Hashes: How cryptographically secure is this?

[Inca]

Let's say hypothetically that I have a list of parties who have supplied me with a random hash, C. Say generated like thus:
C=sha256(B) where b is a random generated number.

But let's say that actually what each party does is this:

B=sha256(A)
C=sha256(B)

I think I am correct in thinking that if all parties supply me with C, that I can verify their legitimacy in a cryptographically secure way if the party subsequently reveals to me B?

What I want to know is: if later I require further proof of legitimate origin from the same party but now B is public (say because broadcast across a network) then if the party reveals A is this also cryptographically secure?
i.e. is a chain of hashes which are sequentially revealed insecure?

PS. Over to you Peter R )

 

[Peter R]

If I understand your question, the answer is that the hashes earlier in the chain are never compromised if hashes later in the chain are revealed. Think of hashing as a one way operation. You can work forwards, but you can't work backwards.

 

[theZerg]

Yes this is also a good trick to generate domain specific passwords from a single master. For example your local data is encrypted with sha256(pw) and your server login is sha256 (sha256 (pw))

 

[Inca]

Thanks guys.

I am using chains of hashes in this thing I am writing, but was worried that an attacker knowing this in advance may be able to take advantage somehow.

I use it as a 'reveal' to prove authenticity of origin repeatedly.

e.g B=sha256(n), C =sha256(B), D=sha256(C)

Where the party sequentially reveals C, B and n at various checkpoints to confirm cryptographic identity.

I suppose taking this to its logical conclusion I was wondering if say we hash the output of hash(n) 10000 times and then reveal the prehash values in a public broadcast in reverse order (last first), whether this renders the technique open to statistical attack.

Probably safe for just 3 hops..