MD5 Challenge

Okay…. so this is a thread i remember from years ago on HTS… so if you remember it, you know i didnt steal the idea…just thought it was a fun discussion…

the challenge is, or rather question since we never decided if it was possible:

create a text file with the text: My MD5 Check Sum is: <checksum> where <checksum> is the actual md5 checksum…

so, thoughts? is it possible? if so, do it.

I personally do not think it is. the md5 of md5 would not come about to be itself, tho perhaps the md5 could come out like the end…. not sure

Its certainly possible with CRC. There has been some work done on MD5 collisions which allow files of the same MD5 to be created… not read it in depth though so not sure how applicable it is here.

Interesting discussion.

FaTaL_PrIdE wrote: Its certainly possible with CRC. There has been some work done on MD5 collisions which allow files of the same MD5 to be created… not read it in depth though so not sure how applicable it is here.

Interesting discussion.

Yeah you can create files with same checksum… But can you predict whether "The checksum of this file is x" will have a checksum of x

i'd be interested to find a use for this. and i'd love to see the method for creating such a file

Heh, I remember this on HTS too :) Theoretically it is possible, but not feasible. I also don't see how it could be done except for brute forcing, but then I'm no expert on the md5, or any other, hashing algorithm.

Effectively you need to find a collision such that md5("My MD5 Check Sum is: $string") == $string

i may code an app to find it…..just out of interest. that really….what is the use?

hmm, wouldn't it have to be more like… markupmd5("My MD5 Check Sum is: md5($string)) == md5($string) and then cycle through every possibility of $string? makes sense to me at least.

xtrmsk8r91 wrote: hmm, wouldn't it have to be more like… markupmd5("My MD5 Check Sum is: md5($string)) == md5($string) and then cycle through every possibility of $string? makes sense to me at least. Nope, the string is already an md5 hash

ah ok that makes sense.

I'd be interested to see if anyone comes up with this, maybe I'll even write a script myself.

im working on one atm

<?php

$1 = array("a", "b", "c", "d", "e", "f", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
$2 = $1;
$3 = $1;
$4 = $1;
$5 = $1;
$6 = $1;
$7 = $1;
$8 = $1;
$9 = $1;
$10 = $1;
$11 = $1;
$12 = $1;
$13 = $1;
$14 = $1;
$15 = $1;
$16 = $1;
$17 = $1;
$18 = $1;
$19 = $1;
$20 = $1;
$21 = $1;
$22 = $1;
$23 = $1;
$24 = $1;
$25 = $1;
$26 = $1;
$27 = $1;
$28 = $1;
$29 = $1;
$30 = $1;
$31 = $1;
$32 = $1;
foreach ($1 as $1s) {
foreach ($2 as $2s) {
foreach ($3 as $3s) {
foreach ($4 as $4s) {
foreach ($5 as $5s) {
foreach ($6 as $6s) {
foreach ($7 as $7s) {
foreach ($8 as $8s) {
foreach ($9 as $9s) {
foreach ($10 as $10s) {
foreach ($11 as $11s) {
foreach ($12 as $12s) {
foreach ($13 as $13s) {
foreach ($14 as $14s) {
foreach ($15 as $15s) {
foreach ($16 as $16s) {
foreach ($17 as $17s) {
foreach ($18 as $18s) {
foreach ($19 as $19s) {
foreach ($20 as $20s) {
foreach ($21 as $21s) {
foreach ($22 as $22s) {
foreach ($23 as $23s) {
foreach ($24 as $24s) {
foreach ($25 as $25s) {
foreach ($26 as $26s) {
foreach ($27 as $27s) {
foreach ($28 as $28s) {
foreach ($29 as $29s) {
foreach ($30 as $30s) {
foreach ($31 as $31s) {
foreach ($32 as $32s) {
if (md5("My MD5 Check Sum is: " .$1s .$2s .$3s .$4s .$5s .$6s .$7s .$8s .$9s .$10s .$11s .$12s .$13s .$14s .$15s .$16s .$17s .$18s .$19s .$20s .$21s .$22s .$23s .$24s .$25s .$26s .$27s .$28s .$29s .$30s .$31s .$32s)==$1s .$2s .$3s .$4s .$5s .$6s .$7s .$8s .$9s .$10s .$11s .$12s .$13s .$14s .$15s .$16s .$17s .$18s .$19s .$20s .$21s .$22s .$23s .$24s .$25s .$26s .$27s .$28s .$29s .$30s .$31s .$32s) {
echo $1s .$2s .$3s .$4s .$5s .$6s .$7s .$8s .$9s .$10s .$11s .$12s .$13s .$14s .$15s .$16s .$17s .$18s .$19s .$20s .$21s .$22s .$23s .$24s .$25s .$26s .$27s .$28s .$29s .$30s .$31s .$32s;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}

?>

There it is (I think), Who wants to run it first?

EDIT: you might want to add > ini_set("max_execution_time", 9999999999) and rename the variables if you ever decided to run this.

Or

set_time_limit( 0 );

Run it from console, then you can kill the php process if needed.

1. Use code tags
2. Else use pastebin
3. A brute forcer should not be made in PHP. It should be C (or a variant thereof) of ASM

what is the use?There is no use. But since when has that been a reason to not do something?

atrcomb: You created several identical Arrays, instead create one and then copy it to other variables if need be.

i personally wouldnt have even used arrays.

i hate hbh's code tag but w/e

Also seeing as I am still learning C++ and haven't tried learning C, and ASM confuses the crap out of me, my only choice was my best language: php. It's one way to do it, there are plenty of others.

But all in all as you can see my opinion is that this is possible but not probable.

Coding it in asm would be easy (fancy it kaksii? :p ) but the issue still remains that it is a 32 char brute force which is impossible on current hardware.

BTW I'm kinda surprised that no-one pointed out to the guy who wrote the php one that he only needs a-f and 0-9 (hex chars). g-z is just making it take even longer than it needs to.

FaTaL_PrIdE wrote: Coding it in asm would be easy (fancy it kaksii? :p ) but the issue still remains that it is a 32 char brute force which is impossible on current hardware.

can't say its impossible…you might be lucky…or you can just wait the thousands of years it takes…or wait for like processors with loads of cores in them

Hence the reason I said on current hardware. The chances of you being 'lucky' here are remote.