Hey all...

I'm trying to figure out how strong my hashes are. So heres the test: You have to find the text behind these two hashes(they both equal the same).

Hash using Method 1: bbbbbbbgggggdgaaddbgggdgggggba
Hash using Method 2: bbhe4eiigbdg44cbciigbdg4eigbce44a

(Original Text contains two special characters and the rest are numbers)

1st = user finds a match to both and they equal each other which equal the original text.
2nd = user finds a hash to one and it equals the original text
3rd = user finds a collision with one or both of the hashes

So help me out here and crack the hash?

The web application used to create these two hashes are at:
http://www.swivelgames.com/simple_encrypt.php
as well as the source to the hash program.

Hash != Encrypt. Your basic problem here is that you're creating something that is (hopefully) unique for a given string, but isn't necessarily sufficient to recover the original message from. What's your algorithm?

*cough, cough* http://www.swivelgames.com/source.php?simple_encrypt

Ah, my mistake. Well, by running a few queries, I'm pretty sure I could brute-force a collision relatively quickly. Maybe I'll try later.

I am pretty sure that you don't decrypt this, you have to brute force it... To bad you can't program custom algorithms for Cain and Abel (I have become quite interested in cryptography recently...)

It wasn't ment to be decrypted. I want to see if its hackable or if you can find a collision very easily.

But yeah, if you can find a collision Kerm, then please do so

Hence why you need to stop using the word "encryption" when talking about it. It is purely a hasing program - go back and remove any mention of "encryption"

Does that mean MD5 isn't an encryption? But just a hashing technique? 0.o?

I'm confused >.<"

If its not possible to decrypt then is it not called an encryption? I thought there are encryptions that you can and cannot decrypt. >.<"

Re: MD5: Yes, MD5 is just a hashing algorithm, not an encryption algorithm. That's why *any* length data can be fit into the same size hash. Things that are not decryptable are NOT called encryptions, which is the point Kllrnohj were trying to make; they're hashes.

Yes, MD5 is only a hashing algorithm, since it's not designed to be reversed.
Most modern encryption techniques rely on a public/private key scheme, requiring the public key to encrypt a message, and requiring the private key to decrypt the message. In the case of Rabin (which is similar to RSA), the private key is a set of two primes (usually very large, such as 256 bits), and the public key is the product of those two primes. If large primes are chosen, it's impractical to compute the private key from the public key. The encryption scheme is then designed to take the public key to compute a ciphertext, and only allow the ciphertext to be decrypted with the corresponding private key.

Isn't that what ti uses for apps and its os?

TI does indeed sign its apps with the MD5 hash, which is used on the certificate page. You can find out more about that on WikiTI.

Awesome. Hey Kerm, did you try to find a collision? I want to make a good enough hash program that maybe I can use it for L{CMS} now that PHP took out the hash() function from PHP. Now of course, we can always get an add-on to PHP to put it back into versions after PHP 5+ but I'de rather code it for all versions of PHP.

What are you needing a hash for? :/

(oh, and: http://www.php.net/md5 )

>.>

I've been using md5, but ever since I heard teh news about collisions being found in like, just a few minutes I stopped using it. So I'm trying to find a new one. Plus its fun

I'm probably going to be using blowfish or something similar.

I ask again, what are you using a hash for anyway?

I think he was referring to Rabin, which is also used.

Ah, I wasn't aware of that. Let's take a look at WikiTI. Hmm, I don't see any entrypoints about it - do you have a link to documentation about TI + Rabin?

As far as I know, there isn't any. Basically, the OS signature is a Rabin-encypted MD5 hash. The keys are each 512 bits.

I answer again...I was using SHA512, but now that they took out the hash() function, I want to change to something else because I want it to be compatible with all versions of PHP. I'm extremely annoyed that they took it out, but I guess I'll have to deal with it...