Clan x86
Technical (Development, Security, etc.) => General Programming => Topic started by: Nate on July 01, 2005, 05:41:17 pm
-
Ok, if i did something like hashed my name "111787" using the MD5 algorithm, is it possible to unhash it if you know the end result?
-
No. Hashing algorithms are irreversable. They're commonly used in data integrity algorithms and things of that nature.
Producing hash values for accessing data or for security. A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
-
You can brute force values though..
-
Yes, you can find it by brute forcing, but that might take a long time.
With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.
-
Yes, you can find it by brute forcing, but that might take a long time.
With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.
Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? :)
-
Yes, you can find it by brute forcing, but that might take a long time.
With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.
Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? :)
No, because MD5 has a vulnerability that certain patterns or something can be forced or are predictable. I don't know the details, but MD5 collisions can be forced without a lot of work.
-
Yes, you can find it by brute forcing, but that might take a long time.
With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.
Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? :)
No, because MD5 has a vulnerability that certain patterns or something can be forced or are predictable. I don't know the details, but MD5 collisions can be forced without a lot of work.
Then use a different hashing algorithm? :)
-
SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.
-
SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.
I'm sure all hashing algorithms that have less than infinite outcomes will have the possibility of collisions. Though the chances are low, they're sitll existant. There's an infinite number of possible messages and a finite number of outcome hashes. :)
-
SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.
I'm sure all hashing algorithms that have less than infinite outcomes will have the possibility of collisions. Though the chances are low, they're sitll existant. There's an infinite number of possible messages and a finite number of outcome hashes. :)
Yes, but collisions can be induced in MD5 and SHA1 without brute-forcing. That's the danger.
-
Find me something that will hash to this value: ec0e2603172c73a8b644bb9456c1ff6e
-
As far as I know, you need to control both of the strings to induce a collision.
-
You could, however, use that string to find something that hashes to the same value and therefore affectively find out his password (theoretically). Would take a while, though.
-
You could, however, use that string to find something that hashes to the same value and therefore affectively find out his password (theoretically). Would take a while, though.
No, because you need to be able to control both things.
And Blaze --
iago@Slayer:~/downloads/mdcrack-1.2$ /usr/sbin/mdcrack ec0e2603172c73a8b644bb945 6c1ff6e
<<System>> MDcrack v1.2 is starting.
<<System>> Using default charset : abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHI JKLMNOPQRSTUVWXYZ
<<System>> Max pass size = 12 >> Entering MD5 Core 1.
Password size: 1
Password size: 2
Password size: 3
Password size: 4
Password size: 5
Password size: 6
----------------------------------------
Collision found ! => batman
Collision(s) tested : 4253876600 in 2322 second(s), 778 millisec, 126 microsec.
Average of 1831988.2 hashes/sec.
-
nice
-
No, because you need to be able to control both things.
So just with that, you couldn't put that in an existing program, give it a dictionary, and have it hash every one of those entries to find a match? ;)
-
You would need to look up more on the vulnerability, but I'm pretty sure that if you hash the dictionary every one of them will be unique. The problem comes with longer documents, not short words.
But you'd have to look up more details to be sure. I don't know exactly how it works.
-
That was the magic word iago. :)
-
Yes, but if the hash that you're trying to match is part of your "dictionary", then you would theoretically be able to find the word. That's all I'm saying. Usually, brute force attacks don't require collisions.
-
Yeah. If the password's good, though, you'd have to have a password list of more than just the dictionary.
-
(http://www.localinfinities.com/salt/images/pile.jpg) is used to thwart dictionary attacks.
-
Salt...smooth.