1. ## Identifying Encryption techniques

From what I was taught, Credit Cards, drivers licenses and such have check numbers to tell if they are valid numbers. I was wondering if the same was with common encryption methods. Take this MD5 for example:
7b896e6db151d729c55dfeb7683e6f3f

How can someone prove that it is a valid MD5 instead of a random set of numbers? Same with AES, SHA, any other methods you can dream up. All google is coming up with is MD5 being able to verify integrity, but I am trying to verify the integrity of an MD5. Possible?

Thanks!

btw-
I am not looking for software to do this for me, I am looking for any mathmatical process or method of validating the MD5

2. While I think you have a valid question, I have a question for you...

Why should it matter?

I mean, technically anyone can create a random set of numbers and letters, and make it look like a MD5 key, but what's the point? Is there are particular reason you're asking, or are you just wondering if it's possible? I would speculate that it's not possible to verify whether a key is MD5 or not, but I may be wrong. The only way to discover if an MD5 is valid would be to actually decrypt it back into it's original context, which, if I remember right, isn't exactly a feasible task. If I'm wrong, please correct me, but I would say that's the only way to do it, which isn't really possible.

AJ

3. It's part of a potential forensics tool I am thinking about that regards exported cookie files. It should identify all the md5 strings, therefore placing forensic priority for those cookies over the advertising cookies and other garbage. I'm thinking that it would identify the domains someone was involved in, therefore giving an investigator a quicker response to those domains. A scenario would be a terrorist computer: a quick search of a large cookie file for md5's would show that he had a password to a certain forum, therefore an investigator can quickly forward the investigation another direction. Basically just making a step easier.

From what it looks like, Cain requires a 16 byte long md5, and a 20 byte long SHA1. I guess length is a fingerprint?

Also, I think it would be beneficial to search an entire computer for encrypted files, if an encrypted file can be ID'd then it can be possibly be cracked by an investigator.

4. MD5 is a hash function or one-way function and not an encryption algorithm, in other words you cannot reverse the digest back into the original form. Length can be an indicator of the hash function used, for example MD5 creates a 128-bit digest. The only way for you to discover whether its valid or not is to hash the orginal data and compare the hashes.

-Maestr0

5. It seems that MD* hashing is 16 bytes, and must contain characters a-f and 0-9. I guess then that is the only way to identify if a hash is possibly a legit MD*, without knowing the original.

6. Brute-forcing MD5 is somewhat not feasible, but that doesn't mean it's not do-able. With enough computing power and some patience a password could be broken within less then 24 hours. Depends on the charset too, no doubt, but that's the same for any password. The only problem is making sure that you've managed to go through all the possibilities, because it is possible to get false positives. Since you're expecting the hash to not be a valid MD5 output brute-force means you're going through all the possibilities and hope nothing matches.

I'm not sure about the theoretical probability, but as the length is the same [being a hash function the output is always constant in length] almost all possible combinations would have a valid plaintext that would generate them. So I think the changes of finding an invalid MD5 hash are slim, as long as length and characters are kept.

7. I think Soda_popinsky is looking for something that can identify a string and determine if it's an MD5, MD4, SHA or any other hashing/encryption algorithm. I.o.w. how to fingerprint an hasing/encryption algorithm, not how to crack it. Cracking it is part 2 but you'll need to identify what's used first.

8. sry, but i cant get your doubt, soda

If its is a MD5, its a integrity signature for some plain text.

Just get the plain text, pass again on md5 algorithm and compare the output with the previous md5.

why is so hard to verify the autenticity?

9. cacosapo: What if you don't have the plain text?

The point is how do you identify an MD5 string from any other (random) string.
Not what MD5 is, not how to crack MD5 and not how to verify MD5's authenticity.

10. [0-9A-Fa-f]{32}
and