I want to know if there exists a way to differentiate a md5 hashcode of a sha-1 hashcode?
For example:
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
How could I know which are encrypted in md5 and which are not? Is it possible?
I'm not quite sure if this is what you're asking, but MD5 is 128 bits/32 hex digits, while SHA-1 is 160 bits/40 hex digits, so it's fairly easy to tell the difference between them (providing, of course, that you know that your hashes will be either MD5 or SHA-1 and not something else).
(If you're asking whether you can determine if a given MD5 hash is a hash of a hash or a hash of some other data, then I believe the answer is "no".)
MD5 gives a 128-bit hash value.
SHA-1 gives a 160-bit hash value.
Related
If i create a SHA-256 has in the terminal i get a nice looking hex hash:
echo -n ChillyWilly | sha256sum
4c74e3994a247dfc31a515721528c78bb6ec09ccdcfd894d09f4aa44131393a8 -
If i try to do the same with the crypt(3) function then i get something entirely different:
const char* what = crypt("ChillyWilly", "$5$");
printf("%s\n", what);
$5$$fQITOGYPwBrwOSpjX1Uhx5Ock/J84zbrqmTtg/SlvMB
It looks like Base64 but it's not.
My assumption is that if the key and salt are equal then i should get the same result. All SHA-256 hashers in the web will generate the same result from the same key/salt combination.
How can i get the same hex hash with the crypt(3) function? I have set the $5$ as instructed on the crypt manpage that should force the crypt function into SHA-256 mode.
I know there are a few similar questions here but they did not seem to contain the correct answers.
Thanks!
While crypt can use SHA-256 when in $5$ mode, they aren't the same thing.
SHA-256 is a hash function, designed to run quickly. But crypt is a key-derivation function intended for hashing passwords. As such, it runs SHA-256 a large number of times (5000 by default) to make it slower and less prone to brute-force attacks. So it will give a different result than a simple SHA-256 use. You can see the details of the algorithm here.
As you saw, crypt also doesn't output the result as hex, but as a Base64-like encoding (not the standard Base64 but based on a similar idea). There's no point in trying to convert to hex if you do this expecting to get the same result as SHA-256.
crypt() will in fact use the same SHA-256 algorithm - but it does not return the hash as you would expect. After computing the hash it does it applies another transformation to the result, as seen here.
So I wouldn't count on using it and getting the same result as sha256sum, since it's built for a different purpose. You might look into using the openssl SHA256 implementation, or something else if you need it to match.
If I give you the MD5 checksum of a string, can you generate the SHA checksum?
Or Vice Versa?
If I give you an MD5 checksum and a SHA checksum, can you tell me whether they're generated from the same source string?
(Obviously I'm excluding anything like locating the source string from a rainbow table, etc. etc.)
No. Both are one-way hashes, so the information contained in the original source string is lost in the checksum.
Even if you do have the "original" string as you say, there will be some other data out there that when hashed, results in a collision. This is because MD5 and SHA1 are not perfect hash functions. In the case of MD5, each hash can potentially have an infinite number of collisions. Then there is no guarantee that the generated SHA checksum of the "original" string is actually what you seek.
Disclaimer: I have very little experience with the theoretical side, so you may want to verify with other resources.
I am using md5 to encrypt the password. then, how to get back the original string if i need it. is there any decryption possible?
In a word: no. If you want it to be reversible, this is the wrong approach. MD5 is a hashing algorithm, not an encryption one. Don't use MD5 for passwords.
Use actual encryption, like AES or Blowfish.
You cannot decrypt one-way hashes like MD5 - The best you can do is brute-force them or run a dictionary through and compare the values for matches.
Is it possible to create a MD5 collision based on a known input value?
So for example I have input string abc with MD5 900150983cd24fb0d6963f7d28e17f72.
Now I want to add bytes to string def to get the same MD5 900150983cd24fb0d6963f7d28e17f72.
(I know this is possible by bruteforcing and waiting a long time; I want to know if there is a more efficient way in doing this)
Unitl now no algorithm has been discovered that allows you to find a matching input that will generate a given md5 hash.
What has been proven is that you can create md5 collisions quite easily, for example with what is known as chosen-prefix-collision: you can create two files yielding the same md5 hash by appending different data to a specified file. If you want to know more or get the program to try it, look here.
There is a site called http://www.MD5Decrypter.co.uk where when you give a md5 hash, it gives the original string. How is that possible. As far as I know md5 is an irreversible hash algorithm or is it? Secondly, can salt be used along with md5?
md5 is a hash algorithme so it allows two words to have the same hashcode. I you do not trust me, I can hash a 5-letter word, 10-letter word, 128-letter word with md5 and it will give me 32 characters every time.
The probleme is that md5 is not cryptographicaly secured. One can analyse it and guess what could have been hash. But the technique used by the site you posted is the rainbow table.
It can also be a dictionary, but it is less common with md5.
If you use a salt with your md5, this generator will not find anything until the rainbow table with your salt is filled.
md5 is usefull to sign a file, a cookie, or the name of a cryptography algorithm. It is not secured to store passwords. Some languages advice you to use whirlpool, bloswfish, salsa20 or sha512 instead of md2/5 sha 1/2/256