It's SHA-256. Now I've already helped immensely 
I'll let the offer stand though.
You sure don't seem concerned about losing $50 to someone who can guess it. 
It wouldn't matter. Even if you borrowed the local university's supercomputer you couldn't solve that task. I required a proof that the one you found is what I put into it. That is just not possible. Of course you might argue that if you find what I get you'll instantly see that it's the one(otherwise it would have to be an extraordinary coincidence), but that still wouldn't be a
proof. I could offer $100, $1000 or even $1000000. It wouldn't matter because the task is impossible to solve.
Going with a mathematically much simpler hashing algorithm like GingerRobot mentioned earlier it might better illustrate the point. If we say that f(x)=x mod 10 we have a very simple hashing algorithm. So, f(0)=0, f(1)=1, f(2)=2, etc. However, f(10)=f(20)=f(-10)=0, f(11)=f(21)=f(-9)=1, f(12)=f(22)=f(-8)=2, and so on. I'm sure you can see the pattern. So essentially we have [tex]f : \mathbb{Z} \to \{x\in \mathbb{Z} \mid 0 \leq x < 9\}[/tex]. So if I tell you that my hash is 5, how are you going to find out if my input value was 5, 15, 25, 35, etc.? It just is not possible. You have no way of knowing if you got the correct one unless you already know the number from the start.
MD5 (and SHA-256 like I used) work in the same way. They all map an infinite number of items to a finite number of items, which quite obviously means that for each possible output value there is an infinite number of input values, or in other words there is an infinite number of hash collisions.
Because nobody can solve it, I might as well put up the solution. The code I wrote looks like this:
function generateRandom($length = 32, $extraChars = false)
{
$chars = '0123456789abcdfghjkmnpqrstvwxyzABCDEFGHIJKLMNOPQRSTUVW';
if ($extraChars) {
$chars .= '_-+=%&*\'"`\\()~@{}[]<>,.?#| ';
}
for ($i = 0, $charRange = strlen($chars)-1, $password = ''; $i < $length; $i++) {
$password .= $chars[mt_rand(0, $charRange)];
}
return $password;
}
function hashPassword($password, $salt, $salt2)
{
$salt2Length = strlen($salt2);
for ($i = 0, $max = strlen($password); $i < $max; $i++) {
$password[$i] = chr(ord($password[$i]) ^ ord($salt2[$i % $salt2Length]));
}
return hash('sha256', $salt . base64_encode($password));
}
$salt = generateRandom(32, true);
$salt2 = generateRandom(32, true);
$password = 'goodJob';
$hash = hashPassword($password, $salt, $salt2);
echo "Salt: {$salt}\nSalt 2: {$salt2}\nPassword: {$password}\nHash: {$hash}";And the output was:
Salt: mU`Bz%4L75{vG0q? D?1[7C}r=G\T],y
Salt 2: B[#&}g-KJCs"p86[2]"NjEThO=TH'3Ef
Password: goodJob
Hash: 9f65f29197e64cef1f862f359866c3abdc473da40a0efd1f6 bca32fb13cfb5da
So rv20, you most certainly
cannot decrypt/crack/brute-force/whatever a hash. My sister once asked me what you can use mathematics for. I suppose one application is that an understanding of it makes sure you won't look like a fool when you persistently claim that hashing can be "cracked".
