tags:

views:

750

answers:

6
+8  Q: 

Create your own MD5 collisions

I'm doing a presentation on MD5 collisions and I'd like to give people any idea how likely a collision is.

It would be good to have two blocks of text which hash to the same thing, and explain how many combinations of [a-zA-Z ] were needed before I hit a collision.

The obvious answer is hash every possible combination until hit two hashes the same. So how would you go about coding this. As a quick experiment I tried hashing every combination of 5 columns of [A-Z], storing this in a .net hashtable and catching the collision exception. Two problems with this - the hashtable eventually times out, and I'm pretty sure I'm going to need A LOT more characters.

Obviously this data structure is too big to handle in memory, so now I'll have to get a database involved. Also sounds like a good project to test out azure - a bit like these guys.

Can anyone point me in the direction of an efficient way of doing this?

A: 

Check out this paper about hash function tunneling.

arul  2009-06-01 03:57:45
+12  A: 
Alex  2009-06-01 04:04:21
A: 

I would take a look at Hashcash. With an effective hash algorithm, like md5, the time to calculate a collision to exponential with the number of bits. What Hashcash does is calculates partial collisions. That is, a match of say the lower 16 bits of the hash. To get the lower 16 bits to match, one would have to try hashing 2^15 different combinations on average. If you know how long it takes to come up with a 16, 24, or 32 bit collision, then you can easily calculate out the time for higher numbers of bits.

brianegge  2009-06-01 04:47:58
A: 

If you're talking about how likely a straightforward collision is - one where there is no deliberate attempt to cause one - then you're going to be disappointed: You'd need to generate on average 2^64 plaintexts before you can expect to see a collision, and that's substantially more than you're going to be able to do in a reasonable (or really, even an _un_reasonable) time.

If you're looking to demonstrate the difficulty of deliberately crafting a collision, other answers have already demonstrated that. The extra constraint of requiring the strings to be entirely textual makes even those approaches largely impractical, though.

Nick Johnson  2009-06-02 03:26:25
This is incorrect due to the birthday paradox: http://en.wikipedia.org/wiki/Birthday_paradox. In particular, see http://en.wikipedia.org/wiki/Birthday_paradox#Cast_as_a_collision_problem
Shalmanese  2009-06-02 03:38:35
No - that's why I said 2^64, not 2^128. The birthday 'paradox' predicts a collision (on average) after 2^(numbits/2).
Nick Johnson  2009-06-02 15:17:47
A: 

The whole point of such hashes is that collisions are extremely unlikely. You're not going to generate one by chance--your machine will almost certainly die of old age before you succeed. The whole point of using a hash would go away if you could reasonably generate collisions!

Loren Pechtel  2009-06-02 03:41:57
MD5 collisions: http://th.informatik.uni-mannheim.de/People/lucks/HashCollisions/, http://www.doxpara.com/md5_someday.pdf, http://www.win.tue.nl/hashclash/rogue-ca/
russau  2009-06-02 04:08:08
Note that I said *BY CHANCE*.
Loren Pechtel  2009-06-02 05:08:31
Fair enough - when you say 'by chance' you mean 'brute force'? so my question is really asking for something more efficient that brute forcing it. or running the brute force combinations on a server farm like azure.
russau  2009-06-02 05:50:25
He wants to give people an impression of how likely they are--thus by chance, or brute force if you want to call it that, is the right metric.
Loren Pechtel  2009-06-03 01:10:23
A: 

It's hard to do it with just text files, AFAIK. You can get some collisions, but having them also be from just [a-zA-Z] is not easy (yet).

On the other hand, if you just want two "meaningful"-looking files with the same hash, you can do it with something like, say, PostScript: have different binary blobs causing the collision, and use a conditional expression to display different output accordingly.

See e.g. this problem (the H2 part) and solution. For example, this PS file and this one have the same MD5sum.

ShreevatsaR  2009-06-02 04:13:38

related questions

How do I find the Excel column name that corresponds to a given integer?
Calculating a cutting list with the least amount of off cut waste.
Red-Black Trees
How to maintain a recursive invariant in a MySQL database?
RFC calculation in Java need help with algorithm
Best word wrap algorithm?
How do you separate game logic from display?
Most effective way for float and double comparison
Choosing a multiplier for a (string) hash function
Optimizing a search algorithm in C
Find the best combination from a given set of multiple sets
What "already invented" algorithm did you invent?
Designing a Calendar system like Google Calendar
How to overload std::swap()
Looking for algorithm that reverses the sprintf() function output
Merge Sort a Linked List
Puzzle: Find largest rectangle (maximal rectangle problem)
graph serialization
Peak detection of measured signal
Big O, how do you calculate/approximate it?
What problems can be solved, or tackled more easily, using graphs and trees?
Followup: "Sorting" colors by distinctiveness
Efficiently get sorted sums of a sorted list
Function for creating color wheels
Fastest way to get value of pi