Posted by Daedalus.OS on 05/28/05 17:32

"simon" <spambucket@myoddweb.com> wrote in message
news:3fr8cfF979vlU1@individual.net...
>>>
>>> And all I was trying to do was to correct the statement that md5 was a
>>> one
>>> way hash.
>>>
>>
>> It is a one way hash function.
>
> I am sorry, but I don't quite agree.
> I did, (and still do), some reading, the fact is that you can get a string
> given a hash key.
>
> Please note that I was, (maybe wrongly), talking about passwords.
> Every application compares the key and not the string.

You may agree or not, the fact is that md5 is one-way.
One-way mean that if md5(x) = y, you cannot find the value of x even if you
know the value of y.
But md5 is not absolutely collision-free (no hash algo. is absolutely
collision-free).
Collision mean that it is not impossible to find two different string that
gives the same hash ( md5(x) = md5(y) )

Even if you can get a string from a given hash, you can't retreive THE with
string with from the given hash. Well with a monster of luck you could, but
you wouldn't know it, you would not be able to tell that it's THE one.
Two-way refer to encryption<->decryption. You don't hash something if you
want to retreive the original value later, don't you ? Because hashing is
one-way and md5 is hashing.

Cracking a hash is not decryting it since it's impossible. What you're
talking about is collision and finally, hashing (not only md5) is a one-way
operation.

Dae

>>
>> - Mike
>
> Simon
>

[Back to original message]