Re: is an MD5 sum random

From: Alan (a__l__a__n_at_hotmail.com)
Date: 04/05/05 

Date: Tue, 5 Apr 2005 09:46:17 -0400

"Unruh" <unruh-spam@physics.ubc.ca> wrote in message
news:d2sohf$q4a$1@nntp.itservices.ubc.ca...
>
> No, he asked if N is randomly distributed is MD5(N) also randomly
> distributed.

I agree that is probably what he meant but it is not what he asked.

As I said before, the following function

F(N) = N

also has that property. Since that F(N) is pretty useless from a
cryptographic point of view.

> Now, since MD5(N) can only lie between 0 and 2^(128)-1, you need to
> interpret the question something like "If N is randomly distributed over
> the integers 0 to 2^x-1 where x>128, is MD5(N) randomly distributed.

But wouldn't

F2(N) = N mod 128

also have that property? And isn't that F2(N) also fairly useless as a
PRNG?

> It certainly need not be. For example if MD5(N)=7 if N is odd and 0 if it
> is even, then MD5(N) is not randomly distributed over 0 to 2^128-1.
> The actual distribution is liable to be more subtle than this.

I think we are driving at the same point, which I stated previously: Don't
expect to improve the "unguessability" of a value by hashing it. That's a
very common and fatal mistake in many cryptographic implementations.