WebApp Sec mailing list archives
RE: MD5 math question
From: "Navroz Shariff" <nshariff () americanbible org>
Date: Wed, 4 Jan 2006 11:32:08 -0500
Having taken Vector Calc, Numerical Analysis, Topology, etc...I will do my best in digesting the MD5 collison analysis and regurgitating the info to the community. No pun intended :-) -Nav -----Original Message----- From: Vipul Kumra [mailto:vipul.kumra () airtightnetworks net] Sent: Wednesday, January 04, 2006 3:04 AM To: 'Jeff Robertson'; webappsec () securityfocus com Subject: RE: MD5 math question Hi Jeff, Interesting Question... I cannot give you the exact figures but can point you to some links, which might help you to find it yourself. The documents referred are mathematically too technical for me to understand. It would be great if you can tell me the answer to the question you asked, once you get it. The links are: http://en.wikipedia.org/wiki/MD5 http://eprint.iacr.org/2004/199.pdf Also, it's easier for you to find two messages with the same digest then match a specific value, which you are trying to accomplish here, because of Birthday Paradox (Birthday Attack). Birthday Paradox: . How many people in one room, for over 50% chance of one person sharing your Birthday - 253. . How many people in one room, for over 50% chance of two persons sharing the same birthday - 23. . Hence, it is easier to find two messages with the same digest then match a specific value. Regards, Vipul Kumra -----Original Message----- From: Jeff Robertson [mailto:jeff.robertson () digitalinsight com] Sent: Wednesday, January 04, 2006 6:49 AM To: webappsec () securityfocus com Subject: MD5 math question Assume that a password between 1 and 24 ASCII characters was stored as an MD5 hash. No salt. What is the probability that someone cracking the password will find not the password that the user originally chose, but a different password that happens to collide with it? Intuitively it seems so unlikely that you wouldn't ever expect to see it. But what is the probability really? ------------------------------------------------------------------------ ------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------ ------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------- Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh -------------------------------------------------------------------------------
Current thread:
- Re: MD5 math question, (continued)
- Re: MD5 math question Charles Miller (Jan 05)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 06)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 07)
- Re: MD5 math question Tim (Jan 07)
- Re: MD5 math question exon (Jan 06)
- Re: MD5 math question Charles Miller (Jan 05)
- Re: MD5 math question Charles Miller (Jan 06)
- Re: FW: RE: MD5 math question Chuck (Jan 06)