I know that md5 is a hash so that any length of input results in a 32byte output. If you knew what the length of the input was, could you then reverse the hash process using the original file length and the md5 results and come up with the original byte sequence as output? I hope this makes sense.
Posted on 2003-07-31 10:23:21 by rdaneel
If I am not wrong, md5 hash is a one way hash. So techincally what you are saying is impossible. You could reserve the hash, but with difficulty. (The one for reserving it would be B.R.U.T.E.F.O.R.C.E :grin: )

md5 hash is used for a purpose. If not some other encryption routines would have been in place instead of the hash.
Posted on 2003-07-31 11:09:34 by roticv
Is it a 'one way' hash because of the md5 math itself or because of a lack of information about the source value that was hashed. If I do this:


string db "Hello, World!",0
hash db 32 dup(?)

invoke md5, ADDR string
invoke lstrcpy, ADDR hash, eax


That gives me: bea8252ff4e80f41719ea13cdf007273

Now I know the hash result and the length of the input value(13). If I am not mistaken, there is only one possible has for a given sequence of input bits. That means that anytime I have a 13 byte input value that hashes out to bea8252ff4e80f41719ea13cdf007273 , then the input had to be "Hello, World!". Anytime the results are that consistent, it seems to me that you would be able to reverse the process and acheive the original byte sequence.
Posted on 2003-07-31 11:31:56 by rdaneel
As roticv says it can be brute forced (thus you try every possible combination for the lenght), how many possible combinations are there for a 13 byte long array? 13^256 (~1.477*10^285) possible combinations?
Posted on 2003-07-31 13:36:39 by scientica

I know that md5 is a hash so that any length of input results in a 32byte output.[..]

The output is 16 bytes, 128-bit.. Only usally represented as 32 hex digits.


If I am not mistaken, there is only one possible has for a given sequence of input bits. That means that anytime I have a 13 byte input value that hashes out to bea8252ff4e80f41719ea13cdf007273 , then the input had to be "Hello, World!".

That's where you're wrong.. There's no such guarantee.. Yes a specific input has a only one possible hash value, but two possible inputs can have the same hash..
Or look at it this way: If you were right, and md5 would be reversable, we could make harddisks with only 128 bits of physical storage but get infinite disk space using md5 as the compression mechanism.. Just hash a file, store the 128 bit hash and reverse it when you need the file.. Looks a bit wrong doesn't it :grin:..

Yes it's possible to generate an input that hashes to a specific hash, having only the hash value but it takes a lot of time, and most imporantly: the input is never unique for that hash. In fact there are infinite possible inputs for each possible hash.

Thomas
Posted on 2003-07-31 14:42:34 by Thomas
Why would you want to reverse an md5 hash? The main aim of md5 is not encryption, it is for authenticating, so there is no need to reverse it as it doesn't hide any information, it just gives that information a digital fingerprint.
Posted on 2003-08-01 07:40:52 by sluggy


The output is 16 bytes, 128-bit.. Only usally represented as 32 hex digits.


That's where you're wrong.. There's no such guarantee.. Yes a specific input has a only one possible hash value, but two possible inputs can have the same hash..
Or look at it this way: If you were right, and md5 would be reversable, we could make harddisks with only 128 bits of physical storage but get infinite disk space using md5 as the compression mechanism.. Just hash a file, store the 128 bit hash and reverse it when you need the file.. Looks a bit wrong doesn't it :grin:..

Yes it's possible to generate an input that hashes to a specific hash, having only the hash value but it takes a lot of time, and most imporantly: the input is never unique for that hash. In fact there are infinite possible inputs for each possible hash.

Thomas


from RFC 1321

It is conjectured that it is computationally infeasible to produce
two messages having the same message digest
, or to produce any
message having a given prespecified target message digest.
Posted on 2003-08-01 08:41:30 by Hiroshimator
Computably infeasible, of course.. But not theoratically impossible. Also, computably infeasible is only relative, who knows what kind of computing speeds the future will bring..

Besides, there *have* to be at least two messages with the same hash, it's the pigeon hole principle: If you have only X pigeon holes (hashes), but X + 1 pigeons (or infinite inputs), two pigeons have to share one hole (multiple inputs have to share a hash).

Thomas
Posted on 2003-08-01 09:58:39 by Thomas
given current technology I take my chances with 1/2^64 chance :grin:
Posted on 2003-08-01 10:34:46 by Hiroshimator