all blocks that had hashes affected.

In order to change a transactions confirmed 2 blocks ago (let´s call it block t-2), you would need to reassemble that block (t-2), solve the proof of work for it, then reassemble the subsequent block (t-1), solve it’s proof of work and only then you would be able to start working on block t. While you were spending energy/work on your new version of block t-2, other miners were already working hard on block t.

This race to revert something becomes exponentially more difficult the further back you go in the blockchain. In order to even start such an attack the attacker will need, at least 51% of the hashing power and probably way more the deeper “changing the record” goes.

hashing – Testing uniform insertion on a fixed length hash table?

I’m currently testing some hash algorithms for use within a hash table, I’m doing chaining for collision resolution of the index modulo a prime.

Firstly, I’m testing with some dictionaries and word lists, between 400,000 and 1,400,000 words.

Secondly, I generate a random string of 15,000 bytes, and then toggle one by one bit, to generate two-bit different random strings set.

Thirdly, I generate random strings of 15,000 bytes of length, to form a set of 120,000 strings.

My hash function does not present collisions on this different domain sets.

So in turn to use the output hash for the insertion on the hash table, I convert the byte array output to the two’s-complement binary representation of a BigInteger and then reduce modulo the length of the table (actually some prime).

With this index I can do the insertion and for the collision of the index I use the chaining method: linked lists.

With this in mind I graph the length of all the linked lists in red and the empty buckets in some yellow ticks.

This gives me some true representation of the randomness of the algorithms in review.

First image, for some word list:
enter image description here

Second image, two-bit different string set:
enter image description here

Third image, random strings:
enter image description here

So as you can see the maximum size of the linked list is below 10.

So my question is: Do we have another interest domain set for testing the hash algorithm uniform for use inside a hash table?

I give you the link of my java source code:


partitioning – Does Oracle guarentee that ORA_HASH is used to determine which hash partition a row is inserted, and will this be honored in the future?

I use hash partitioning for a few of my very large tables, and occasionally I have a use case where it would be convenient to have a mechanism that would return the partition name that a row would be inserted into, given a partition value.

This blog here shows that we can use ORA_HASH function for this purpose. Incidentally, it appears this page is the only page on the entire internet that explains this.

I’ve used it successfully and it works in all cases that I have tried. It seems ORA_HASH is definitely what Oracle itself uses to pick the hash partition that it inserts data into, and that at least on the current version of Oracle it is safe to use for this use case.

However there is no guarantee in the documentation that Oracle even uses it, or will continue to use it in the future. This makes me think that using ORA_HASH in this way is not safe or future proof. What if a DB is upgraded and ORA_HASH no longer behaves this way?

For reference, you can use the following SQL to return the hash partition for a given value:

SELECT partition_name
FROM all_tab_partitions
WHERE table_name = 'FOO'
    AND partition_position = ORA_HASH('bar', n - 1) + 1

Where 'bar' is the value you wish to analyze, and n is the number of partitions in your table. There are some edge cases when the number of partitions is not a power of 2, which is covered in the blog article linked above.

hash – When will hashing no longer be useable?

I curious about hashing, because normal hashing is static, it means that a string that gets hashed will always be the same (except for using salt). Because of that situation, there are many websites that are able to “crack” a hash by comparing it to hashes in its database.

So I’m curious how much longer regular hashing will be useful? Because soon sites could crack almost any hash with their huge data structure. I know that there are many bots that spam their database by adding many hashes into their databases including the plain text. What will be the alternative to regular hashing?

hash – When do hashing will no longer useable?

I curios about hashing, because normal hashing is static, means that a string that got hashed will always be the same (except for using salt), because of that situation, right for today, there are many websites that are able to “crack” a hash by comparing it to hashes in database.

So I’m curious how much longer regular hashing will be useful? Because soon sites could crack almost any hash with their huge data structure, I know that there are many bots that just spamming their database by adding many hashed into their databases include the plain text. And what will be the alternative to regular hashing?

sql server – Is left hash join always better than left outer join?

I have a query that runs quite slow (see below). While searching for a way to improve it we found that the query runs about ten times faster if we replaced the LEFT OUTER JOIN with LEFT HASH JOIN

The result seems to be the same. Is it? In what cases wont it return the same result? What difference are there? Is there something that i should look out for when running a LEFT HASH JOIN instead of a LEFT OUTER JOIN?

