1

Possible Duplicate:
Is it okay to truncate a SHA256 hash to 128 bits?

Can anyone tell me to what degree entropy would be affected if only the first 35 characters of a sha256 hash were to be returned? What is the risk in doing this?

Community
  • 1
  • 1
Steve
  • 2,936
  • 5
  • 27
  • 38
  • It was in a script I downloaded. I figure since the original/intended length was 64 characters, returning only the first 35 must be detrimental in some way. My question is: how? – Steve Nov 02 '12 at 12:04
  • This is entirely dependent on what the hash is being used for. – John Bartholomew Nov 02 '12 at 12:07
  • session hash. tells whether the user is logged in or not and gets their username/rights from a session table with the hash – Steve Nov 02 '12 at 12:09
  • You should edit your question to include the extra information. Also it would be good to say what data is being hashed, since the output space of a hash function can't be larger than the input space. – John Bartholomew Nov 02 '12 at 12:16

1 Answers1

2

Well, not sure what exactly you are asking for. Your 35 chars represent 17.5 bytes that are 140bits

256 bit: 2^256 = 1.1E+77
140 bit: 2^140 = 1,4E+42

So entropy is dramatically reduced. Hope this helps.

bidifx
  • 1,640
  • 13
  • 19