Given hash value h, can we find message m?
Given \(m_1\), can we find \(m_2\) with same hash?
Can i find any two matching messages?
I can get someone to vouch for one of the messages, and then claim they vouched the other.
It is possible to brute force hashes, especially for smaller inputs such as short passwords.
If password hashes for a hashing algorithm were brute forced, then passwords could easily be recovered from another hash table.
To prevent this a salt can be added to the document.
If a password is "apple", then instead the salt "xyz" could be added to create "applexyz". This prevents the previous cracking of "apple" to be used.
The salt would then be stored in plaintext alongside the password hash.