Re: MD5 math question

[Charles Miller <cmiller () pastiche org>]

On 04/01/2006, at 12:18 PM, Jeff Robertson wrote:

> Assume that a password between 1 and 24 ASCII characters was stored as
> an MD5 hash. No salt. What is the probability that someone cracking  
> the
> password will find not the password that the user originally chose,  
> but
> a different password that happens to collide with it? Intuitively it
> seems so unlikely that you wouldn't ever expect to see it. But what is
> the probability really?

From my back-of-the-envelope calculation, your intuition is  
misplaced. :)

Even if you assume only 6 bits of variance per password character  
(which is just a-zA-Z0-9 plus two punctuation chars), that's 2^144  
possible 24-character passwords. MD5 is a 128 bit hash, so that's  
2^16 passwords for every hash value, or only a 1 in 65,000 chance  
that the first matching hash you come across in the password space  
is, in fact, the correct password.

And that's only if you assume the original password lives inside [a- 
zA-Z0-9.!]{24}, not the "1-24 ASCII characters" of the original  
question.

Charles

-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------