Given many very short (or low-entropy) values – like 6-digit numbers – that are stored as hashes using a fixed secret pepper, e.g.:
value | pepper | hash = SHA265(value + pepper)-------+----------------------+-----------------------------------------------------------------100001 | e03c920babf6325ac56d | 75e3283fe3dbc8e1f86ac5ea7ac5325896a6036d5d2d73f355dca41b9dab4a42100002 | e03c920babf6325ac56d | 20b50e24dc8a984905de5850e67167928f937f171a2e6cb9998c0a8131a11dda100003 | e03c920babf6325ac56d | f555173d08ebd020b45a655cee159c2684ad98cd4901dc85ec047b565d3a4a05... and assuming that an attacker knows that the values are 6-digit numbers and that the hashes were computed that way.
Could the attacker retrieve the values (or even the pepper) from the hashes? Do the short values make the hash more vulnerable / less secure?
