Re: Revert MD4

From: Federico Bertola <federico.bertola.job@xxxxxxxxx>
Date: Tue, 30 Oct 2007 06:32:18 EDT

On Oct 29, 2:52 pm, Federico Bertola
<federico.bertola....@xxxxxxxxx>
wrote:

2^128 (you write this right?) are teorically

possibles COLLISIONS that means that a file has the
same hash value as the original but with a infinite
range of length.

For example a file of 3 Mb may have a collision in

a 300 Kb file as in a 2 Tb file!!!

If I close the range of possibilities fixing the

length I can find (at leas one if the length is the
same as the original) very fewer collisions!

I mean a MD4 in a not-so-hostile environment where

you have some information about the original file.

there are just under 200,000 3MB files with the same
hash

there an infinite number of files of any size

it is impossible to revert a hash
in the way you mentioned

the cryptographic attacks on md4 are different
they find _different_ messages
with the _same_ hash

being able to do this
means the hash is not safe for validation purposes
as man-in-the-middle interception
can replace messages that still authorise

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
galathaea: prankster, fablist, magician, liar

Yes, I know that there are about 200.000 possibles collision per a file lenght and this alone is enought for stop you to try to revert the hash (I choose MD4 but you can use any easy-to-break hash like CRC32) but many collision-finding algo are based into find two bloks and if you have some information about the original file (an irrealistic situation in the real world but...) you can easily filter the results in a better way than filter the end result.
This is not so difficult to compute because any collision with this method can be founded in 2^8 operations.

I'm sorry for my perseverance but my cryptography teacher is not a dumb and if he says that I think this is possible .

Thankyou for your patience :)

Federico
.

References:
- Re: Revert MD4
  - From: galathaea

Prev by Date: Re: How do I solve this?
Next by Date: Re: Computing roots in a generic group
Previous by thread: Re: Revert MD4
Next by thread: JSH: Narcissistic Personality Disorder: Reason for posting?
Index(es):
- Date
- Thread

Relevant Pages

Re: When will md5crk complete?
... and in that case birthday attack ... > His core message is correct however: you shouldn't be using MD5. ... Collisions DO exist for every hash algorithm... ...
(sci.crypt)
Re: Hashing
... Computing the hash function, which is handled by the instructions: ... reserved word/identifier when searching through the reserved words ... collisions and four slots that have four collisions. ...
(alt.lang.asm)
Re: Hashing
... A good hash ... > greater is it better performance due to less collisions". ... then the probability that you need a rehash on any scan is something ... > 'hash method' simply because they use hash codes, ...
(alt.lang.asm)
Re: CHECKSUM() question
... Let's assume for a moment that you use CHECKSUM and that there are hash collisions. ... If you stage the answer in a temporary table, you can use that to join to your source table, then filter out the few collisions. ... Remember absolutely no hash that reduces the size of data for searching can be guaranteed to avoid a collision. ... However, from a private discussion, Steve Kass pointed out that HASHBYTES with MD5 for 300 million rows probably has a lower chance of collision than the the possibility that some bit will get randomly changed by some other influence. ...
(microsoft.public.sqlserver.programming)
Re: Collision in SHA-0
... The entity requesting the certificate can often ... >able to find collisions in the underlying hash function, ... There are collisions and then there are collisions. ... same length as a cert and the same hash. ...
(sci.crypt)