If all MD5 fingerprints are unique, then couldn't they, in theory, be decoded? How could you perform an act like this?
think of it like this: say a was coded into s6t, and b was coded into just 6t, you would have one hell of a time decoding stuff with errors like that.... u get?
// MustyWindows - Jump Through The Windows
// AmpFusion - Where Underground Becomes Mainstream
Neo Enterprise Technologies Coming soon.
Would it be easier to crack a 1-way algorithm like md5 or a 2-way algorithm with a long key (a really wierd key like "erty762okFFF154836KdjwY")?
I have another question:
If all md5 fingerprints are unique, how can a twenty-something megabyte file have an md5 of just a few characters? If one little hexidecimal is a little off, how are the fingerprints different?
There is a extremly rare chance that you can find two inputs that gives the same output. But it exists.
md5 uses the mod operator(and more stuff, but this is the one that matters), it's returning the rest of a division, it's imposible to reverse it.
Each time someone abuses hittest, God kills a kitten. Please, learn real collision testing.
At 4/30/05 01:17 PM, RegExp wrote: MD5 isn't the safest thing out there, I believe SHA1 is much safter.
But unless you're AOL, you don't (realistically) have anything to worry about.
Earn real money by betting and investing; or, sponsor, challenge, compete,
recruit, communicate, network, earn money playing games, and much more.
At 4/30/05 01:17 PM, RegExp wrote: MD5 isn't the safest thing out there, I believe SHA1 is much safter.
SHA is a two-way algorithm
It would be enough to use CRC-32. But it still has the same "weakness" as MD5.
Any encryption algorithm has that "weakness", you can bruteforce your way in.
It doesn't matter whether MD5 is "cracked", rainbow lists are bullshit.
It's still randomly guessing and brute-forcing.
MD5 can be up to 32 bytes of coded data. That leaves 2,081e+385 possibilities, and this means, it is not possible to make a rainbow list that really matters. You can use any other dictionary or a list of the worlds most common passwords.
And if you're so afraid that someone will guess your password, you can get a safe password from me : ng29pl0476tgforpls8742467hhbjl
Tell me if anyone manages to bruteforce a password like that.
"no sound in ass"
you do that with rainbow tables :) I found an article about them and a software that does this at www.oxid.it
At 5/2/05 04:00 AM, Inglor wrote: you do that with rainbow tables :) I found an article about them and a software that does this at www.oxid.it
It's still bullshit :)
Winrtgen is just a brute-force program. You can do that to any algorithm.
The "problem" with brute-force is that it takes a hell of alot of time.
(And when I say alot of time, I mean months and years)
And if the programmer of the server (website, terminal server etc) is this smart :
|--|
He'll probably put a lockout on anyone trying to logon with a incorrect password more than five times in a row.
Just a five minute lockout will make the effort to hack the server useless. If the hacker is delayed for 5 minutes each 5th time he tries to logon, it means the process of hacking will take decades.
Trust me; you have nothing to fear if you're using MD5.
"no sound in ass"
