Re: md5 collisions and speeding tickets

Date: 08/19/05

Date: Fri, 19 Aug 2005 18:15:04 +1000

Bryan Olson wrote:
> Crypto@S.M.S wrote:
> > MD5 is bullet proof? That is *not* what others have said.
> > In fact, it has been claimed that MD5 can be reversed in "about an
> > hour". I am still trying to understand which is correct.
> >
> > While I believe that finding particular MD5 collisions is NOT the same
> > as reversing an individual hash, there are others (experts?) in this
> > group who disagree. We have heard the statements over and over again,
> > but still have no actual consensus.
> I was off at the crypto conference for a week, so maybe I'm
> behind on the posts, but I think you simply misunderstood the
> exposition. Is MD5 broken? Yes. Is it easily 'reversed'? Well,
> that's hard to say simply because the phrasing is not standard
> terminology in the discipline. If by "Reverse" you mean find
> some preimage of an arbitrary MD5 digests, then no efficient
> method for doing so is publicly known.

Yes, by "reversing" the hash, I mean a "preimage" attack; that is,
given an MD5 value, "uncompute" it to reveal the underlying input

> > Let us have a show of hands. Who believes that Joseph Ashwood
> > can reverse an MD5 hash in less than an hour?
> Well, for any given hash, I expect that he can reverse the order
> of the 120 bits in under an hour's time. What can you quote him
> claiming about finding MD5 preimages that you think to be false?

It has been quoted time & again. He claims to be able to determine
the pass phrase used as input to an MD5, where the hash will be used
as an encryption key. He claims to be able to do this in "about an
hour" so as to crack CryptoSMS encrypted short messages. Since you
say you're behind on posts, have a look at WWW.CRYPTOSMS.COM, to see
how it uses MD5 (along with 5 other hashes) to produce the key sets
for an scheme of three overlapping ciphers.

Joseph Ashwood threw out a flurry of insults mixed with nonsense
statements about his ability to crack these triple encrypted messages.
While some of his critiques pointed to things that could have been
done better and subsequently have been, others were completely "off
the mark" (which has been pointed out by others, just not clarified
by Joe).

In any case, I am not the only one asking for a demonstration of how
these "attacks" on MD5 directly effect its use as a pass phrase hash.

Relevant Pages

  • Re: C# Equivalent of C++ MD5 Algorith
    ... your original post said you were looking for an MD5 Hash. ... Co-founder, developer portal: ... The problem is that the C++ encryption generates 110 ...
  • Re: Need strong crypto for sending my password via sockets.
    ... MD5 and Blowfish are indeed free, but MD5 is not an encryption algorithm ... it is a disgest (hash) algorithm. ... Server crypts it's own copy of password ...
  • Re: incremental MD5 ?
    ... and i'm trying MD5 encryption, the original data is quite big and MD5 ... Hash the book to get the book hash ... Hash all the shelf hashes in a column to get the column hash ...
  • Re: password length
    ... ]>]The short answer is "Different encryption ... ]>based hash, 128 bits in the case of the MD5 based hash. ... ]>Ie, the password algorithms are not encryptions, they are hashes. ...
  • Re: ADS with SP1 and IMGMOUNT.exe
    ... I can mount images with /W but I use MD5 and encryption to make sure ... Domain policy may override this. ... I would also recommend disabling the LM hash storage before taking your ...