quote:
Originally posted by NiteMare
quote:
Originally posted by CookieRevised
quote:
Originally posted by NiteMare
Really?, MD5 encryption hasn't been cracked yet, its a one way encryption
think again...
when/where was it cracked. and how do you know
First of all, the theoretical question of "can MD5 be hacked" is even totaly wrong. There is nothing to "hack"; you can't find the original data even if you could reverse the hash.
So, MD5 is
not an
encryption method. It is a
hash function, which is a (mostly unique) fingerprint of the original data. This is used to check if data is valid. This means that data is lost when you "decode/encrypt" something to a hash function, hence you can never reverse it to get the original data. So, in that you're correct...
However (and this is what I meant with "Think again")!....
MD5 was designed as a strengthened version of MD4. Because in MD4 (and the ones before that) the resulted hash isn't so unique as it was meant to, thus not so secure; Different data had the same hashes. These are called
collisions, which are the worst nightmare of those systems which highly depend on the uniqueness of the hash (think of big serversystems, password lists, etc. etc.)
For MD5 if was thought that collisions were very very rare (1 out of millions or so
(this is just a guess... but the number is very high though)), and even if they were found by accident, it would never be possible to realy calculate them and get a collision on purpose because it would take years with a brute-force method (called collision-attacks).
Well, on August 17th 2004, 4 Chinees men discovered a method to realy calculate those collisions and thus it is possible to change/add data so that the same MD5 hash will be returned as another given data set. This _is_ what you could call "cracking the MD5", because a valid data set can be mutelated in such a way that the original MD5 hash of the original data will still be the same after the alteration. This means very _big_ problems: Think of a virusmaker who attaches a virus to a file in such a way that the MD5 hash-check isn't changed of that file! Or think of an automatic password generator which creates pseudo-passwords with the same hash as others (very often passwords aren't checked by the string data itself, but rather with the MD5 hash!!!)
To give an idea of the "easyness" of the calculated MD5 collisions, some small quote from the paper which was published in August:
quote:
(siq: M, M' = data // Nt, Nt' = initial values)
(...)
On a IBM P690, it takes about one hour to find such M and M', after that, it takes only 15 seconds to 5 minutes to find Nt and Nt', so that MD5(M,Nt) and MD5(M',Nt') will produce the same hash value. Moreover, our attack works for any given initial value.
(...)
The methods they used to break MD5, can also be used to break: HAVAL-128, HAVAL-160, MD4, RIPEDMD, SHA-0, ...
Now, don't be uber-paranoid about all this!! The changes that your password will be "cracked" like this is extremely small. But for those who run big systems, there is a real problem though...
As a proof of concept, an attached zip with two very different datafiles, but they will produce the same MD5 hash!:
/ 
Attachment: 
