### Thread: Is Cryptographic Hash (MD5) practical?

1. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
May 2010
Posts
4
Rep Power
0

#### Is Cryptographic Hash (MD5) practical?

Hello.

I'm new to cryptography (I use MD5() and SHA1() functions quite often).

My question is: Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?

While I'm aware that MD5 has failed at some stage, already, and that SHA1 is also vulnerable, I'd say:

How can one think of getting a unique fixed length string when no. of character combinations is INFINITE!

I mean, for example, MD5, produces a 32-digit alphanumerical string.

So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output strings would be:

36^32 = 6.33402867 × (10)^49, which is NOT infinity!

Then what is the purpose behind any cryptographic hash?

I think I've asked an interesting question (not flattering myself that'd be lame)

Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).

Thank you!
2. > Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?
Of course not, that would count as near infinite compression.

If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an n-bit hash.

The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
So for example, if you had "Send me \$1", you would find it nearly impossible to come up with another message "Please send me \$1000000" which has the same hash.

> So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
Not 26, only 16
All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f

> Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
Because they are hex strings, and each character represents only 4 bits.
So the visible "1234" represents just two bytes - 0x12 and 0x34
3. No Profile Picture
Contributing User
Devshed Newbie (0 - 499 posts)

Join Date
Jul 2011
Posts
313
Rep Power
0
I believe that MD5 hash is ok for MY own program.
But for the others ?...
See:
http://www.mscs.dal.ca/~selinger/md5collision/
4. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
May 2010
Posts
4
Rep Power
0

#### Thank you!

Thanks a lot!
esp. Salem! for such an elaborate answer

Originally Posted by salem
> Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?
Of course not, that would count as near infinite compression.

If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an n-bit hash.

The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
So for example, if you had "Send me \$1", you would find it nearly impossible to come up with another message "Please send me \$1000000" which has the same hash.

> So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
Not 26, only 16
All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f

> Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
Because they are hex strings, and each character represents only 4 bits.
So the visible "1234" represents just two bytes - 0x12 and 0x34
5. MD5 is considered obsolete for all new code. You should be using a SHA rather than MD5. These days, folks recommend against SHA1, and suggest SHA256 or other flavors.