|
-
August 17th, 2004, 05:30 PM
#11
Noia:
MD* is 32 characters, 0-9 and a-f.
SHA1 is 40 characters, 0-9 and a-f.
Leave the caps out 
For clarification, I am trying to do what sirdice mentions in post #7.
My method for figuring this out was by generating a bunch of them in cryptomx and comparing, so may be incorrect.
-
August 17th, 2004, 05:56 PM
#12
I wasn't outlining cracking techniques, but brute-forcing an MD5 is a method of checking it's authenticity  Not the best one, time-wise and whatnot, but still, if the brute-force process returns a string that when passed through MD5 would return the proper hash, that means the hash is valid.
/  \\
-
August 17th, 2004, 06:10 PM
#13
Something you may find interesting, SHA0 has been broken, and its rumored that SHA1 and MD5 are next.
-Maestr0
http://slashdot.org/article.pl?sid=0...&tid=1&tid=218
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
August 17th, 2004, 06:24 PM
#14
This is all well and good but, how do you search for md5 strings in an evidence file. I think that was the question.????????????
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
August 17th, 2004, 08:42 PM
#15
1. As far as the Slashdot article goes it seems there have been collisions already found in MD5. But yes, with these 'bugs', many cryptographic systems would be at risk.
2. jinxy the way I got the initial question was: how can you make sure the hash you're looking at is in fact generated by the MD5 algorithm, instead of it being a completely random string?
/ \\
-
August 17th, 2004, 08:49 PM
#16
Surely if there was a system for creating a check value then anyone could come along and make any old string (without a check value) then work out what the check value would be using the same equation thus making it pointless. Or have I once again missed something something important for example oxygen?
-
August 17th, 2004, 09:16 PM
#17
Hellforge-
Yes if there were a check value in MD5, that would be possible. CC# generators, key generators, serial generators all use an algorithm that fake a check value. But it seems in this case that the MD5 algorithm doesn't output any check values.
Jinxy- I know how to search for a string in a file with a few languages, it's just that when I just used the 32 character length as a filter, I got lots of results. I wanted to run those results through a second filter, and it turns out there are certain letters and numbers in the string. Although it still doesn't mean it's a legit MD5, I guess.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote