Posted by trlists on 04/22/05 20:20
> > It's more like a theoretical "hole" that may some day prove to be the
> > first step in a long long long process of understanding something that
> > might maybe some day yield a way to de-crypt MD5.
>
> That's exactly my point.
>
> It's similar to how a local root exploit sometimes evolves into a
> remote root exploit once publicized and people begin working on it.
>
> Disclaimer: There are only about 5 or 6 people in the entire world who
> know anything about encryption.. and sadly I am not one of them.
MD5 is hashing which is not the same as encryption. Hashing is
normally defined as a one-way conversion of a plaintext message into a
fixed-length digest or "hash". Encryption is normally defined as
conversion of a plaintext message into ciphertext which cannot be read
until it is decrypted -- i.e. encryption normally implies the
possibility of decryption.
In that framework there is no such thing as "decrypting" an MD5 digest,
because an MD5 digest is not an encrypted version of the message to
start with. No amount of CPU power will change this basic fact --
though CPU power can be used to do a brute force search for strings
which will generate a given MD5 value. However, as stated before, at
current levels of computing power this is not feasible for messages
beyond I think 7 or 8 characters long (don't quote me on that).
The recently discovered "hole" is unrelated to the above. It is that
under certain conditions it is possible to find two different plaintext
messages which will generate the same MD5 digest. This could
theoretically allow one to spoof a message and have it appear
legitimate if MD5 is used for the legitimacy check, but it does not
allow "reversal" of MD5, nor do the authors of articles on this problem
seem to claim that it could.
--
Tom
[Back to original message]
|