But once you've made a function that "cannot be used to produce the material described by the hash", you've also made a very good pseudo-randomizer. In fact, if a cryptographic hash function cannot be trusted for its ability to produce apparent randomness, then it cannot be trusted for its "intended purposes". You get both properties or neither.
There is an untested assumption that hashes achieve randomness because they appear to be a random collection of characters. Hash sequences are completely reproducible given a set of input, and that is by definition not random.
I think you are confusing loss of prediction as randomness. Never in mathematics or logic is that line of thinking correct. This can be described by equivocation, fallacy of composition, inductive fallacy, and more.
I think you are mixing the function itself and it's output, if for a given input to the function the output is uniformly random, then this is a way to derive randomness. The fact that the function itself is deterministic tells you nothing about the distribution of it's output.
You started your comment with a correct distinction, but got the wrong conclusion. Asking if somthing is random is actually a question about the process used to obtain some value and not the value itself. If I ask you if 42 is a random number, can you actually answer? I can get that number with an intrinsically random process based on some quantum effect, or I can say it from the top of my head because I just read a very famous book. You can indeed use an hash function to extract randomness, but, to be precise, we are talking about pseudo-randomness. The crucial difference here is that, if I'm measuring photons' polarization to get a random number, then an attacker repeating the same process will (very likely) obtain a different number. If I'm instead hashing some data, an attacker passing the same data through the same hash function will get the same result. Another example: if I hash the digits of pi, I will get a sequence that will pass statistical tests for randomness. But an attacker that knows how I am generating such sequence can easily reproduce it.
You're saying something being reproducible implies that it is not pseudo-random. This is a definition of pseudo-random that exists only in your head.
The first sentence of the wikipedia entry on pseudo-randomness is:
"A pseudorandom sequence of numbers is one that appears to be statistically random, despite having been produced by a completely deterministic and repeatable process."
That misses a factor called good enough, or degree of predictability. Ultimately everything eventually becomes predictable if analyzed deeply enough. Another word for that is entropy. That is what my linked comment referred to. For security concerns, such as PRNGs, the appearance of randomness is not enough.
This is why security analysis requires a higher threshold than software employment at large.
A hash function cannot create entropy. Let's be clear about that.
A good hash function will preserve entropy, up to the length of its output. If the input X has K bits of entropy and H is an N-bit cryptographic hash function, then the entropy of H(X) is min(K, N). In simpler terms, GIGO.
However, a hash function also scrambles its input, which means the output is indistinguishable from (uniform) random noise. This is the randomizing property I was talking about. It is good enough for hash functions to be used to build stronger primitives, like HMACs, PBKDFs, CSPRNGs, etc. There are many formalizations of this property, but one of the simplest is that given any K bits of the output, you cannot predict the other N-K output bits any better than guessing, even knowing the algorithm.
Of course, if you know the input to a hash function, you can predict the output perfectly. But if you don't know the input, the hash looks like random noise, and for cryptographic hash functions, this is a very strong and fundamental guarantee indeed.
> lol, no. Cryptographic hash functions are specifically designed to achieve this property.
That completely ignores the definition of the word random.
What I find most interesting about this thread of comments is that the article explains the failure of using hashes as a means of randomness and despite that failure people are eager to ignore what hashes are otherwise used for to invent oppositional arguments. it's weird.
It's a lot less weird if you consider the possibility that you don't understand this as well as you think, and the reason people are consistently correcting you is because you are mistaken.
