Topic: [SOLVED] What is the point of MD5?

[rv20]

I don't understand your point with the sha-256, to me you would be as well with a random number as that is what it seems to output.

So i take it you can't use the sha hashing method to store passwords as how can you compare hashes for passwords if this sha-256 gives a different hash values for the same password each time it is run?

My script produces random output because I give it random input. If you use the same input you'll get the same output. Try it out.

I think my point it totally valid, if someone hashes a password with md5 then all you need to do is run a brute forcer and compare each hash generated by the brute force method to the hash you have, i don't see the problem of calling that cracking.

Then you probably need to work on your math skills. Do you understand the post I just wrote? If foo => baz and bar => baz and I just tell you "baz". How are you going to know if I had "foo" or "bar"?

Well if i run your script 3 times then i get these 3 different hashes for a start,

f68902640462f40cb28cf80a0e468b289951852c33d72161f fa5c76650f9bf11
df345263f958e654c54badb27052f138e064594b1bc1074b8 69266f7f2aad2ba
b5f5d34abad06ad189324f7f7414093f4d683a3d32b4e7ab8 e92adcda08c490d

Second point, i am not saying you can reverse a hash, i am saying if you try every possible combination of passwords then eventually you will hit the same combination that produces the oringnal hash, called a recursive method.

md5('a') = 3454535442
md5('aa') = 8983989932
md5('aaa') = 4534534544


and on and on until,

md5($x) = same hash as has you are trying to crack..

That is what cracking is, not decoding.

[Daniel0]

Well if i run your script 3 times then i get these 3 different hashes for a start,

f68902640462f40cb28cf80a0e468b289951852c33d72161f fa5c76650f9bf11
df345263f958e654c54badb27052f138e064594b1bc1074b8 69266f7f2aad2ba
b5f5d34abad06ad189324f7f7414093f4d683a3d32b4e7ab8 e92adcda08c490d

I think you need to start reading what people write. It gives random output because it gets random input. Remove the randomness in the input and you will remove the randomness of the output. Again, this is a math concept. The input is called the independent variable, the output is called the dependent variable. The dependent variable depends on the independent variable.

Second point, i am not saying you can reverse a hash, i am saying if you try every possible combination of passwords then eventually you will hit the same combination that produces the oringnal hash, called a recursive method.

Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?

[DarkSuperHero]

...............
Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?
.......

I think that what the rv20 is trying to get at is that he doesnt care what the original value is, if he finds a value that creates that hash it is good enough because even if its a collision it will allow him access to what ever that "password" protected are allows access to.... right rv20 ?

[rv20]

...............
Only if you have infinite amounts of time. You can get a value that produces the same hash, but you have no means of verifying whether it's the original value or one of the colliding values. Why is that so difficult to understand?
.......

I think that what the rv20 is trying to get at is that he doesnt care what the original value is, if he finds a value that creates that hash it is good enough because even if its a collision it will allow him access to what ever that "password" protected are allows access to.... right rv20 ?

Correct but realise i am wanting to know this so to know how to secure against such a thing, for example before i asked this question i may have well stored the username and an md5($password)  in the cookie i now realise that there are quite a few valid ways to steal a cookie and therefore if you got the hash you could easily run it through a bruter.  This is pretty unlikely to happen but why not learn the basics, also quite interesting??

So now i know to do at least an md5(md5($password . $salt))  and you can't really go wrong.

[waynewex]

$salt = 'jdhje7usGHSjuio!<sghd09(shj)sgh!dgsj67';
$password = sha1($salt.$password.$salt);


Wallah. Computationally secure.

[Daniel0]

I think that what the rv20 is trying to get at is that he doesnt care what the original value is, if he finds a value that creates that hash it is good enough because even if its a collision it will allow him access to what ever that "password" protected are allows access to.... right rv20 ?

