Re: Report of collision-generation with MD5

• Previous message: Matthew Seaman: "Re: Report of collision-generation with MD5"
• In reply to: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Next in thread: Brett Glass: "Re: Report of collision-generation with MD5"
• Reply: Brett Glass: "Re: Report of collision-generation with MD5"
• Reply: Fernando Gleiser: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 18 Aug 2004 13:54:41 -0700
To: freebsd-security@freebsd.org

On Wed, Aug 18, 2004 at 02:29:57PM -0400, Peter C. Lai said:
> On Wed, Aug 18, 2004 at 09:08:12PM +0300, Claudiu wrote:
> > hello,
> >
> > please explain what do you mean by "reverse the hash". Is this the
> > recreation of the originial message from its hash ?
>
> The short answer is yes. The slightly longer answer is that such is only one
> specific case. The general case is that the digest should not reveal any
> information about the original message.

well, technically you're not "reversing the hash": you can't re-create a
message from its hash, because the information is simply gone--digesting
algorithms are massively lossy by definition. that is, you can't take a
128-bit MD5 hash and recover the original 2-megabyte message, which makes
sense.

what you can do, if you have a proper attack formula, is find *a* message
that produces *that one hash*. that is, if I have message M which produces
hash H, I can use the attack to find *a* message M' which will also
produce hash H.

I suppose the possibility exists that M' will equal the original M, but
I'd speculate that the odds are remarkably small.

chris

-------------------------------
Chris Doherty
chris [at] randomcamel.net

"I think," said Christopher Robin, "that we ought to eat
all our provisions now, so we won't have so much to carry."
               -- A. A. Milne
-------------------------------
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Matthew Seaman: "Re: Report of collision-generation with MD5"
• In reply to: Peter C. Lai: "Re: Report of collision-generation with MD5"
• Next in thread: Brett Glass: "Re: Report of collision-generation with MD5"
• Reply: Brett Glass: "Re: Report of collision-generation with MD5"
• Reply: Fernando Gleiser: "Re: Report of collision-generation with MD5"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Encryption -- Blowfish limited to 8 byte passowrds? ... Chris wrote: ... Why won't Java allow other length ... > some kind of hash function. ... > algorithm itself is only acting on an 8-byte key. ... (comp.lang.java) Re: Efficient Text File Copy ... >> Why do I recommend Chris Torek's hash? ... I have the obvious testbed in hashlib, ... verification suite include the awful hash function 1. ... (comp.lang.c) Re: Efficient Text File Copy ... >> Why do I recommend Chris Torek's hash? ... I have the obvious testbed in hashlib, ... verification suite include the awful hash function 1. ... (alt.comp.lang.learn.c-cpp) Re: ISO vanilla class ... > Personally I'd use a hash not a hash reference: ... > both required and supposed to be a scalar. ... I wrote my own base class module that does most of what ... Chris Olive ... (comp.lang.perl.misc) Re: Sending HASH over TCP ... > I have been working on this for a few days now, and still feel stuck. ... > I have a large HASH which I need to send via TCP to a server. ... XML-RPC. ... Chris Olive ... (comp.lang.perl.misc)