I'm also wondering, how does this prevent preimaging attacks (or whatever they're called)? That is to say, what's stopping people from reliably producing output based on input?
> I'm also wondering, how does this prevent preimaging attacks (or whatever they're called)?
First, see the Wikipedia entry about preimage attacks.
Second, I am not a cryptographer but I think in practice there is a couple of things to be aware of:
- make sure slightly different inputs have wildly different outputs
- make sure no parts of the input survives
- practically speaking there are an unlimited number of inputs that map to most (all? I'm not sure how uniform the distribution of sha256 is) output (since input is unlimited and output is a short string.
- the classic preimage attack, rainbow tables, works because 1.) inputs, i.e. passwords, are often short and predictable
- in ancient times password systems didn't use salts
> That is to say, what's stopping people from reliably producing output based on input?
I assume this should be the other way around, which is what I have tried to explain above.