SELECT t.foo, t.bar, t.data
FROM (dbo).(Table) as t
LEFT OUTER JOIN (ABC).(ExternalTable) as s ON s.foo = t.foo and s.bar = t.bar and s.data = t.data
WHERE s.foo is null and s.bar IS NULL and s.data IS NULL

What is the plaintext password of ‘hash part 1’ in the shadow file?

on immersivelabs lab Password Hashes II


there is a question to

What is the plaintext password of ‘hash part 1’ in the shadow file?

shadow.txt conains:


I’ve tried

root@password-hashes-2:~/Desktop# john --format=Raw-MD5 --wordlist=/usr/share/wordlists/rockyou.txt shadow.txt 
Using default input encoding: UTF-8
No password hashes loaded (see FAQ)

to no avail

any advice?

should I reference https://null-byte.wonderhowto.com/how-to/crack-shadow-hashes-after-getting-root-linux-system-0186386/


from immersivelabs

it says:

Password Hashes II
Quick Summary
Salting is an extra step during hashing that adds an additional value to the end of the password, thereby changing the hash value produced. Salting can drastically reduce the chances of an attacker cracking your passwords. In this lab, you will learn about the benefits of password salting, as well as attempt to crack salted hashes.

What is a hash?
A hash is just a way to represent any data as a unique string of characters. You can hash anything: music, movies, even your name. Hashing is often used on passwords, especially when logging into web applications. Visit the lab below for more information on hashes.

What is salting
When a fixed value is prepended or appended to a plaintext password before hashing, the resulting hash will be unique. Even with the smallest variation in the string, the hash will always be unique. The salting function would essentially look like this: Hash(salt | password). This is useful when users have repeated passwords across multiple applications. For example, you have a password you want to salt that looks like this:

The salt in this instance would be added at the start of the plaintext password:

The following Python script hashes a password and prepends it with a bcrypt salt.

#!/usr/bin/env python3
import bcrypt
passwd = b’asdf’
salt = bcrypt.gensalt()
hashed = bcrypt.hashpw(passwd, salt)
iml@IML:~$ python hash.py


Is salt better than sugar?
The premise of salting is to protect and prevent precomputed hash attacks. Salting adds another barrier for attackers, essentially complicating the password cracking process. Salts can be stored in a database beside the hashes.

Once a hacker has compromised a database that stores salted hashed user credentials, cracking the salted hashes can be a costly operation. The time taken for an attacker to execute a successful dictionary attack is drastically increased with salted hashes, thus proving the attacker’s attempts to crack the hashes to be ineffective. However, salting can be essentially worthless if the attacker knows the salt, as they could add it to their wordlists at the start or end of every password. The benefit of salts is that they don’t need to be memorised by humans, so the rainbow table required to successfully crack a set of passwords would have to be very large.

In this lab
In this lab, you must crack the three salted hashes contained within ‘shadow.txt’, located on the desktop. There are many tools available for hash cracking; one such tool is John The Ripper (John). To crack the hashes using John, you need to use the ‘rockyou’ wordlist, found within ‘/usr/share/wordlists’. The following syntax can be used to crack the hashes with John, using a wordlist. Follow the link below for more information on John The Ripper.

john –wordlist=/usr/share/wordlist/mywordlist.txt –format=raw-md5 Downloads/hashes.txt

mining theory – Lowest numbered Bitcoin hash?

I was thinking about which bitcoin block has the lowest numbered hash. What I mean by a hash as a number is that. For example, the number “1” has a lower hash than “2” in SHA256. Their values are 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b and d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35. Which bitcoin block, as of me asking, has the lowest number?

To be clear, I mean by “lowest number” as the smallest hexadecimal hash. An example of a number would be block #651520 which is numbered 0000000000000000000d1f8cf49fe57d034214693cd7f7678abec20427355c82. Interestingly, the lower the number, the more work tends to be required to generate it.

I kind of like this question because the Bitcoin network is basically an extremely large SHA256 brute force machine. This hash would likely be from after the all time high in 2017 in price.