md5 Debate
Moderator: General Moderators
md5 Debate
feyd vs Jeff of PHP Nuke Evolution
feyd here says md5(md5())'ing a string decreases the entropy and makes it less secure ....
(In MSN)
now, lets say the md5 to test is: 35kjsdf908sdflk4598g
JeFF says:
if you go put that into an md5 cracker
JeFF says:
it will crack it in 5 minutes
JeFF says:
now
JeFF says:
lets md5(35kjsdf908sdflk4598g);
JeFF says:
now our NEW md5 is 345908sfdsdfklj45987f
JeFF says:
if you go put that into an online cracker, there is NO WAY IN HELL you will EVER get 35kjsdf908sdflk4598g out of it
JeFF says:
it would take YEARS to do
I would like to see proof of ANYONE crackign double md5()
feyd here says md5(md5())'ing a string decreases the entropy and makes it less secure ....
(In MSN)
now, lets say the md5 to test is: 35kjsdf908sdflk4598g
JeFF says:
if you go put that into an md5 cracker
JeFF says:
it will crack it in 5 minutes
JeFF says:
now
JeFF says:
lets md5(35kjsdf908sdflk4598g);
JeFF says:
now our NEW md5 is 345908sfdsdfklj45987f
JeFF says:
if you go put that into an online cracker, there is NO WAY IN HELL you will EVER get 35kjsdf908sdflk4598g out of it
JeFF says:
it would take YEARS to do
I would like to see proof of ANYONE crackign double md5()
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
What does being able to look up a hash in an online, likely rainbow or dictionary, "cracking" table have to do with double hashing being more or less secure? It's all about math, very intensive math.
Here's several references where we've debated the security of it before. If you want real proof, decouple the hashing function and break it apart.
viewtopic.php?p=195736#195736 I'd suggest reading the whole thread.
Since I shouldn't have to dig out the answers for you, search under my name and Roja's for "entropy" .. there are many occasions we've both mentioned how it reduces the security. Pick up several high level books on Cryptography and Math while you're at it.
If you want to learn even more, I'd suggest making your own implementations of hashing algorithms, learn about salts and the increased security thereof.
Here's several references where we've debated the security of it before. If you want real proof, decouple the hashing function and break it apart.
viewtopic.php?p=195736#195736 I'd suggest reading the whole thread.
Since I shouldn't have to dig out the answers for you, search under my name and Roja's for "entropy" .. there are many occasions we've both mentioned how it reduces the security. Pick up several high level books on Cryptography and Math while you're at it.
If you want to learn even more, I'd suggest making your own implementations of hashing algorithms, learn about salts and the increased security thereof.
If someone is that worried about security why don't they just use the PGP encryption? I don't know if that is feasible or not but I'm sure you could write a PHP script that would utilize PGP. I thought the main purpose of md5 is to ensure that you don't have a plain text list of passwords. Sure you might be able to crack 1 in 5 minutes, but even if you could crack one every 5 minutes, it would still take over 9 years to crack a million of them.
Re: md5 Debate
First, taking a private conversation, from someone else, posting it in public, and using it to challenge someone else is well.. seven bad steps in one.Tucker wrote:feyd vs Jeff of PHP Nuke Evolution
If you can't have the discussion yourself, invite that person to come here, or vice versa. However, you asked a question, and I'm happy to help explain.
That is correct.Tucker wrote:feyd here says md5(md5())'ing a string decreases the entropy and makes it less secure ....
Stop there.Tucker wrote:JeFF says:
if you go put that into an md5 cracker
There is no such thing. There are rainbow tables - which we mentioned in the last thread where you asked about double md5. A rainbow table is a collection of precomputed md5's. They do the md5(value), and store (to a db usually) the result. Then they do lookups on it (select). Thats it. No cracking.
Wrong. It will do a lookup near instantly if the site is any good. If not, it will add it to the queue to look for, and possibly email you when it finds it (not in 5 minutes!).Tucker wrote:JeFF says:
it will crack it in 5 minutes
Like we said in another thread, the *brute force* strength is lowered - which is based on the entropy. Thats a totally different type of attack.Tucker wrote:JeFF says:
now
JeFF says:
lets md5(35kjsdf908sdflk4598g);
JeFF says:
now our NEW md5 is 345908sfdsdfklj45987f
JeFF says:
if you go put that into an online cracker, there is NO WAY IN HELL you will EVER get 35kjsdf908sdflk4598g out of it
JeFF says:
it would take YEARS to do
Jeff is talking about a rainbow table attack. To reduce the chance of that, the proper solution is to use a salt. Adding a salt prevents a rainbow lookup. Because its not md5(value), its md5(value+salt). In addition, the salt changes if implemented properly, so it reduces their time to do the search. Finally, adding a salt *increases* entropy, making it stronger against a brute force attack.
I'd like to see proof of anyone cracking md5. He's describing a rainbow table lookup.Tucker wrote:I would like to see proof of ANYONE crackign double md5()
not for md5, or any other hash, if he can crack md5 hes got a lot of explaining to do..Tucker wrote: b) he says you can easily code a cracker using VB or C, etc.
because it is a one way hash, that's like saying based on your fingerprint I can reconstruct your facial features with no outside data, sure if i had a database of peoples faces and their fingerprints I could match it up. This is a metaphor for the rainbow table Roja and feyd are talking aboutTucker wrote: c) How can you not think a md5 cracker is NOT POSSIBLE?
That's called a brute force,Tucker wrote: d) Just loop through every number -> letter combo and see if they match the md5()
While your friend does have some validity he is for the most part confused
Yes the md5 of another md5 will result in often a longer string, that doesn't matter, the brute forcer is still trying plain-text passwords against the hash
ex. md5(123) = 55555555555 (psuedo)
md5(555555555) = 66666666666 (psuedo again)
the attacker when brute forcing will now try every number:
md5(md5(121)) != the hash
md5(md5(121)) != the hash
md5(md5(123)) == the hash
see how that works? Effectively all you did was double the CPU cycles (per attempt), but factor in the lowered entropy and you are shortening the time per hash it takes to brute force.
Sorry to say your friend is misinformed
So have him come here and speak for himself.Tucker wrote:a) I have his full permission, know him as a personal friend
He's using the wrong term.Tucker wrote:b) he says you can easily code a cracker using VB or C, etc.
I know the math. There have been multiple *compromises* of the equation that drives md5, each reducing its effectiveness. However, it has not been completely cracked. You are using imprecise vocabulary, and what you mean by crack is not the correct term as used in this context.Tucker wrote:c) How can you not think a md5 cracker is NOT POSSIBLE?
You cannot crack md5.
Thats not a crack. Thats a brute force attack. A crack would allow you to find the solution *without* iterating over every combination.Tucker wrote:d) Just loop through every number -> letter combo and see if they match the md5()
The key for MD5 is 128 bits. We can calculate the brute force key space with 2^128 = 3.4E38. A special hardware based key cracker for MD5 that can try one billion (1E9) keys per second will take 1.08E22 years to go through all possible keys. You can expect to get most keys in about half that time which will take 5.39E21 years. It is estimated that the sun will go nova in 1E9 years.
See why compromises in the formula matter?
If we find a compromise, we have a shortcut that lets us get a potential solution faster. Several have been found for MD5, reducing the time to solution by dramatic amounts. The time to solution is now so low that it is considered a weak algorithm.
Doing a double md5 reduces the entropy. It makes it *easier* to brute force. It makes it *harder* to do a table lookup.
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US