[cryptography] Number of hash function preimages

natanael.l at gmail.com natanael.l at gmail.com
Sat Mar 10 08:38:52 EST 2012


He actually asked two different questions on #2, if all hashes have collisions and if all messages have collisions. For MD5, the latter is "almost" proven true. There's a tool that let you enter two plaintexts, and then it generates a shared appended string (like md5(text_a+string)=md5(text_b+string)) that gives them the same hash. Not exactly the same, but relevant.

If there's "direct" collisions for all hashes and/or messages depends entirely on the algorithm. There could be one hash for SHA256, for example, which only has *one* message that can generate it. Then there are no messages or hashes colliding with those, and the answer to both of the questions in #2 is "no".

Also note that if there's collisions for all hashes, there's collisions for all messages, but the reverse doesn't have to be true.


2012-03-10 12:33 skrev Timo Warns:

On 2012-03-09, natanael.l at gmail.com wrote:
> On #2: There MUST be collisions with fixed-length hashes. But with 2^256
> possible results and sufficiently strong algorithms, it will not matter IRL. We
> won't find any collisions ever. But of course, the algorithms MIGHT be weak.
> MD5 was thought to be strong when it was new.


I think Florian asked whether there exists a collision for _every_ hash
value.


Cheers, Timo

_______________________________________________

cryptography mailing list

natanael.l at gmail.com
http://lists.randombit.net/mailman/listinfo/cryptography



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120310/22f45d79/attachment.html>


More information about the cryptography mailing list