0

I want to send a secret to a server, say the domain the current browser is visiting, but I don't want the server to know what the website address is, only if the server has a matching record for this specific domain.

I was thinking of simply hashing the domain-name on the client, and using then comparing hashes on the server, but in my late night of thinking, so to say, I can't think of a way to prevent the server from using the same hashing algorithm to "reverse" or "brute force" it's way to the answer.

So say the server was compromised, it has a hashed value + an identifier such as an IP. Now it could simply brute force all the dirties websites in the world, to see what website would return the same hash.

I was thinking of SRP (Secure Remote Password) -- not sure if that would make any real difference in this case.

Good night.

FooBar
  • 5,752
  • 10
  • 44
  • 93
  • A `hash` can not be `reversed`. You may be confusing *encryption* with *hashing*, or using a hashing mechanism that is far too weak (such as MD5) and can be deciphered with rainbow tables. – Martin Oct 05 '20 at 23:15
  • @Martin: Hashes, including secure hashes, including even the latest and greatest password hashes like Argon2, are reversed all day, every day, simply by guessing the input to them. – President James K. Polk Oct 05 '20 at 23:52
  • This question really belongs on crypto.stackechange.com. You might search for zero knowledge proofs to get a flavor of some of the results on related problems. – President James K. Polk Oct 05 '20 at 23:56
  • A secure hash cannot be reversed with work that is less than the entropy contained in the secret. Thus, if your secret contains 256 bits of entropy it requires work factor comparable to brute-forcing AES-256 to reverse it. Rainbow tables only make it possible to amortize this effort over many hash recoveries. However, a domain name has very little entropy. – President James K. Polk Oct 06 '20 at 00:04
  • @PresidentJamesK.Polk guessing the input is not reversing the hash. It's a guess. It's like saying I have a compass in my head because I guess which way is north and by chance I got it right. – Martin Oct 06 '20 at 08:06

0 Answers0