What is the point of MD5?

[Daniel0]

The problem with your logic is just that the range of all integers reaches beyond a googolplex. You can always add +1. That's kind of what infinity means. Besides, that is completely irrelevant.

 

If I give you two numbers: 1 and 0, and tell you that one is correct (what whatever arbitrary purpose) and the other is incorrect., how are you going to know which one? You can guess all you want, but you won't know the answer until I tell you.

 

I think the biggest problem is that you don't understand what a hash table is. It's just a data structure like many others such as a heap, trie, linked list, array and so on. It's not just a "string of characters" or whatever you seem to believe it is.

[MadTechie]

Your just not getting it are you!

What makes you think in 5000 years your get the correct value ? why not 10000 years or 10000000000 years no matter how long to attempt it your always have more.. and your never know which one I generated the hash from.. the simple fact of the matter is you will never know what I used to create that hash, because you don't have the data you need, thus again its impossible!

 

its like X mod 10 = 6

What did I enter as X to get 6, NOT what CAN you enter to get 6.

You could say well it will be in my infinite list of possibilities.. but that's not possible

[PugJr]

If I give you two numbers: 1 and 0, and tell you that one is correct (what whatever arbitrary purpose) and the other is incorrect., how are you going to know which one? You can guess all you want, but you won't know the answer until I tell you.

 

This is where we are missing each other. No, my answer would be is that its either 1 or 0.  But it can not be 2, 3, 4, 5, +.

 

All I'm saying is that you can group all the content (Okay fine, not all since thats infinite, but whatever, a large number) with the same hash and within that group, it MUST be his hash. I've been saying that in most of my posts that I can group the ones with matching hashes, which then MUST contain the one we are looking for. I've also said plenty of times that you can not pinpoint the exact content of the message.

 

I guess my whole point is kinda worthless.

 

 

Madtechie, the 5000 years was just an arbitrary number. Okay, sorry, I mean x years. Techie, I'm just saying that I can group out the possiblities of your content just like daniel did with the phone numbers.

 

I can go on a point basis where you guys can agree and disagree, but I think we are just misunderstanding. I never said once I can get the /exact/ content, but I can get a group of the same hashes with different content.

[MadTechie]

but I can get a group of the same hashes with different content.

Agreed!

 

I gave an example of this here in this thread

 

EDIT: maybe we should move this thread to Miscellaneous

[.josh]

omg we need a mod to permanently unsubscribe from threads.

[Philip]

omg we need a mod to permanently unsubscribe from threads.

 

I second that.

[MadTechie]

That would be a good mod!

[PugJr]

How does one subscribe to a thread?

[.josh]

Okay by subscribe I mean how once you post in a thread, from then on forever and ever if someone posts in it, it will show up in the list of threads under "show new replies to your posts".  I want a mod where I can "unsubscribe" to a thread I posted in so I don't have to see it keep coming up on that list every time someone posts in it.

 

for the more traditional interpretation of subscribe, there's a button to the right of the posts/thread labeled "notify"

[Daniel0]

If I give you two numbers: 1 and 0, and tell you that one is correct (what whatever arbitrary purpose) and the other is incorrect., how are you going to know which one? You can guess all you want, but you won't know the answer until I tell you.

 

This is where we are missing each other. No, my answer would be is that its either 1 or 0.  But it can not be 2, 3, 4, 5, +.

 

Well, then it's not really an answer is it? Saying "it's either 1 or 0" in response to "is it 1 or 0" isn't an answer. And of course it's not 2, 3 or 4. Those were undefined for that purpose. I could have "square or triangle", "monkey or donkey", "A or B".

 

I guess my whole point is kinda worthless.

 

It is pointless because it's false.

 

All I'm saying is that you can group all the content (Okay fine, not all since thats infinite, but whatever, a large number) with the same hash and within that group, it MUST be his hash. I've been saying that in most of my posts that I can group the ones with matching hashes, which then MUST contain the one we are looking for. I've also said plenty of times that you can not pinpoint the exact content of the message.

