Re: md5 collisions and speeding tickets

From: Unruh (
Date: 08/20/05

Date: 19 Aug 2005 23:19:05 GMT

Mxsmanic <> writes:

>Crypto@S.M.S writes:

>> Yes, by "reversing" the hash, I mean a "preimage" attack; that is,
>> given an MD5 value, "uncompute" it to reveal the underlying input
>> string.

>This is generally impossible. You might be able to find _an_ input
>message that produces a given digest, working backward from the
>digest, but you won't be able to find _the_ message, if the message is
>longer than the hash and the hash is truly a random function of the
>input message. A hugely defective algorithm might allow _some_
>messages to be identified from the hash (if, for example, only one
>message actually hashed to that value), but MD5 isn't that defective;
>if it were, people would have noticed by now.

>> It has been quoted time & again. He claims to be able to determine
>> the pass phrase used as input to an MD5, where the hash will be used
>> as an encryption key.

>He can't do that, if the pass phrase is significantly longer than the

False, if the long passphrase is constrained. Let us say that you have a 20
character passphrase, and each character is only the number either 0 or 1.
Then the colliding preimages will almost certainly NOT have the property.
Ie, althought the phrase is significantly longer than the hash ( 10
characters, instead of 16 characters) there will almost certainly be a
unique preimage for each passphrase obeying those rules.

His consideration was that the passphrase was an english phrase, which
restricts the field significantly.

>Transpose mxsmanic and gmail to reach me by e-mail.

Relevant Pages

  • Re: Newbie - Are You Sure Thats the Correct Pass Phrase?
    ... The pass phrase is run through PKCS # 5 algo 2. ... produces the crypto key for certain columns in database accesses. ... Sorry, my mistake, I thought passphrase was used when the user signs in. ... and a hash to generate the encryption key. ...
  • Re: "index" efficiency... any help or ideas?
    ... > That's still a lot of checking; with a good hash, ... byte number of possibilities for character ... absolute jump address to the handler for that command... ... then the pointer is an offset relative to ...
  • Re: Help with Streams
    ... In particular, it's actually extremely inconvenient to maintain a mapping between the reader and stream positions, and doing so would perform very poorly in any case, because you would have to decode the bytes to characters one at a time. ... You could still buffer the stream data into a byte buffer, but even the overhead of having to call the encoder one character at time would be very noticeable. ... It'd probably be easier to just open the file twice and have my hash routine figure out where it needs to go. ... If it's the latter, then you could actually encode the search string itself into the bytes representing that string, and then scan the stream bytes for a matching sequence of bytes. ...
  • Re: Password hashes
    ... There is no such thing as an NTLMV2 hash. ... While I am a believer of enforcing complex passwords the bigger issue is if ... computers you need to review the physical security of your computers. ... > broken up into two 7 character units. ...
  • Re: beginners attempt at hash function
    ... )> I'll not go into reading the file symbol by symbol, ... And padding with x-es is unneeded, because part of the hash ... character in a file of several hundred characters changes the output. ... SaSW, Willem ...