He actually asked two different questions on #2, if all hashes have collisions and if all messages have collisions. For MD5, the latter is "almost" proven true. There's a tool that let you enter two plaintexts, and then it generates a shared appended string (like md5(text_a+string)=md5(text_b+string)) that gives them the same hash. Not exactly the same, but relevant.
If there's "direct" collisions for all hashes and/or messages depends entirely on the algorithm. There could be one hash for SHA256, for example, which only has *one* message that can generate it. Then there are no messages or hashes colliding with those, and the answer to both of the questions in #2 is "no". Also note that if there's collisions for all hashes, there's collisions for all messages, but the reverse doesn't have to be true. 2012-03-10 12:33 skrev Timo Warns: On 2012-03-09, [email protected] wrote: > On #2: There MUST be collisions with fixed-length hashes. But with 2^256 > possible results and sufficiently strong algorithms, it will not matter IRL. > We > won't find any collisions ever. But of course, the algorithms MIGHT be weak. > MD5 was thought to be strong when it was new. I think Florian asked whether there exists a collision for _every_ hash value. Cheers, Timo _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
