Richard Lynch wrote:
On Fri, June 10, 2005 3:01 pm, Jason Barnett said:
That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result
In that framework there is no such thing as decrypting an MD5 digest,
because an MD5 digest is not an encrypted version of the message to
start with. No amount of CPU power will change this basic fact --
though CPU power can be used to do a brute force search for strings
which will generate
Murray @ PlanetThoughtful wrote:
The app in question was storing the md5 value of 4-digit PINs in the
background database, and the owners of the app were quietly confident that
this meant the PINs were 'encrypted' and 'secure'.
Amazing.
Thanks for sharing that. It's a great example. :-)
Of
Amazing.
Thanks for sharing that. It's a great example. :-)
You're very welcome! If it helps just one other developer avoid the same
pitfall, then today is a very good day. :-)
Exactly, and this is why it's a good practice to use a seed when you
generate MD5s for passwords.
Which is
On 4/22/05, Richard Lynch [EMAIL PROTECTED] wrote:
On Thu, April 21, 2005 10:28 am, Ryan A said:
Interesting reading, even though most of it went over my head :-)
There ar'nt any tools freely available to the average joe to decypher a
md5
hash though...right?
No, there aren't.
And
That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result in exactly the same MD5 hash as the original.
I actually tried it out
On Fri, June 10, 2005 3:01 pm, Jason Barnett said:
That is incredibly interesting stuff, many thanks for that link! So the
position seems to be that it may not be feasible to reverse MD5, but it
is now feasible to create forged documents / binaries / whatever that
result in exactly the same
If you are happy with infinite answers, I guess that is Ok. In practice,
since you would probably wouldn't expect numbers (or strings) infinetly
long, assuming that you just have N possible initial values, you would have
N/3 possible answers.
I thought the question was about getting one
On Thu, April 21, 2005 10:28 am, Ryan A said:
Interesting reading, even though most of it went over my head :-)
There ar'nt any tools freely available to the average joe to decypher a
md5
hash though...right?
No, there aren't.
And even the collisions found don't really mean much in the grand
Hey,
I really
wouldn't sweat this in terms of your day-to-day life/programming,
other than to keep your code modular enough to replace md5 with
something else in the year 2020 or whatever.
Thats fine by me, by 2020 the spaceship would have landed and I will be
declared
sub ruler of planet
On 21 Apr 2005 Greg Donald wrote:
Same thing with MD5, it
is just one way, it can't be reversed.
MD5 collisions were found last year:
http://cryptography.hyperlink.cz/md5/MD5_collisions.pdf
Just a matter of time/cpu power.
I don't think that's right. Collisions allow certain kinds of
I don't think that's right. Collisions allow certain kinds of
cryptographic attacks against things like MD5-based signatures but that
is not at all the same as being able to simply determine the original
message content from the digest. Rather, they allow you to substitute
the original message
On 4/22/05, Richard Lynch [EMAIL PROTECTED] wrote:
It's more like a theoretical hole that may some day prove to be the
first step in a long long long process of understanding something that
might maybe some day yield a way to de-crypt MD5.
That's exactly my point.
It's similar to how a local
It's more like a theoretical hole that may some day prove to be the
first step in a long long long process of understanding something that
might maybe some day yield a way to de-crypt MD5.
That's exactly my point.
It's similar to how a local root exploit sometimes evolves into a
On 4/21/05, Satyam [EMAIL PROTECTED] wrote:
If I tell you that dividing a certain number by three gives you a remainder
of 2, would you be able to guess the first number?
Yes. 5, 8, 11, 14, etc.
Same thing with MD5, it
is just one way, it can't be reversed.
MD5 collisions were found last
Interesting reading, even though most of it went over my head :-)
There ar'nt any tools freely available to the average joe to decypher a md5
hash though...right?
Cheers,
-Ryan
On 4/21/2005 6:34:45 PM, Greg Donald ([EMAIL PROTECTED]) wrote:
On 4/21/05, Satyam [EMAIL PROTECTED] wrote:
If I
Nope.. nothing that'll easily decrypt MD5 back to it's original value. As the
line below says and the rest of the thread explained, MD5 is a one-way
function. In ordre to take an MD5 hash and get back to the original value,
you'd basically have to take every possible combination of
17 matches
Mail list logo
