Posted by Jerry Stuckle on 12/03/07 13:23

Oliver Grätz wrote:
> Jerry Stuckle schrieb:
>> And I still stand by my statement. They are not valid for finding an
>> original string. Even a string of 5 characters may have a duplicate
>> hash. And the longer you get, the more likely you are to have a
>> duplicate. Or a password of 'ksfjlksahoh3ndskjvcn' just might have the
>> same hash as 'abc', for instance.
>
> No it might not, MD5 is not THAT unstable. You need 2.6 x 10^18 input
> messages to achieve a collision probability of 1%. The collision
> probability for *two* *short* inputs (that's BOTH of them being SHORT)
> is EXTREMELY (no, really !) low. And, to use your example, I guess Ziggy
> will recall if "ksfjlksahoh3ndskjvcn" or "abc" was his password or - if
> he tried to recover the password for someone else, then that person will
> be able to tell them apart. The other way round, if someone wants to
> find an input to reproduce a certain hash in order to get into a system
> where only the encoded password is known and cannot be changed, then ANY
> of the inputs will work so IT DOESN'T MATTER if he gets "abc" or
> "ksfjlksahoh3ndskjvcn" as an answer.
>
> OLLi
>

Extremely low is not the same as nonexistent. And I'm not sure where
you got that figure, but it's nowhere near the figures I've heard.

Also, while my example was meant to be very simple and obvious, the
password owner may not be able to tell which is is - at least if he's
using secure passwords.

And no, it doesn't matter which one the user uses to get into the
system. Which is why my comment that it is only useful for recreating
known hash values.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]