|
Posted by Toby A Inkster on 11/27/07 08:13
Kailash Nadh wrote:
> In theory, every md5 hash is unique. An md5 hash is bound to a single
> unique input. If a brute-force matches a has, THAT is the original
> input.
As everyone else has pointed out, MD5s are not unique. Here's a thought
experiment which proves it.
An MD5 is a 128-bit number. Thus there are 2^128 possible MD5 outputs.
If we consider all possible files of length 17 bytes (136 bits), then
you'll notice that there are 2^136 possible MD5 inputs.
Now, (2^136)/(2^128) = 2^8 = 256. Which means that for every MD5 input,
there are (on average) 256 different files of length 17 bytes which can
produce that result.
And that's just collisions with files of length 17 bytes. When you
consider files with length 18 bytes, there are over 65000 collisions for
each MD5 result. Imagine how many possible collisions there are with files
in the kilobyte or megabyte size range!
--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 2 days, 14:54.]
It'll be in the Last Place You Look
http://tobyinkster.co.uk/blog/2007/11/21/no2id/
[Back to original message]
|