Clan x86

Nate · July 01, 2005, 05:41:17 PM

Ok, if i did something like hashed my name "111787" using the MD5 algorithm, is it possible to unhash it if you know the end result?

Sidoh · July 01, 2005, 06:59:48 PM

No. Hashing algorithms are irreversable. They're commonly used in data integrity algorithms and things of that nature.

QuoteProducing hash values for accessing data or for security. A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.

Blaze · July 01, 2005, 07:50:33 PM

You can brute force values though..

iago · July 01, 2005, 07:53:39 PM

Yes, you can find it by brute forcing, but that might take a long time.

With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.

Sidoh · July 01, 2005, 08:01:11 PM

Quote from: iago on July 01, 2005, 07:53:39 PM
Yes, you can find it by brute forcing, but that might take a long time.

With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.

Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? :)

iago · July 01, 2005, 09:50:48 PM

Quote from: Sidoh on July 01, 2005, 08:01:11 PM
Quote from: iago on July 01, 2005, 07:53:39 PM
Yes, you can find it by brute forcing, but that might take a long time.

With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.

Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? :)

No, because MD5 has a vulnerability that certain patterns or something can be forced or are predictable. I don't know the details, but MD5 collisions can be forced without a lot of work.

Sidoh · July 02, 2005, 12:20:18 AM

Quote from: iago on July 01, 2005, 09:50:48 PM
Quote from: Sidoh on July 01, 2005, 08:01:11 PM
Quote from: iago on July 01, 2005, 07:53:39 PM
Yes, you can find it by brute forcing, but that might take a long time.

With MD5, however, there is a weakness. Although you can't reverse it, it isn't impossible to find two strings that hash to the same value. Those collisions can cause problems.

Which are usually found by brute forcing. Is it just me or would that take an increadible amount of time? :)

No, because MD5 has a vulnerability that certain patterns or something can be forced or are predictable. I don't know the details, but MD5 collisions can be forced without a lot of work.

Then use a different hashing algorithm? :)

Quik · July 02, 2005, 12:44:45 AM

SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.

Sidoh · July 02, 2005, 01:53:08 AM

Quote from: Quik on July 02, 2005, 12:44:45 AM
SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.

I'm sure all hashing algorithms that have less than infinite outcomes will have the possibility of collisions. Though the chances are low, they're sitll existant. There's an infinite number of possible messages and a finite number of outcome hashes. :)

iago · July 02, 2005, 04:07:51 PM

Quote from: Sidoh on July 02, 2005, 01:53:08 AM
Quote from: Quik on July 02, 2005, 12:44:45 AM
SHA-1 is proven to have collisions as well, and that was thought to be perfect. However, it will take longer than one's willing to wait, and a very high-powered machine to do so.

I'm sure all hashing algorithms that have less than infinite outcomes will have the possibility of collisions. Though the chances are low, they're sitll existant. There's an infinite number of possible messages and a finite number of outcome hashes. :)

Yes, but collisions can be induced in MD5 and SHA1 without brute-forcing. That's the danger.

Blaze · July 02, 2005, 04:11:40 PM

Find me something that will hash to this value: ec0e2603172c73a8b644bb9456c1ff6e

iago · July 02, 2005, 04:32:51 PM

As far as I know, you need to control both of the strings to induce a collision.

Quik · July 02, 2005, 05:44:00 PM

You could, however, use that string to find something that hashes to the same value and therefore affectively find out his password (theoretically). Would take a while, though.

iago · July 02, 2005, 05:50:23 PM

Quote from: Quik on July 02, 2005, 05:44:00 PM
You could, however, use that string to find something that hashes to the same value and therefore affectively find out his password (theoretically). Would take a while, though.

No, because you need to be able to control both things.

And Blaze --

Quoteiago@Slayer:~/downloads/mdcrack-1.2$ /usr/sbin/mdcrack ec0e2603172c73a8b644bb945 6c1ff6e

<<System>> MDcrack v1.2 is starting.
<<System>> Using default charset : abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHI JKLMNOPQRSTUVWXYZ
<<System>> Max pass size = 12 >> Entering MD5 Core 1.

Password size: 1

Password size: 2

Password size: 3

Password size: 4

Password size: 5

Password size: 6

----------------------------------------
Collision found ! => batman

Collision(s) tested : 4253876600 in 2322 second(s), 778 millisec, 126 microsec.
Average of 1831988.2 hashes/sec.

Warrior · July 02, 2005, 06:22:42 PM

nice

News:

MD5