![]() ![]() ![]() Additionally it means that even if someone uses the same password on multiple sites (yes, we all know we shouldn't, but.) anyone with access to the database of site A won't be able to use the user's password on site B. This means that if someone manages to get the list of hashes, they still can't get your password. The whole point of a hash is that it's one way only. Once a piece of data has been run through a hash function, there is no going back. That is one reason why you should always " salt" hashed passwords, so that two identical values, when hashed, will not hash to the same value. And the fact that most passwords are short, and people often use common values (like "password" or "secret") means that in some cases, you can make a reasonably good guess at someone's password by Googling for the hash or using a Rainbow table. That said, MD5 has been found to have some weaknesses, such that with some complex mathematics, it may be possible to find a collision without trying out 2 128 possible input strings. And yet, there is no way to find out what the original value was, since there are an infinite number of numbers that have that exact remainder, when divided by n. If you were to perform the same calculation again (any time, on any computer, anywhere), using the exact same string, it will come up with the same value. You will be left with some number between 0 and n. Next, perform integer division using some large (probably prime) number n and take the remainder (see: Modulus). The thing that makes hashes interesting is that it is incredibly difficult to find two pieces of data that hash to the same value, and the chances of it happening by accident are almost 0.Ī simple example for a (very insecure) hash function (and this illustrates the general idea of it being one-way) would be to take all of the bits of a piece of data, and treat it as a large number. So there are actually an infinite number of possibilities for data that would hash to the same value. And yet, there are an infinite number of possible inputs to a given hash function (and most of them contain more than 128 bits, or a measly 16 bytes). That is a reasonably large number, and yet it is most definitely finite. ![]() That means that there are 2 128 possible MD5 hashes. Think about this: An MD5 is always 128 bits long. Much of the original data is actually "lost" as part of the transformation. ![]() MD5 is not encryption (though it may be used as part of some encryption algorithms), it is a one way hash function. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |