in reply to Re^2: Would Like Recommendation for an SHA256 module
in thread Would Like Recommendation for an SHA256 module

The possibility of finding two lumps of random garbage, even with equal length, has *always* been a given with any mechanism that represents a larger range of possible inputs with a smaller range of possible outputs.

With an input space of 128256 = 2790951116e530

And an output space of 2128 = 3.4e38, it could not be otherwise. There have to be at least 8 inputs for every output.

Maybe you missed the emphasis I placed in my post?

The effect is to considerably increase the difficulty of finding an alternative text that matches both the outer and inner md5 and renders a useful (to the bad guy), alternative text.

To generalise my challenge in the way you suggest would be to ignore the point I was trying to make, and that ikegami partially made subsequent to his first post--

Each of those requirments has a multiplier effect upon the difficulty of the task at hand for the bad guy. It is this same multiplier effect that stuff like double-DES and triple-DES exploit for their greater security.

So sorry, but your gonna have to work a little for that free lunch :)

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.
  • Comment on Re^3: Would Like Recommendation for an SHA256 module

Replies are listed 'Best First'.
Re^4: Would Like Recommendation for an SHA256 module
by syphilis (Archbishop) on Aug 02, 2006 at 14:34 UTC
    It's one thing to brute force two texts with the same md5

    Indeed it is - and there's a Win32 executable at http://cryptography.hyperlink.cz/2006/program_v1_pd.zip that creates collisions in approximately 30 seconds - though I doubt it does this by using brute force.

    I see the shortcoming of your challenge as follows:
    You allow padding of the string - so, instead of having:
    $text = 'the quick brown fox jumps over the lazy dog';
    let's have it so that:
    $text1 = 'the quick brown fox jumps over the lazy dog' . ' ' x 85;
    $text1 now has a length of 128 bytes, and a hex digest (let's call it $hash) of 8ba2a86e374afd2aefc8e5378f9149a2. I can now get a free lunch if I can find another 128-byte string (let's call it $text2) that hashes to 8ba2a86e374afd2aefc8e5378f9149a2. That's not straightforward (for me, anyway), and even less straightforward if $text2 has to be "meaningful" - but the thing is that your requirement of having to hash $text1 . $hash has not made the task any more difficult.

    If both $text2 and $text1 hash to the same value (ie, to $hash), then $text1.$hash and $text2.$hash both hash to the same value. And the code I posted demonstrates that. If the string is 128 bytes long I don't believe the "multiplier effect" of which you speak exists. (If the string is, say, 119 bytes long, then there quite possibly is a "multiplier effect".)

    Maybe a sandwich and a cup of tea ? ... the sandwich is optional ... so is the cup of tea :-)

    Cheers,
    Rob
[reply]

      Let's deal with 128 8-bit char strings.

      For any given 16-byte md5 hash, there are (on average) 8 X 128-byte strings that will render that md5 digest.

      One of these 128-byte strings is the original text.

      Therefore the task is to find one of the other seven 128-byte strings that also generates the original md5, and also happens to be meaningful for your nefarious purposes.

      My criteria states that the last 32-bytes of the 128-byte alternative text also happen to be hex digits.

      That reduces the possible alternative texts by 32256 / 3222 by virtue of the fact that the last 32 characters have to be hex digits (0-9, a-f, A-F = 22).

      Further, the fact that the remaining 96 bytes of the alternative text have to have an md5 that matches the 32 hex digits,and be meaningful for your nefarious purposes, again severally restricts the possibility that such a text exists, regardless of how hard it is for you to find it.

      The thing that is being missed is that there are very few texts of any given length that will produce a given md5.

      Even if you can use brute force to find them all, the probability any one of them will actually be readable english, (or executable code), never mind that it could be useful for your purposes, are fleetingly small.

      Ignoring the criteria of the challenge is a little like entering a 9x9 sudoku game, but offering to only complete the center 3x3 part of the grid. It simplifies things a lot.

      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
      but the thing is that your requirement of having to hash $text1 . $hash has not made the task any more difficult.

      Sorry, but you are wrong. You'll note that in my challenge, the option to pad or truncate the message comes with the additional criteria that you correct my typo. For achieving this additional goal you get to eat at my favorite restaurant.

      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]

In Section Seekers of Perl Wisdom