Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

md5 brute forcer?

Started by TcM, Dec 21 2007 06:08 AM

This topic has been archived. This means that you cannot reply to this topic.

23 replies to this topic

#1
TcM

Posted 21 December 2007 - 06:08 AM

Writes binary right handed and hex left handed

Members
11,147 posts

If we make an md5 for a file and then brute force that md5 what string will the brute forcer generate?

#2
WingedPanther

Posted 21 December 2007 - 09:17 AM

A spammer's worst nightmare

Moderators
16,831 posts

Brute forcing an md5 is finding another string that produces the same md5 hash. It could produce any of the infinitely many strings that have the common md5 hash.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#3
TcM

Posted 21 December 2007 - 10:16 AM

Writes binary right handed and hex left handed

Members
11,147 posts

So a file and a string can have the same md5?

#4
WingedPanther

Posted 26 December 2007 - 09:22 AM

A spammer's worst nightmare

Moderators
16,831 posts

Yes.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#5
TcM

Posted 29 December 2007 - 03:41 PM

Writes binary right handed and hex left handed

Members
11,147 posts

I thought that md5 was unique for every string/file. So the string generated can be just a random string.. has nothing to do with the file name?

#6
John

Posted 29 December 2007 - 11:33 PM

Writes binary right handed and hex left handed

Moderators
6,321 posts

md5 is a 128-bit hash, which is generally represented as a 32-character hexadecimal string. I've read numerous documents on how the md5 algorithm works, and I still can't understand it, but the md5 hash is dependent on the entire file. However, there are only a certain amount of 32-character combinations / permutations that can be created, so there is a possibility [around 1 x 10^-100] that two files will have the same exact md5 hash [which is called an md5 collision].

There was an Asian professor [Wang I believe] who "cracked" the md5 and created an algorithm to create md5 collisions, about 10 years ago. I was doing some reading the other day, and I read that there is an algorithm to create a collision as fast as 31 seconds.

Compiled Thoughts

#7
TcM

Posted 30 December 2007 - 04:25 AM

Writes binary right handed and hex left handed

Members
11,147 posts

But what is the aim to create md5 collisions?

#8
Maurice_Z

Posted 30 December 2007 - 04:28 AM

Learning Programmer

Members
41 posts

Prove that there is still a room for something better than md5 I guess. To get a better knowledge on security, to improve security. Something around this things I guess, since md5 is really widely used in passwords encrypting (Is this the proper word?).

#9
John

Posted 30 December 2007 - 10:56 AM

Writes binary right handed and hex left handed

Moderators
6,321 posts

TheComputerMaster said:

But what is the aim to create md5 collisions?

I can only think of malicious reasons to create collisions. If you know a password hash, and can create a collision, you "cracked" the password. Also many applications use md5 to verify a files integrity, creating a collision, could allow you to pack a virus with an exe and keep the exe's same checksum, potentially going undetected by anti-virus software.

Compiled Thoughts