MD5 lik encryption is needed

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

MD5 lik encryption is needed

Post by alex.barylski »

I should probably ask a crypt-professional this question as I've asked in about 5 other forums and each time get the same repsonse which isn't what I'm looking for...

But I will try one more time here, just incase...

I am need of a MD5 like encryption algorithm, but I also need to pass it a seed value...

Not a password, but a seed value...

The function will output an entirely unique hash sum, just like MD5, but also use this seed to further mangle results...

Here is the kicker...or catch22...

The encryption algorithm would need the ability to to also test a hash sum for a given seed value and return TRUE/FALSE as required...

Much like credit card checking works...

You can validate a credit card number, but not determine if it's actually valid...

I need that kind of security...I'm not asking for hash reversal...or decrypting hash into plaintext, as thats not the intent...I need the algorithm to be able to calculate the seed value...if the seed is integers or not doesn't matter, so long as it's secure and the seed cannot be cracked in a reasonable amount of time (according to what it's for) so say one week...by brute force attacks or weaken the encryption so much you can figure it out if your a pattern solver :)

So like I said, MD5 but with a seed twist...that seed can be a number which is interpolated into an MD5 result, so long as it's totally random and specific to that number and cannot be brute force attacked with one week.

Thus I think it needs to become part of the hash as opposed to being added on after hashing...

It may sound like what i'm after is a two way encryption in combination with one way, but that's not it!!!

What I am asking is problaby incredibley complex to solve so I hope someone has already done it for me :)

Cheers :)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Re: MD5 lik encryption is needed

Post by Roja »

Hockey wrote:I should probably ask a crypt-professional this question as I've asked in about 5 other forums and each time get the same repsonse which isn't what I'm looking for...
It is probably because you are using imprecise language to describe what you are looking for. They are confused, much as I would be if you drove up to my house and asked "Where pepsi production location?". I suspect I know what you mean, but probably not.

Lets try to break it down a bit, and get you a solid answer.
Hockey wrote:I am need of a MD5 like encryption algorithm, but I also need to pass it a seed value...
A seed value adds entropy into an algorithm. This is important - its not seperate from it, it becomes part of it.
Hockey wrote:The function will output an entirely unique hash sum, just like MD5, but also use this seed to further mangle results...
By mangle, I'm hoping you mean "make it less predictable" - which is indeed a seed.
Hockey wrote:The encryption algorithm would need the ability to to also test a hash sum for a given seed value and return TRUE/FALSE as required...

Much like credit card checking works...
Bzzt. You fell off the bus.

By definition, you cannot "test a hash sum for a given seed value". It has become part of that hash, and if it was able to be tested, it would be more predictable. Remember above when we said the goal of the seed was to make it less predictable? Yeah-bingo!

Credit card checking (the type you are thinking of) works via a *checksum*. http://www.beachnet.com/~hstiles/cardtype.html has more details. Further, credit card numbers are extremely predictable. When I was in the fifth grade, I had a program that could generate legitimate credit card numbers.

The security for credit cards is NOT their CCN. It is the combination of the CCN with other elements - your information (address, name), other information on the card (expy date, validation number), and more.

Hockey wrote:You can validate a credit card number, but not determine if it's actually valid...
Umm, check your terminology, you just said you could but you couldnt do the same thing. :P

You can validate the format of the number (because it is predictable), and yes, you can actually determine if it is valid. Whether there is an account, belonging to joe smith, with an expiration date that occurs after today, with sufficient funds, that has a billing address at 3456 main street - is an entirely different question. That question is answered with additional checks.
Hockey wrote:I need the algorithm to be able to calculate the seed value...if the seed is integers or not doesn't matter, so long as it's secure and the seed cannot be cracked in a reasonable amount of time (according to what it's for) so say one week...by brute force attacks or weaken the encryption so much you can figure it out if your a pattern solver :)
You aren't looking for a seed. You are looking for a predictable checksum, to append onto an md5 result.
Hockey wrote:So like I said, MD5 but with a seed twist...that seed can be a number which is interpolated into an MD5 result, so long as it's totally random and specific to that number and cannot be brute force attacked with one week.

Thus I think it needs to become part of the hash as opposed to being added on after hashing...
Can't do it. Making it part of the hash means it becomes unpredictable after the fact. Thats the whole goal at the math level - to make your output less predictable. Seeds increase that, not decrease it.

You need it to be added on AFTER hashing.

md5($secret) . $checksum
Post Reply