Christmas may be officially over, but here at PAD we’re still in the Christmas spirit, so we hope Challenge 3 will bring you some holiday cheer!

If you aren’t already following our Twitter and Discord, connect with us: @PADtech_team & **https://discord.gg/E2A4AfVr**.

**Challenge 3 Details**

In this challenge, we will compare two hash functions: SHA-256 and MD5, which is deprecated.

Let h be the output of a hash function, represented in hexadecimal form. These digests contain the characters {0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f}. We define the bias of h as the proportion of h that consists of characters {8,9,a,b,c,d,e,f} minus the proportion of h that consists of the characters {0,1,2,3,4,5,6,7}.

For example, bias(ed076287532e86365e841e92bfc50d8c) = 15/32 - 17/32 = -0.0625

Let f be a hash function, and let f(i) be its nested iteration i times, so that f(2)(x) is f(f(x)).

For a given starting value x, and number of rounds r, define the drift of a hash function f as:

driftx,r(f) = | ∑[from (i=1) to r] bias(f (i)(x)) |

Let x be the string: “no transparency no accountability”, encoded in bytes and let r be the smallest integer so that driftx,r(MD5) - driftx,r(SHA-256) >= 210.

The answer to this challenge is SHA-256(r)(x).

Hint: as a sanity check, we provide python code for taking the first two hashes of x:

def sha256(x): return hashlib.sha256(x.encode()).hexdigest() x = "no transparency no accountability" h1 = sha256(x) h2 = sha256(h1) print(h1,h2) # b07299d74047947cb366d64af6f393cf3129be0692f5cbb2044625df20578cc5 # b88ceb17d4a95b21a3298dd139724da02c9dd7bd71e4d161e2fd615a84712fa2