How can SHA512 make a long string into a short string

Question

I´m wondering how this random and very long string

€£$€@]}$€{[$£}]£[€€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]hXC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpb€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]hkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubh€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]hj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]h€£$€@]}$€{[$£}]£[€]}€486745896€$@fdhhsgpbkjhYUVYUDTYhµµµ½789ty45thhrhYUFVYU7645646f8cgI JKHVruxty dw78fg f 9w64f dfvt87t&R%EFVyubhj<<e5w>G/p9\<\]}}]@}$]$€}{$€øøål5940hgsy/)T(&¤%}]€$ygrevae48g85XC&Yi45wtgsb}]

Can turn into this much shorter string

bb90e8b58596c55070ee88b25ff01627ab0c227cd11d6f876af9e81a0cd12e9d8a1ebce3af5b0fd8098ac3946a590c55ebe890066db6403cb0ee324c6edf9f3d

This dosent make any sense for me. Can two strings be the same in sha512. Etc we have string 1 and string 2 and sha512 hashed they are the same?

Answer 1

Very basically, a hash function (such as SHA512) takes a variable-length input (which may be shorter, longer or the same length as the output hash, and which may or may not have a maximum size dictated by how the hash function works), and through a variety of steps uses that input to alter the hash function's internal state in a predictable (deterministic) manner. At the other end, when there is no more input, the (or some portion of the) internal state of the hash function is read, possibly further processed somehow, and delivered as the output of the hash function. That output is called the "hash" of the input data.

A hash function is designed as a one-way function, also known as a trap door function; in other words, it is designed such that it is easy to compute the output given the input, but it should be infeasible to calculate the input given the output, even in cases where the input is smaller than or the same size as the output.

The output hash is of a fixed length basically because the size of the hash function's internal state (and the result of post-processing that state for output) is known. The exact output hash length is picked to be a good fit for the hash function's internals and to provide the desired level of security. Some hash functions, like MD5, RIPEMD160 or SHA-1, have a fixed-size output; others, like SHA-2 or SHA-3, can give different-length outputs depending on the specific needs of the system using the hash function.

It is possible (and even likely) that two different inputs to a hash function will produce the same output hash. For a hash with n bits of output and for two random inputs, this will happen on average after trying 2^n/2 combinations, and it is guaranteed to happen by the time you have tried 2ⁿ+1 different inputs: in the worst (or best) case, each of the 2ⁿ inputs will give a unique output out of the set of 2ⁿ possible outputs, so if you try one more input then it must match one of the already computed outputs. That's called a hash collision. The aim of a cryptographic hash function such as the SHA family of hashes is not to make such collisions impossible (without expanding the hash to the full size of the input, which sort of negates the point of the hash, that is mathematically impossible), but rather to make finding such inputs extremely hard.

A hash function that allows finding collisions significantly faster than 2^n/2 to 2ⁿ operations (depending on the exact method of attack; primarily, look up so-called preimage and birthday attacks if you want to learn more about that) is generally considered broken for cryptographic applications. This is why SHA-1 started its track toward deprecation in web browsers for TLS certificates in 2014 or so after a theoretically feasible attack became known in 2012, and why the old workhorse MD5 is considered horribly broken for almost any cryptographic application.

It's also important to keep in mind that the output of a hash function such as SHA512 is not the hexadecimal string that you show in your question. That is one representation of the actual hash, which is just a 64-byte (512-bit) binary value. It could just as well be stored in binary form, in Base64 encoded form, or some other representation.

Answer 2

By definition a SHA512 hash is 512 bits long whatever the size of the original data. For a more detailed explanation you can read this Wikipedia article which explains what a hash function is.

Since SHA512 is not a perfect hash function it is mathematically possible but very unlikely that two different data produce the same SHA512 hash as explained in the answer of this other question on Stack Overflow.

Answer 3

A hash function is an application, i.e. something that associates to any number in a large group called A, another number taken from a different group of numbers, called B.

In math, you can have applications

1. when the group A contains more elements than B;

2. when the two groups contain the same number of elements;

3. when the group A contains many fewer elements than B.

The hash function is case 1, i.e. the group A contains many, many more elements than group B.

The elements of group A are called messages, those of group B hashes.

I think what worries you is the obvious inference that it is thus certain that many different messages will have the same hash. What many people think is, if hashes are like signatures, how can it be that two or more messages have the same signature? If the same were to happen in a bank, it would be disaster. This property (having the same hash) is called a collision.

This is not so, because of another property of a hash: it is computationally unfeasible (= extremely difficult), given a message with a hash, to find another message with the same hash.

Notice that this does not say: it is impossible outright, because we just saw that collisions must exist. The property above only says that it is extremely difficult. How difficult? Things are arranged in good hashes (and SHA2 is surely a great hash) in such a way that the most powerful computer existing today, working with the best code, would take much longer than the age of the Universe (=12 billion years) to find the collision. It seems safe enough.

There is another property of hashes which is very good, and helps to explain why they are used so often. Let us take as an example a password. Passwords are stored on pc, not in open text: pcs store passwords' hashes, so that when I type in my password, what is compared is not two passwords, but two hashes. Ok, so now let us assume that my password is: MyPassword, and now a thief tries to guess it as follows. Take a 10-letter sequence, (any initial sequence will do, let us use Thisisasca. Then he changes the initial letter (T, in this case), until it finds a letter which has a hash as close as possible to the (publicly available) hash of the real password.

This way an attacker may hope to identify my password one letter at a time. Notice that this is what bank robbers do in heist movies: they identify the password by listening to clicks as they modify the numbers one digit at a time.

Well, this is impossible with hashes: one important property of hashes is that even messages which are nearly equal, actually have completely different hashes. This way, you cannot just guess them one letter at a time, the way bank robbers do.

In mathematical parlance, this is called a large Lyapunov exponent.