[cryptography] Number of hash function preimages

natanael.l at gmail.com natanael.l at gmail.com
Sat Mar 10 08:38:52 EST 2012

He actually asked two different questions on #2, if all hashes have collisions and if all messages have collisions. For MD5, the latter is "almost" proven true. There's a tool that let you enter two plaintexts, and then it generates a shared appended string (like md5(text_a+string)=md5(text_b+string)) that gives them the same hash. Not exactly the same, but relevant.

If there's "direct" collisions for all hashes and/or messages depends entirely on the algorithm. There could be one hash for SHA256, for example, which only has *one* message that can generate it. Then there are no messages or hashes colliding with those, and the answer to both of the questions in #2 is "no".

Also note that if there's collisions for all hashes, there's collisions for all messages, but the reverse doesn't have to be true.

2012-03-10 12:33 skrev Timo Warns:

On 2012-03-09, natanael.l at gmail.com wrote:
> On #2: There MUST be collisions with fixed-length hashes. But with 2^256
> possible results and sufficiently strong algorithms, it will not matter IRL. We
> won't find any collisions ever. But of course, the algorithms MIGHT be weak.
> MD5 was thought to be strong when it was new.

I think Florian asked whether there exists a collision for _every_ hash

Cheers, Timo


cryptography mailing list

natanael.l at gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120310/22f45d79/attachment.html>

More information about the cryptography mailing list