Re: MD5 collisions found - alternative?

[Almut Behrens <almut-behrens@gmx.net>]

On Tue, Aug 24, 2004 at 11:01:58PM +0200, Moritz Schulte wrote:
> 
> (...)  But if your hash function is pretty good in respect to
> collision-resistance but is not one-way (being similar to a 1:1
> mapping between hash input and hash output), you could simply apply
> the inverse function to your hash output and are already done.

If that was possible for md5, it would be an ingenius compression
algorithm, as you could sqeeze several hundred Megs or more into 128
bits, and still be able to retrieve the original data... ;)

Somewhat more seriously: are there generally any defining criteria for
something one would call a 'hash function', saying that it always must
map some larger input space to some smaller output space?

I'm thinking of something like the following:  a trivial, reversible
1:1 mapping would be to simply rotate every ASCII value in a string by
some N (e.g. 1->2, 2->3, ..., 255->1).  That procedure would fit the
above mentioned properties, in that it's perfectly reversible, and also
pretty collision-resistant -- at least, from the top of my head, I
couldn't think of any reason why there should be any two inputs mapping
to the same output.  But I don't think that that'd be considered a hash
function...
(BTW, I'm not making any claims whatsoever about its usefulness in the
context of computing checksums, so please don't get me wrong there.)

Anyway, it's 6 a.m. here, and I got to get some sleep now... so, I
won't pester you any further :)

Thanks everyone for the input!

Almut