Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Topics

Recent Status Updates

View All Updates

Photo
- - - - -

md5 brute forcer?

md5

  • Please log in to reply
14 replies to this topic

#1 TcM

TcM

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 7563 posts

Posted 21 December 2007 - 06:08 AM

If we make an md5 for a file and then brute force that md5 what string will the brute forcer generate?
  • 0

#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 21 December 2007 - 09:17 AM

Brute forcing an md5 is finding another string that produces the same md5 hash. It could produce any of the infinitely many strings that have the common md5 hash.
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 TcM

TcM

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 7563 posts

Posted 21 December 2007 - 10:16 AM

So a file and a string can have the same md5?
  • 0

#4 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 26 December 2007 - 09:22 AM

Yes.
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#5 TcM

TcM

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 7563 posts

Posted 29 December 2007 - 03:41 PM

I thought that md5 was unique for every string/file. So the string generated can be just a random string.. has nothing to do with the file name?
  • 0

#6 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 29 December 2007 - 11:33 PM

md5 is a 128-bit hash, which is generally represented as a 32-character hexadecimal string. I've read numerous documents on how the md5 algorithm works, and I still can't understand it, but the md5 hash is dependent on the entire file. However, there are only a certain amount of 32-character combinations / permutations that can be created, so there is a possibility [around 1 x 10^-100] that two files will have the same exact md5 hash [which is called an md5 collision].

There was an Asian professor [Wang I believe] who "cracked" the md5 and created an algorithm to create md5 collisions, about 10 years ago. I was doing some reading the other day, and I read that there is an algorithm to create a collision as fast as 31 seconds.
  • 0

#7 TcM

TcM

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 7563 posts

Posted 30 December 2007 - 04:25 AM

But what is the aim to create md5 collisions?
  • 0

#8 Maurice_Z

Maurice_Z

    CC Regular

  • Just Joined
  • PipPipPip
  • 40 posts

Posted 30 December 2007 - 04:28 AM

Prove that there is still a room for something better than md5 I guess. To get a better knowledge on security, to improve security. Something around this things I guess, since md5 is really widely used in passwords encrypting (Is this the proper word?).
  • 0

#9 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 30 December 2007 - 10:56 AM

But what is the aim to create md5 collisions?


I can only think of malicious reasons to create collisions. If you know a password hash, and can create a collision, you "cracked" the password. Also many applications use md5 to verify a files integrity, creating a collision, could allow you to pack a virus with an exe and keep the exe's same checksum, potentially going undetected by anti-virus software.
  • 0

#10 TcM

TcM

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 7563 posts

Posted 30 December 2007 - 11:08 AM

So the file will force the Md5 checkers to generate an md5 that the malicious file wants.. right?
  • 0

#11 John

John

    CC Mentor

  • Moderator
  • 4450 posts
  • Location:New York, NY

Posted 30 December 2007 - 11:15 AM

The md5 checkers will generate the same hashes for the "good" file and the "bad" file.
  • 0

#12 TcM

TcM

    CC Mentor

  • VIP Member
  • PipPipPipPipPipPipPipPip
  • 7563 posts

Posted 30 December 2007 - 11:44 AM

Wow, so how is this crack implemented.. is it an addon binded/bound with the "bad" file? or it's a piece of code you compile with the program?
  • 0





Also tagged with one or more of these keywords: md5

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download