Join Log in
Score:1
Practixal avatar Crypto

Is it possible to exploit MD5 weaknesses to create an artificial collision for a password?

sg flag
Practixal

If it is possible, could an attacker create a collision for an MD5 password in a database? Could they look at an MD5 hash output and figure out data that creates the same MD5 hash?

80
1 + 5
md5
Ievgeni avatar
cn flag
Ievgeni
What do you mean by clash. Do you mean collision?
2
Reply
Practixal avatar
sg flag
Practixal
Yes. I have heard clashing and collision but I wasn't sure which one to use.
0
Reply
Ievgeni avatar
cn flag
Ievgeni
I suggest you to read definitions of one-wayness, second-preimage resistance, and collision resistance, and then to clarify your question. Because it's not clear for me what do you want to do.
0
Reply
Ievgeni avatar
cn flag
Ievgeni
I think that the key-word is "second-preimage resistance" and nor collision neither preimage-resistance.
0
Reply
jp flag
Gordon Davisson
A way to "look at an MD5 hash output and figure out data that creates the same MD5 hash" would be a first-preimage attack. A first-preimage attack can easily be converted into a collision attack (or a second-preimage attack), but the reverse is not true: a collision attack cannot (generally) be converted into either type of preimage attack.
0
Reply
Score:2
Maarten Bodewes avatar Crypto
in flag
Maarten Bodewes

Generally no. To create a collision you should have control over the input of both calculations. To be precise, messages should be identical but for 128 bytes at a 64 byte boundary. The fact that most passwords are pretty short and do not consist of binary data is obviously not going to be of any help.

Even if the password is salted it won't give an adversary much grip; usually the salt is controlled by the service, and if it wasn't then it would still be tricky if not impossible to create a collision.

Finding an message for an existing hash requires a break in the pre-image resistance property. MD5 still has a high - but not perfect - pre-image resistance. The best attack on pre-image resistance takes more than $2^{123}$ operations. So that is entirely out of the question (and you'd find the original password, not another password in all likelihood).

Guessing the password is also possible of course, but that won't create a separate password with the same hash. There are multiple ways of speeding up the guesswork, e.g. using rainbow tables, but that's a separate topic.

0 + 3
fgrieu avatar
ng flag
fgrieu
Finding a message for an existing hash requires a break in the (first) pre-image resistance property, _or guessing the message_.
3
Reply
forest avatar
vn flag
forest
Just because a password contains plain text and not binary data doesn't mean it's much harder to find a collision for. Of course, OP needs a preimage attack, not a collision attack...
0
Reply
kelalaka avatar
in flag
kelalaka
Note that the [memory complexity of the attack](https://link.springer.com/chapter/10.1007%2F978-3-642-01001-9_8) makes it worst than direct brute-force attack ffor MD5.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.