MD5 for ninnies

MD5 for ninnies

am 17.01.2006 19:02:07 von Water Cooler v2

Be gentle. Ninny here.

If I apply an MD5 hash on a character string, say, "Hello", and the
result is (just for the sake of brevity) DF94EX, then, given the hash
value, can I get back the original string "Hello" from it?


* I do know that two different strings will never yield the same MD5
hash value.
* I also know that it is claimed that given a predetermined MD5 hash
value, no one can just point their finger at the original string that
was its seed, i.e it is not computationally possible to arrive at the
seed.
* I also know that there are some collision attacks on MD5, SHA and
MD4.
* I also know that MD5 is a bit slower than MD4.

Re: MD5 for ninnies

am 17.01.2006 19:42:13 von comphelp

"Water Cooler v2" writes:

> Be gentle. Ninny here.
>
> If I apply an MD5 hash on a character string, say, "Hello", and the
> result is (just for the sake of brevity) DF94EX, then, given the hash
> value, can I get back the original string "Hello" from it?

I would say that's designed to be impossible, but absent a math degree
and a lot of experience in cryptography, allow me to hedge my bets and
say "designed to be EXTREMELY difficult and resource intensive."

> * I do know that two different strings will never yield the same MD5
> hash value.
> * I also know that it is claimed that given a predetermined MD5 hash
> value, no one can just point their finger at the original string that
> was its seed, i.e it is not computationally possible to arrive at the
> seed.
> * I also know that there are some collision attacks on MD5, SHA and
> MD4.
> * I also know that MD5 is a bit slower than MD4.

I believe you (though not practically) can brute force your way to
find a string that yields the same MD5 hash as what seeked a given
md5 hash, but given the existence of collisions, I do not believe
there is any way to verify that you relaly got back to the original
string. However, if you have something that gets you to the same
md5hash, and the thing in question is really using md5sums, the string
you arrive at will work just as well as the orginal anyway.

--
Todd H.
http://www.toddh.net/

Re: MD5 for ninnies

am 17.01.2006 19:51:38 von lahippel.at.ieee.org

Water Cooler v2 wrote:

> Be gentle. Ninny here.
>
> If I apply an MD5 hash on a character string, say, "Hello", and the
> result is (just for the sake of brevity) DF94EX, then, given the hash
> value, can I get back the original string "Hello" from it?

In that case, a dictionary attack works fine.

> * I do know that two different strings will never yield the same MD5
> hash value.

False. Even before the MD5 collisions were found, it was obvious that there
are 129 bit (and longer) strings that map to the same 128-bit MD5 hash.
Finding them was a problem, though.

-- Lassi

Re: MD5 for ninnies

am 17.01.2006 20:09:14 von unruh

comphelp@toddh.net (Todd H.) writes:

>"Water Cooler v2" writes:

>> Be gentle. Ninny here.
>>
>> If I apply an MD5 hash on a character string, say, "Hello", and the
>> result is (just for the sake of brevity) DF94EX, then, given the hash
>> value, can I get back the original string "Hello" from it?

No. You can try all possible strings and see which gives the hash.


>I would say that's designed to be impossible, but absent a math degree
>and a lot of experience in cryptography, allow me to hedge my bets and
>say "designed to be EXTREMELY difficult and resource intensive."

>> * I do know that two different strings will never yield the same MD5
>> hash value.

False. Different string WILL give the same hash value. Many many many
different strings will give the same hash value. A hash is not an
encryption.
If the string is shorter than 8 bytes the chances are good that no other
less than 8 byte string will give the same hash value. If it is longer,
then the chances go up. If the string length is 16 bytes or longer then the
chances are certain that another string of the same or shorter length will
have the same hash value.

>> * I also know that it is claimed that given a predetermined MD5 hash
>> value, no one can just point their finger at the original string that
>> was its seed, i.e it is not computationally possible to arrive at the
>> seed.

It is probably difficult. No one knows of a way right now to do better than
"try all strings" HOwever, it is possible to find two strings with the same
hash value in much less work ( something like 2^32 attempts).

>> * I also know that there are some collision attacks on MD5, SHA and
>> MD4.

MD4 is very weak. MD5 is stonger but see the above. SHA1 is stronger than
MD5 but still two strings with the same hash can be found with much less
than the expected amount of work.

>> * I also know that MD5 is a bit slower than MD4.

>I believe you (though not practically) can brute force your way to
>find a string that yields the same MD5 hash as what seeked a given
>md5 hash, but given the existence of collisions, I do not believe
>there is any way to verify that you relaly got back to the original
>string. However, if you have something that gets you to the same
>md5hash, and the thing in question is really using md5sums, the string
>you arrive at will work just as well as the orginal anyway.

It depends. If the original was a piece of text and the result is a piece
of gibberish, then the result is probably not useful.


>--
>Todd H.
>http://www.toddh.net/