Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Message Digest

  1. Home
  2. Forum
  3. Cryptography
  4. Message Digest

ghost's Avatar

ghost

0 0

Can someone explain to be why a MD cant be revearsed? I know information is lost when making an MD but since the same string produces the same MD then the same information is lost each time isn't it possible to work out what teh gaps were, or atleast give your self a base to start bruteforcing from? Or is the where information is lost dependant on the string which would probably mean it would be difficult to work back. Is this why? I have read some sites about it but I dont understand a single word of them, also I have looked at the algorythm for making MD5's and still nothing.

Thanks. (excuse the gramma/spelling mistakes I'm lazy.)


n3w7yp3's Avatar

n3w7yp3

Member
0 0

Yes and no ;)

See, the same string doesn't have to produce the same Digest (hash), only when you use an IV of 0, and/or a non-salted digest. However, if you use the same salt, you get the same digest.

Read up on the Digest::MD5 man page, and the crypt man page. That will explain a good bit about it. And feel free to post if you have any other questions, or would like some sample code.


ghost's Avatar

ghost

0 0

Errrrrrrrrm, Thanks :)


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

Lol, wolfman didn't understand, did ya? awwww, me too lol


ghost's Avatar

ghost

0 0

No :(


n3w7yp3's Avatar

n3w7yp3

Member
0 0

If you don't understand, just say so ;)

Okay, a salt is a value that is used to set off the permutations. Consider the following examples of me hashing the string "test" with MD5 (salted):

[n3w7yp3@localhost crypto]$ ./md5-crypt.pl test Plaintext: test Salt: $1$vozgebae$ MD5 hash: $1$vozgebae$fCNUhx7UJYZ4yNcEp92KQ. [n3w7yp3@localhost crypto]$ ./md5-crypt.pl test Plaintext: test Salt: $1$tsowalko$ MD5 hash: $1$tsowalko$IAaIH/Oe2d6PGBdZsSR37. [n3w7yp3@localhost crypto]$ ./md5-crypt.pl test Plaintext: test Salt: $1$xpurluys$ MD5 hash: $1$xpurluys$ioZgg9HGsCKorNXHi6LUp0 [n3w7yp3@localhost crypto]$ ./md5-crypt.pl test Plaintext: test Salt: $1$xlppkkyi$ MD5 hash: $1$xlppkkyi$JORXHfYD9kzki9mC8cTjl0 [n3w7yp3@localhost crypto]$

My script uses a randomly generated salt, and as you can see, the salts make a big difference. Compare this to teh outcome of hashing the same string with MD5, this time keeping it "clean" (more commonly known as MD5 hexadecimal):

[n3w7yp3@localhost crypto]$ ./md5-hash.pl test Encrypting 'test' with MD5… Your MD5 hexadecimal hash is: 098f6bcd4621d373cade4e832627b4f6 [n3w7yp3@localhost crypto]$ ./md5-hash.pl test Encrypting 'test' with MD5… Your MD5 hexadecimal hash is: 098f6bcd4621d373cade4e832627b4f6 [n3w7yp3@localhost crypto]$ ./md5-hash.pl test Encrypting 'test' with MD5… Your MD5 hexadecimal hash is: 098f6bcd4621d373cade4e832627b4f6 [n3w7yp3@localhost crypto]$

See how the results never differed?

Hope that cleared up some of your questions. If you have any more, post 'em ;)