Re: md5 collisions and speeding tickets
Date: Fri, 19 Aug 2005 18:15:04 +1000
Bryan Olson wrote:
> Crypto@S.M.S wrote:
> > MD5 is bullet proof? That is *not* what others have said.
> > In fact, it has been claimed that MD5 can be reversed in "about an
> > hour". I am still trying to understand which is correct.
> > While I believe that finding particular MD5 collisions is NOT the same
> > as reversing an individual hash, there are others (experts?) in this
> > group who disagree. We have heard the statements over and over again,
> > but still have no actual consensus.
> I was off at the crypto conference for a week, so maybe I'm
> behind on the posts, but I think you simply misunderstood the
> exposition. Is MD5 broken? Yes. Is it easily 'reversed'? Well,
> that's hard to say simply because the phrasing is not standard
> terminology in the discipline. If by "Reverse" you mean find
> some preimage of an arbitrary MD5 digests, then no efficient
> method for doing so is publicly known.
Yes, by "reversing" the hash, I mean a "preimage" attack; that is,
given an MD5 value, "uncompute" it to reveal the underlying input
> > Let us have a show of hands. Who believes that Joseph Ashwood
> > can reverse an MD5 hash in less than an hour?
> Well, for any given hash, I expect that he can reverse the order
> of the 120 bits in under an hour's time. What can you quote him
> claiming about finding MD5 preimages that you think to be false?
It has been quoted time & again. He claims to be able to determine
the pass phrase used as input to an MD5, where the hash will be used
as an encryption key. He claims to be able to do this in "about an
hour" so as to crack CryptoSMS encrypted short messages. Since you
say you're behind on posts, have a look at WWW.CRYPTOSMS.COM, to see
how it uses MD5 (along with 5 other hashes) to produce the key sets
for an scheme of three overlapping ciphers.
Joseph Ashwood threw out a flurry of insults mixed with nonsense
statements about his ability to crack these triple encrypted messages.
While some of his critiques pointed to things that could have been
done better and subsequently have been, others were completely "off
the mark" (which has been pointed out by others, just not clarified
In any case, I am not the only one asking for a demonstration of how
these "attacks" on MD5 directly effect its use as a pass phrase hash.