|
|
Posted by simon on 05/28/05 15:56
>>>Start with a given string, it will always map to the same hash. Start
>>>with the hash, it could map to any one of an infinite number of strings.
So? The idea is to get a string that would match the hash, (to get the
password).
Of course there is no way of knowing if that was the original string, but
that's not what the OP was asking.
He was asking about passwords. Almost every site that is md5() only compare
the hash as they cannot compare the string.
So, technically, given a hash key you can get a string. In turn that string
would match the hash and give you access.
>>
>> I don't quite agree. But that's not the point.
>> I was only replying to the OP. So for the third time, it is technically
>> possible to get the string but almost impossible to do so.
>
> No, it isn't possible! (I know that's not the point, but since I'm
> bored...)
You are right, my statement was wrong. I should have said.
"...it is technically possible to get the string but..."
> Clearly, it's very unlikely that I'd get the same encoded string if I come
> along with a different page of text and did this. However, that doesn't
> mean that you have any chance of identifying the original string given the
> encoded string. There has been a fundamental loss of information, which is
> impossible to retrieve unless you already know something about the
> original string.
>
Again, I agree. But in all fairness my password statement still holds true.
You can use the hash key to get a string. That string will give you access
to the site, (although it might not be the original password string).
> --
> Oli
Simon
Navigation:
[Reply to this message]
|