Report of collision-generation with MD5
Chris Doherty
chris-freebsd at randomcamel.net
Wed Aug 18 13:54:44 PDT 2004
On Wed, Aug 18, 2004 at 02:29:57PM -0400, Peter C. Lai said:
> On Wed, Aug 18, 2004 at 09:08:12PM +0300, Claudiu wrote:
> > hello,
> >
> > please explain what do you mean by "reverse the hash". Is this the
> > recreation of the originial message from its hash ?
>
> The short answer is yes. The slightly longer answer is that such is only one
> specific case. The general case is that the digest should not reveal any
> information about the original message.
well, technically you're not "reversing the hash": you can't re-create a
message from its hash, because the information is simply gone--digesting
algorithms are massively lossy by definition. that is, you can't take a
128-bit MD5 hash and recover the original 2-megabyte message, which makes
sense.
what you can do, if you have a proper attack formula, is find *a* message
that produces *that one hash*. that is, if I have message M which produces
hash H, I can use the attack to find *a* message M' which will also
produce hash H.
I suppose the possibility exists that M' will equal the original M, but
I'd speculate that the odds are remarkably small.
chris
-------------------------------
Chris Doherty
chris [at] randomcamel.net
"I think," said Christopher Robin, "that we ought to eat
all our provisions now, so we won't have so much to carry."
-- A. A. Milne
-------------------------------
More information about the freebsd-security
mailing list