6 replies to this topic

[liamzebedee]

Why is hash cryptography so speedy. When obtaining a MD5 hash for a file in PHP it finds it really quickly. I was wondering why does it execute just as fast when running the hash function on a larger file as a smaller.

[Alexander]

It can be a very linear operation (it performs calculations on each bit, not too intensive.)

Your programming language still uses an optimized C code to perform the binary operation trees required for the steps of MD5, and should not be slower than a native C program. I've no clue what the numbers are now, however my old Pentium (under 200MHz) could hash roughly fifty megabytes of data per second with this algorithm. It should be much faster today, your speculation is due to the fact many of your files may be under the point of requiring more observable time to complete.

[WingedPanther]

The other thing to realize is that MD5 is a pretty simple algorithm. You are only performing a few calculations per byte, so on a modern processor it is quite fast. The time complexity is O(n), however, so you will start noticing the time if you calculate the MD5 of, say, a gigabyte file.

[fayyazlodhi]

Since Hash was mentioned as cryptography (or part of it) i would like to clarify a couple of points.

Hash is never actually encrypting / decrypting the data itself.

Following are the properties of a good hash function.

1. It should be one way, i.e. given a piece of data you should be able to generate the same hash again but not vice versa i.e. no way should exist to compute back the original data.

2. Same hash cannot be generated from two different strings.


So just thought of clarifying the real complexity of cryptography lies in hiding the data itself that is sent across and converting it back securely by the original intended receiver.

Hash is generally used /sent along with original data for e.g. for authentication of message / user or even sometimes the key (in symmetric crypto e.g. 3DES, AES) or key pair (in asymmetric crypto e.g. RSA).

However, in trivial cases such as for verification of a user's password at for instance a well known email server, only hash is used i.e. you enter the password, it's hash is computed and store in the server's db. So even the admin cannot retrieve your password (remember hash is one way). When validating, you enter a password, it's hash is computed and sent to the server where it is compared with the hash stored in DB. If they are same it is validated else not.

But the email itself would be encrypted and in comparison would take much more computation to decrypt.

[WingedPanther]

2 should probably be clarified to "Same hash cannot be easily duplicated from another string". Since hashes have a fixed length, there is necessarily duplication.

[Alexander]

Fayyaz said:

2. Same hash cannot be generated from two different strings.

WP said:

Since hashes have a fixed length, there is necessarily duplication.

This is collision and can be a vector for attack among others. A great example is of this issue is here: MD5 - Wikipedia, the free encyclopedia

[fayyazlodhi]

It would be near impossible to prove that a function exists with perfect characteristics of 0 duplication. But that should be the goal of a good hash function. I wanted to emphasize that. I generally found the term "near impossible" as also indicated by WP.

Following lists different hash functions md5 being broken at the least complexity. Take a look at Algorithm List down the page, specifically the column "Collision Attacks Complexity"
Cryptographic hash function - Wikipedia, the free encyclopedia

It illustrates SHA-256 and onwards would be a good choice although as of today most widely used ones are MD5 and SHA1