I call BS. I already said that several posts ago:

However, in terms of checking the hash of an entered password with the stored hash of the real password, it is irrelevant whether or not you can reverse it because one of the colliding inputs will also match and log you in.

Yet he kept claiming that MD5 (and thus hashing algorithms) can be cracked. Not just once, but numerous times. Of course he has demonstrated a few times in this post that he doesn't actually read the posts before responding to them. Failing to understand something doesn't mean it doesn't work, it just means you don't understand it. I don't know how cars work either, but that doesn't mean cars don't work.

So now i know to do at least an md5(md5($password . $salt))  and you can't really go wrong.

Read back a few pages. Running a value through the same hashing algorithm multiple times increases the risk of hash collisions.

[GingerRobot]

So now i know to do at least an md5(md5($password . $salt))  and you can't really go wrong.

Im sorry, but please please please learn to bloody read. As has already been stated, applying the md5 algorithm more than once increases the chance of collisions. Hence it is less secure. Why is that so hard to understand?

Incidentally it also means that there is a fixed upper limit on the number of checks you have to perform before you will get a match*.

No need for the star -- it's trivially true. There has to be a fixed number of inputs that you have to perform in order to generate all the outputs. Whether or not that's equal to the number of different hashes is a different question (which, incidentally i'm guessing is false -- i bet my bottom dollar that there are collisions within the first |sigma|^32 items [where sigma is the alphabet. I would use 16(hex) but i'm not convinced md5 is limited to hex but i cba to check]).

$salt = 'jdhje7usGHSjuio!<sghd09(shj)sgh!dgsj67';
$password = sha1($salt.$password.$salt);


Wallah. Computationally secure.

What on earth do you mean by 'computationally secure'? Sha1 would require more processing power in order to generate a collision than md5, and a salted password even more so. But that doesn't imply that it is totally secure.

[rv20]

So now i know to do at least an md5(md5($password . $salt))  and you can't really go wrong.

Im sorry, but please please please learn to bloody read. As has already been stated, applying the md5 algorithm more than once increases the chance of collisions. Hence it is less secure. Why is that so hard to understand?

Incidentally it also means that there is a fixed upper limit on the number of checks you have to perform before you will get a match*.

No need for the star -- it's trivially true. There has to be a fixed number of inputs that you have to perform in order to generate all the outputs. Whether or not that's equal to the number of different hashes is a different question (which, incidentally i'm guessing is false -- i bet my bottom dollar that there are collisions within the first |sigma|^32 items [where sigma is the alphabet. I would use 16(hex) but i'm not convinced md5 is limited to hex but i cba to check]).

$salt = 'jdhje7usGHSjuio!<sghd09(shj)sgh!dgsj67';
$password = sha1($salt.$password.$salt);


Wallah. Computationally secure.

What on earth do you mean by 'computationally secure'? Sha1 would require more processing power in order to generate a collision than md5, and a salted password even more so. But that doesn't imply that it is totally secure.

Increased chance, what about 1 zillion to one?

[Daniel0]

Incidentally it also means that there is a fixed upper limit on the number of checks you have to perform before you will get a match*.

No need for the star -- it's trivially true. There has to be a fixed number of inputs that you have to perform in order to generate all the outputs. Whether or not that's equal to the number of different hashes is a different question (which, incidentally i'm guessing is false -- i bet my bottom dollar that there are collisions within the first |sigma|^32 items [where sigma is the alphabet. I would use 16(hex) but i'm not convinced md5 is limited to hex but i cba to check]).

Yeah. I for some reason became unsure before I was about to hit the post button, so I included that in case I wasn't true. I had to leave so I didn't have time to check. I'm 100% sure now though. Especially considering simpler hashing algorithms like modulo operations it's pretty obvious that it's true.

Anyway, MD5 does output in hex. The PHP function md5() does anyway. You can represent it in any base you want.

[Daniel0]

Increased chance, what about 1 zillion to one?

