#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    4
    Rep Power
    0

    Is Cryptographic Hash (MD5) practical?


    Hello.

    I'm new to cryptography (I use MD5() and SHA1() functions quite often).

    My question is: Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?

    While I'm aware that MD5 has failed at some stage, already, and that SHA1 is also vulnerable, I'd say:

    How can one think of getting a unique fixed length string when no. of character combinations is INFINITE!

    I mean, for example, MD5, produces a 32-digit alphanumerical string.

    So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output strings would be:

    36^32 = 6.33402867 (10)^49, which is NOT infinity!

    Then what is the purpose behind any cryptographic hash?

    I think I've asked an interesting question (not flattering myself that'd be lame)

    Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).

    Thank you!
  2. #2
  3. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,381
    Rep Power
    1871
    > Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?
    Of course not, that would count as near infinite compression.

    If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an n-bit hash.

    The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
    So for example, if you had "Send me $1", you would find it nearly impossible to come up with another message "Please send me $1000000" which has the same hash.

    > So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
    Not 26, only 16
    All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f

    > Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
    Because they are hex strings, and each character represents only 4 bits.
    So the visible "1234" represents just two bytes - 0x12 and 0x34
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    313
    Rep Power
    0
    I believe that MD5 hash is ok for MY own program.
    But for the others ?...
    See:
    http://www.mscs.dal.ca/~selinger/md5collision/
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2010
    Posts
    4
    Rep Power
    0

    Thank you!


    Thanks a lot!
    esp. Salem! for such an elaborate answer

    Originally Posted by salem
    > Is the cryptographic hash approach practically possible, that ANY AND EVERY data can be used to produce a unique fixed-length string produced by carrying binary operations (Message Digest Algorithm) on the data?
    Of course not, that would count as near infinite compression.

    If you have n bits of hash, then the complete population of all possible n+1 bit messages will have collisions in an n-bit hash.

    The crypto aspect comes in from the fact that given a hash (say 60a0803cc655ced6d7ab4bc81d179ef7) it is a very hard problem to figure out a specific message which has that hash.
    So for example, if you had "Send me $1", you would find it nearly impossible to come up with another message "Please send me $1000000" which has the same hash.

    > So, every place can take one out of 36 characters (26(alphabets)+10(numbers)), in that case, using Permutations, the total number of possible MD5 output
    Not 26, only 16
    All MD5 (and SHA1, and others) typically display the results in hexadecimal, which uses 0 to 9 and a to f

    > Additionally, why MD5 is called a 16-byte/128bit hash, while it produces 32 characters of string (256 bits, assuming 1 character = 1 byte = 8 bits).
    Because they are hex strings, and each character represents only 4 bits.
    So the visible "1234" represents just two bytes - 0x12 and 0x34
  8. #5
  9. Contributing User
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Sep 2007
    Location
    outside Washington DC
    Posts
    2,642
    Rep Power
    3699
    MD5 is considered obsolete for all new code. You should be using a SHA rather than MD5. These days, folks recommend against SHA1, and suggest SHA256 or other flavors.

IMN logo majestic logo threadwatch logo seochat tools logo