1994-07-04 - Re: MD5 is 1=>1?

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: Roger Bryner <bryner@atlas.chem.utah.edu>
Message Hash: f3da4c3ec2689bb715050e58920b791dddf92440881dc961b6999c9a111ca696
Message ID: <9407042142.AA28845@toxicwaste.media.mit.edu>
Reply To: <Pine.3.89.9407041124.A6205-0100000@atlas.chem.utah.edu>
UTC Datetime: 1994-07-04 21:38:23 UTC
Raw Date: Mon, 4 Jul 94 14:38:23 PDT

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Mon, 4 Jul 94 14:38:23 PDT
To: Roger Bryner <bryner@atlas.chem.utah.edu>
Subject: Re: MD5 is 1=>1?
In-Reply-To: <Pine.3.89.9407041124.A6205-0100000@atlas.chem.utah.edu>
Message-ID: <9407042142.AA28845@toxicwaste.media.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain

MD5, like all hash functions, are many-to-one functions.  This means
that theoretically there are an infinite number of messages that will
hash to the same value.  This also means that reverting from the hash
back to your original message is nigh impossible.  The security of MD5
is based upon the fact that *finding* two messages that hash to the
same value is as difficult as a brute-force attack, which requires
2^128 trials (maybe it's 2^127, but I don't think that really

I dion't believe that multiple iterations of MD5 will cause you to
lose entropy.  Actually, you will lose entropy on teh *first*
iteration, since MD5 will \*only\* let you have 128 bits of Entropy,
since there are only 128 bits in the output.  In subsequent
iterations, you just move those bits around.

Does this answer your question?


         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       warlord@MIT.EDU    PP-ASEL     N1NWH    PGP key available