Forums: » Register « |  Free Tools |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support |

New Free Tools on Dev Shed!

#1
August 9th, 2011, 08:06 AM
 akshayinbox
Registered User

Join Date: May 2010
Posts: 4
Time spent in forums: 16 m 20 sec
Reputation Power: 0
Is Cryptographic Hash (MD5) practical?

Hello.

I'm new to cryptography (I use MD5() and SHA1() functions quite often).

My question is: Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?

While I'm aware that MD5 has failed at some stage, already, and that SHA1 is also vulnerable, I'd say:

How can one think of getting a unique fixed length string when no. of character combinations is INFINITE!

I mean, for example, MD5, produces a 32-digit alphanumerical string.

So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output strings would be:

36^32 = 6.33402867 × (10)^49, which is NOT infinity!

Then what is the purpose behind any cryptographic hash?

I think I've asked an interesting question (not flattering myself that'd be lame)

Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).

Thank you!

#2
August 9th, 2011, 08:56 AM
 salem
Contributed User

Join Date: Jun 2005
Posts: 4,261
Time spent in forums: 2 Months 4 Weeks 1 Day 15 h 9 m 6 sec
Reputation Power: 1827
> Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?
Of course not, that would count as near infinite compression.

If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an n-bit hash.

The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
So for example, if you had "Send me \$1", you would find it nearly impossible to come up with another message "Please send me \$1000000" which has the same hash.

> So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
Not 26, only 16
All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f

> Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
Because they are hex strings, and each character represents only 4 bits.
So the visible "1234" represents just two bytes - 0x12 and 0x34
__________________
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper

#3
August 13th, 2011, 05:01 AM
 leszek31417
Contributing User

Join Date: Jul 2011
Posts: 313
Time spent in forums: 1 Week 2 Days 18 h 56 m
Reputation Power: 0
I believe that MD5 hash is ok for MY own program.
But for the others ?...
See:
http://www.mscs.dal.ca/~selinger/md5collision/

#4
August 13th, 2011, 07:44 AM
 akshayinbox
Registered User

Join Date: May 2010
Posts: 4
Time spent in forums: 16 m 20 sec
Reputation Power: 0
Thank you!

Thanks a lot!
esp. Salem! for such an elaborate answer

Quote:
 Originally Posted by salem > Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data? Of course not, that would count as near infinite compression. If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an n-bit hash. The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash. So for example, if you had "Send me \$1", you would find it nearly impossible to come up with another message "Please send me \$1000000" which has the same hash. > So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output Not 26, only 16 All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f > Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits). Because they are hex strings, and each character represents only 4 bits. So the visible "1234" represents just two bytes - 0x12 and 0x34

#5
August 26th, 2011, 07:05 PM
 fishtoprecords
Contributing User

Join Date: Sep 2007
Location: outside Washington DC
Posts: 2,642
Time spent in forums: 3 Weeks 4 Days 23 h 21 m 56 sec
Reputation Power: 3699
MD5 is considered obsolete for all new code. You should be using a SHA rather than MD5. These days, folks recommend against SHA1, and suggest SHA256 or other flavors.

 Viewing: Dev Shed Forums > System Administration > Security and Cryptography > Is Cryptographic Hash (MD5) practical?