 

How do you know when your "large number" is large enough?

 

 

 

Also, this is my new lottery coupon:

[tex]|A| = 7, \forall a_i \in A : 0 < a \leq 36[/tex]

Now I won the Danish lottery. I'm a millionaire. YAY!! I'll go claim my money tomorrow morning, and they better give it to me because I was right about the numbers that were drawn.

[MadTechie]

if you don't post you can watch a post by using Notify, this can be controlled by the Notifications in the control panel

but once you posted you have no control, it always appears when you click "Show new replies to your posts." which makes sense but can be a pain! when your no longer active in that post,

IE if i say "this is a Apache problem not PHP" and then move the thread it will continue to appear on my list.

[PugJr]

Okay lets do points to see where we aren't understanding each other. I do agree the point is kinda useless, but it isn't wrong. Well maybe it is but anyways.

 

 

1. Madtechie, is your hash under a 1125899906842624 of characters? (Actually, I know for a fact it is.)

 

2. Now, that I have up to 1125899906842624 of characters (Well, I don't actually but anyways) for hashes, I must have yours.

 

3. Now I have all the possible hashes that can be equal to madtechies hash. Now what are my possiblities reduced to? Well yeah, like I previously said it isn't much of a point. But this is still not false. I'd bet ya that assuming I had a computer that can compute all the md5 hashes within that character limit, one of those would be madtechies. Well, lets see, what would the odds of me guessing it be? 1.5E933/62 (Letters and numbers)^32 (character count)...1.5E933/1.9E89. See how well I did Daniel? Now we are down to about 8.2E843 options. See! Within that group of 8.2E843 strings, I MUST have madtechie.

 

Unless I did some math wrong somewhere...

[MadTechie]

Really you know that for a fact!

Your assuming its under a petabyte, why not a yottabyte..

Letters and number.. again assuming ~Sighs!~

 

but that still doesn't get you my original input!

[PugJr]

Madtechie, I've never said it would. I just said I could group out all the possiblities or well reduce it or something. Actually, at this point I'm kinda confused.

 

Oh, wow, you got a petabyte hardisk? Where can you buy one? I would love to have one. I'd never run out of harddisk space again! (Until 50 years later when 1024 terrabytes are small.)

 

We can reasonably assume that some top-of-the-line harddisk owner wouldn't be spending his time in phpfreaks when he must have millions of dollars. He'd be spending a lifetime of vacations.

 

But see, 1 in 8.2E843 isn't too bad of odds right?  See how many possiblities are removed?

[MadTechie]

you could also assume i only used 1 letter in lowercase as well to bring the odds down.

 

Well a 2TB Hard drive is £187.74 so about £1,000,000 should cover it.

then i need to get a system that supports it, then fill that up with my password.. then probably buy a new CPU as the old would probably died, then run MD5 on it.. have a cup of tea while I wait..

 

1.2 petabytes of storage

[corbin]

Fun math:

 

Let's assume a password is anywhere from 4 to 16 characters long, a-z0-9.

 

Total possible combinations:

 

Summation of (36^x), x = 16, go until x = 4 (including 4).

 

Yeah, I'm too lazy to figure out how to make a summation sign.  And, I'm too lazy to look up the formula that would simplify that immensely.

 

The total number of space taken would thus be:

 

Number of possibilities * 16 bytes + length of each possibility.

 

(The sum of the length of every possibility could be found by:

Summation of x*(36^x), x goes from 16 to 4.

)

 

 

Great, now I get to punch it all into a calculator x.x.

 

 

 

Actually hrmm...

 

<?php

//Summation of (36^x), x = 16, go until x = 4 (including 4).
//Summation of x*(36^x), x goes from 16 to 4.

