Happy New Year! Yes, the current one, not a previous one; this is a new post, we swear!
0 Members and 2 Guests are viewing this topic.
Producing hash values for accessing data or for security. A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Yes, you can find it by brute forcing, but that might take a long time.With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.
Quote from: iago on July 01, 2005, 07:53:39 pmYes, you can find it by brute forcing, but that might take a long time.With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time?
Quote from: Sidoh on July 01, 2005, 08:01:11 pmQuote from: iago on July 01, 2005, 07:53:39 pmYes, you can find it by brute forcing, but that might take a long time.With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? No, because MD5 has a vulnerability that certain patterns or something can be forced or are predictable. I don't know the details, but MD5 collisions can be forced without a lot of work.
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min[20:21:15] xar: that was funny
SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.
Quote from: Quik on July 02, 2005, 12:44:45 amSHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.I'm sure all hashing algorithms that have less than infinite outcomes will have the possibility of collisions. Though the chances are low, they're sitll existant. There's an infinite number of possible messages and a finite number of outcome hashes.
You could, however, use that string to find something that hashes to the same value and therefore affectively find out his password (theoretically). Would take a while, though.
iago@Slayer:~/downloads/mdcrack-1.2$ /usr/sbin/mdcrack ec0e2603172c73a8b644bb945 6c1ff6e<<System>> MDcrack v1.2 is starting.<<System>> Using default charset : abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHI JKLMNOPQRSTUVWXYZ <<System>> Max pass size = 12 >> Entering MD5 Core 1.Password size: 1 Password size: 2 Password size: 3 Password size: 4 Password size: 5 Password size: 6 ----------------------------------------Collision found ! => batmanCollision(s) tested : 4253876600 in 2322 second(s), 778 millisec, 126 microsec.Average of 1831988.2 hashes/sec.