Learn math. That's the shortest answer I can give you because to be honest, it doesn't seem like you've understood any word of what we said so far (or you're ignoring it, I can't really tell).

Besides, do you need to quote entire long posts to comment on one statement? If I write an essay on something and I want to comment on something written in a book, I don't embed the entire book within my essay either.

[GingerRobot]

Increased chance, what about 1 zillion to one?

Grow up. Seriously.

If I write an essay on something and I want to comment on something written in a book, I don't embed the entire book within my essay either.

Unless you need to bump the word count

[MadTechie]

I would like to give a quick simple example of why you can NOT "crack" a hash
Just say my password was "mypassword" and MD5 hash of that is 34819d7beeabb9260a5c854bc85b3e44

Now just say i created a hash of the "this is not my password" + 1000 spaces that could create the same hash, Now as both have the SAME hash, which one was my password ?

Theirs no way to know, so even if you find a password that will create the same hash it probably isn't the same password, keeping that in mind just say i MD5(MD5('password').$salt) your need to break a 32+salt charactor password

I haven't tried a 7 letter password the time taken usually goes up,  i would guess exponentially.

It always goes up and yes is exponentially
a simple password like this Pass0% may take awhile
but what about this for a password 5eabbae43f756c1368515e1833c31e14salt (note "salt" at the end)
that is the hash of Pass0% with salt appended
the hash for that is 0395421069be29f359091e944a64dba0

now the problem to get the original password you MUST resolved the first hash back to the same as the one it was generated from or you won't have a hash to run the second crack on.
if you don't resolve 0395421069be29f359091e944a64dba0 back to 5eabbae43f756c1368515e1833c31e14salt then you can't even attempt to resolve 5eabbae43f756c1368515e1833c31e14 back to Pass0%

Thus you could build a endless list of string that create the same hash but that's all! you can NOT get the original password used

[gevans]

Daniel, I found this for you;

http://www.howstuffworks.com/engine.htm

Just to clairfy in my mind that I am increasing my chances of collision using the following?

Code: [Select]

<?php
public function preparePassword($password) {
$md5_password = md5($password);
$salt = $this->controller->getConf('salt');
$prepared_password = md5($md5_password . $salt);
return $prepared_password;
}

Ignore the methods, going by what I've read today I'd be better off with the following?

Code: [Select]

<?php
public function preparePassword($password) {
$salt = $this->controller->getConf('salt');
$prepared_password = md5($password . $salt);
return $prepared_password;
}


[rv20]

snip

I know all this but this thread has gone a bit off course from my original post but some of the arguments are also a bit weak also like yours with your example or having the same hash for two different passwords(collisions). According to this site,

http://unixwiz.net/techtips/iguide-crypto-hashes.html

there has never been a collision found yet for an md5 hash. And anyway collisions don't come into it anyway as it it the hash your are replicating from the password so if you manage to generate the right hash from a cracker ok there could be another "string" out there that produces the same hash but it doesn't matter as you have found the hash for your password.

Im sorry, but please please please learn to bloody read. As has already been stated, applying the md5 algorithm more than once increases the chance of collisions. Hence it is less secure. Why is that so hard to understand?

I will need to check up on that the wiki entry for rainbow tables uses md5 (md5 ($password . $salt)) with no mention of collisions. I think your collsions problem is a bit far fetched as from what i have looked at you have more chance of building a rainbow table to crack a salted password than you do of having a collision. I think you talk the talk.

[Crayon Violent]

I have to partially agree with rv20 for the isolated incident of it not mattering whether you know which of the two strings is the "right" password if they both share the same hash.  (Most) scripts are written to compare the stored hash with the generated hash from what the user inputs into the login prompt.  So if user's password is "foo" and it generates a hash of 12345 and I figure out that the hash is 12345 and I "reverse engineer" it and come up with "bar" and enter that into the login prompt... well as far as the login script is concerned, 12345 == 12345.