August 9th, 2011, 07:06 AM

Is Cryptographic Hash (MD5) practical?
Hello.
I'm new to cryptography (I use MD5() and SHA1() functions quite often).
My question is: Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixedlength string produced by carrying binary operations (Message Digest Algorithm) on the data?
While I'm aware that MD5 has failed at some stage, already, and that SHA1 is also vulnerable, I'd say:
How can one think of getting a unique fixed length string when no. of character combinations is INFINITE!
I mean, for example, MD5, produces a 32digit alphanumerical string.
So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output strings would be:
36^32 = 6.33402867 × (10)^49, which is NOT infinity!
Then what is the purpose behind any cryptographic hash?
I think I've asked an interesting question (not flattering myself that'd be lame)
Additionally, why MD5 is called a 16byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
Thank you!
August 9th, 2011, 07:56 AM

> Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixedlength string produced by carrying binary operations (Message Digest Algorithm) on the data?
Of course not, that would count as near infinite compression.
If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an nbit hash.
The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
So for example, if you had "Send me $1", you would find it nearly impossible to come up with another message "Please send me $1000000" which has the same hash.
> So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
Not 26, only 16
All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f
> Additionally, why MD5 is called a 16byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
Because they are hex strings, and each character represents only 4 bits.
So the visible "1234" represents just two bytes  0x12 and 0x34
August 13th, 2011, 04:01 AM

I believe that MD5 hash is ok for MY own program.
But for the others ?...
See:
http://www.mscs.dal.ca/~selinger/md5collision/
August 13th, 2011, 06:44 AM

Thank you!
Thanks a lot!
esp. Salem! for such an elaborate answer
Originally Posted by salem
> Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixedlength string produced by carrying binary operations (Message Digest Algorithm) on the data?
Of course not, that would count as near infinite compression.
If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an nbit hash.
The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
So for example, if you had "Send me $1", you would find it nearly impossible to come up with another message "Please send me $1000000" which has the same hash.
> So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
Not 26, only 16
All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f
> Additionally, why MD5 is called a 16byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
Because they are hex strings, and each character represents only 4 bits.
So the visible "1234" represents just two bytes  0x12 and 0x34
August 26th, 2011, 06:05 PM

MD5 is considered obsolete for all new code. You should be using a SHA rather than MD5. These days, folks recommend against SHA1, and suggest SHA256 or other flavors.