$sum = '0';

for($x = 16; $x >= 4; --$x) {
$sum = bcadd($sum, bcpow(36, $x));
}

echo "There are {$sum} total combinations possible.\n";

$sum2 = '0';

for($x = 16; $x >= 4; --$x) {
$sum2 = bcadd($sum2, bcmul($x, bcpow(36, $x)));
}

echo "{$sum2} bytes would be required to store the start text.\n\n";

echo "Total: " . bcadd(bcmul(16, $sum), $sum2) . " bytes.";

 

261719758492310867939371008 bytes!  Yeah!

 

About 232453841502 petabytes.

 

 

 

 

 

Now that I think about it, that sounds too high....  I did that math correctly, yes?

 

Hrmmm...  If the min length was 1, the max length was 2 and "a", "b", and "c" were the choices....

 

a

b

c

aa

ab

ac

ba

bb

bc

ca

cb

cc

 

12 choices...  (I should probably actually do 3 as the max length before I conclude anything, but I'm tired.)

 

3^x, x goes from 1,2

 

3 + 9.  12?  Hrmmm....  So I guess my math is right unless one of y'all sees an issue with it.

 

 

 

 

So...  at MadTechie's rate of 187.74 pounds per 2TB, that would cost about: 22344132712235679 pounds.

 

 

 

I feel like my math must have gone wrong somewhere....

 

 

 

 

 

Hrmmm now to wait for someone to correct my crazy-ass math.

 

 

 

 

 

 

 

Edit:  Oh wow....  I'm a dumb ass who should sleep...  I just thought about y'all's posts and realized a major thing I missed.  MD5 has a static hash length...

 

So the maximum number of MD5 hashes ever possible is 2^128.

 

Oh wait....  340282366920938463463374607431768211456 is larger than the total number of possible hashes that would exist.

 

 

Also, for the function md5(x), with output y, just because md5(x) is limited to z outputs does not mean anything in regards to the number of collisions.

 

Therefore, just because there are c possible inputs does not mean that there is a certain number of variables such that the md5() of the variable is equal to md5(x).

 

 

(Hopefully that made sense....  What I'm saying is, if the number of possible hashes was smaller than the number of possible passwords, that still does not mean that a collision exists for that particular password.  Also, nothing would insure that a collision would exist that met the same requirements.  In fact, I would expect that to be VERY unlikely.)

[Zane]

Are you shittin me? Still? 8 pages of the same question.

 

You can't crack a one-way encrypted.  no way no how.  and if you do somehow accomplish this task you'd probably have already went through years and years of your life trying.

 

Daniel has explained it time and time again (in math equations that I have no clue how to read really) and no one has had it seep in.

 

Seriously, here is my password to this site

*removed*

 

decrypt it

log in as me and go nuts

 

The End.  I'm gonna lock this thread now.

 

[Daniel0]

I don't mean to undermine your authority, Zane, but I have one last comment.

 

PugJr, the thing you're missing here is that this is mathematics. In mathematics a statement must be proven true, so it doesn't matter how big you make your range, and it doesn't matter that you say "I know your string is shorter". That's not a math proof.

 

People who still believe they can "crack"/decrypt/reverse a hash needs to reread this topic or preferably take some math courses.

 

Okay, now I'll leave.

[KevinM1]

It should be mentioned that as of now (2012), neither MD5 nor SHA1 are good ideas for security.  It's arguable that quick hashes were ever good for security.  Your best bet is to use PHP 5.3.7+ with crypt using CRYPT_BLOWFISH.  To that end, there are pre-made classes/libraries you can use to make it easier to successfully employ CRYPT_BLOWFISH and other security efforts.

 

phpass: http://www.openwall.com/phpass/ (tutorial: http://www.openwall.com/articles/PHP-Users-Passwords)

 

phpseclib: http://phpseclib.com/ (documentation: http://phpseclib.com/manual)

 

If anyone knows of other legit security packages, send me a PM.