Re^3: Would Like Recommendation for an SHA256 module

I noticed that only the first 8 characters of passwords seemed to matter

Have you got some code that demonstrates that ? Here is some code that negates that statement:

use warnings;
use strict;
use Digest::MD5 qw(md5_hex);

my $pass1 = '12345678zy';
my $pass2 = '12345678ab';
my $pass3 = '12345678mn';

print md5_hex($pass1), "\n", md5_hex($pass2), "\n", md5_hex($pass3), "
+\n";
[download]

For me, it produces:

653080cea849964e8bd43ef33355c01b
b86ffaf7de29e8aa87785572741025f3
25c8c10a5673749bb097eea0e407addb

I defy anybody to come up with an MD5 collision for any strings of equal length.

Cheers,
Rob

Comment on Re^3: Would Like Recommendation for an SHA256 module Download Code

Replies are listed 'Best First'.
Re^4: Would Like Recommendation for an SHA256 module by ikegami (Patriarch) on Aug 01, 2006 at 16:27 UTC
use warnings; use strict; use Digest::MD5 qw( md5 ); my $text1 = "\xA6\x64\xEA\xB8\x89\x04\xC2\xAC" . "\x48\x43\x41\x0E\x0A\x63\x42\x54" . "\x16\x60\x6C\x81\x44\x2D\xD6\x8D" . "\x40\x04\x58\x3E\xB8\xFB\x7F\x89" . "\x55\xAD\x34\x06\x09\xF4\xB3\x02" . "\x83\xE4\x88\x83\x25\x71\x41\x5A" . "\x08\x51\x25\xE8\xF7\xCD\xC9\x9F" . "\xD9\x1D\xBD\xF2\x80\x37\x3C\x5B" . "\x97\x9E\xBD\xB4\x0E\x2A\x6E\x17" . "\xA6\x23\x57\x24\xD1\xDF\x41\xB4" . "\x46\x73\xF9\x96\xF1\x62\x4A\xDD" . "\x10\x29\x31\x67\xD0\x09\xB1\x8F" . "\x75\xA7\x7F\x79\x30\xD9\x5C\xEB" . "\x02\xE8\xAD\xBA\x7A\xC8\x55\x5C" . "\xED\x74\xCA\xDD\x5F\xC9\x93\x6D" . "\xB1\x9B\x4A\xD8\x35\xCC\x67\xE3"; my $text2 = "\xA6\x64\xEA\xB8\x89\x04\xC2\xAC" . "\x48\x43\x41\x0E\x0A\x63\x42\x54" . "\x16\x60\x6C\x01\x44\x2D\xD6\x8D" . "\x40\x04\x58\x3E\xB8\xFB\x7F\x89" . "\x55\xAD\x34\x06\x09\xF4\xB3\x02" . "\x83\xE4\x88\x83\x25\xF1\x41\x5A" . "\x08\x51\x25\xE8\xF7\xCD\xC9\x9F" . "\xD9\x1D\xBD\x72\x80\x37\x3C\x5B" . "\x97\x9E\xBD\xB4\x0E\x2A\x6E\x17" . "\xA6\x23\x57\x24\xD1\xDF\x41\xB4" . "\x46\x73\xF9\x16\xF1\x62\x4A\xDD" . "\x10\x29\x31\x67\xD0\x09\xB1\x8F" . "\x75\xA7\x7F\x79\x30\xD9\x5C\xEB" . "\x02\xE8\xAD\xBA\x7A\x48\x55\x5C" . "\xED\x74\xCA\xDD\x5F\xC9\x93\x6D" . "\xB1\x9B\x4A\x58\x35\xCC\x67\xE3"; printf("len text1 %s len text2\n", length($text1) == length($text2) ? +'==' : '!='); printf("text1 %s text2\n", $text1 eq $text2 ? +'eq' : 'ne'); printf("md5 text1 %s md5 text2\n", md5($text1) eq md5($text2) ? +'eq' : 'ne'); [download] outputs `len text1 == len text2 text1 ne text2 md5 text1 eq md5 text2` [download] Finding the collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz). That's minutes on a strong computer. Reference	[reply] [d/l] [select]
Re^5: Would Like Recommendation for an SHA256 module by syphilis (Archbishop) on Aug 02, 2006 at 00:35 UTC
Finding the collision took 8 hours using a notebook PC (Intel Pentium 1.6 GHz) Heh ... I wondered as I wrote whether I would end up with the ol' egg facial treatment. (If you hadn't provided the link, I would have assumed that collision was something you whipped up all by yourself :-) Of course that doesn't demonstrate that a string (of a specific length) that hashes to a given digest can be found readily - which would be the OP's main concern. But, with the progress that is being made in the breaking of MD5, I think I might refrain from making any more rash assertions. Thanks, ikegami, for the heads up. Cheers, Rob	[reply]
Re^6: Would Like Recommendation for an SHA256 module by ikegami (Patriarch) on Aug 02, 2006 at 00:42 UTC
Fortunately for me, you asked the wrong question. Finding two strings with the same hash is a problem entirely different from the one of finding a string that hashes to a given hash. You really wanted the latter. I don't think MD5 has been broken with regards to the second problem, but attacks only get better. That's why it's time to move on to something more reliable.	[reply]
Re^4: Would Like Recommendation for an SHA256 module by TheEnigma (Pilgrim) on Aug 01, 2006 at 15:57 UTC
So sorry! Yes, you are correct. Please see my update in my OP above. TheEnigma	[reply]