“RE: The Incredible Non-Uniqueness of an MD5 Hash”

On 3/5/02, Sean McMains said:

>Your math assumes that the hashes the MD5 algorithm generates are
>equally distributed across the entire space possible with the
>characters that are being used. I don't know enough about the MD5
>algorithm to say whether that's true or not, but it's an interesting
>implicit assumption in your reasoning.

Actually, I didn't make the assumption. The RFC does, as have loads of people since then.

An excerpt from the RFC (which I pointed to in my original message):

The MD5 message-digest algorithm is simple to implement, and provides a "fingerprint" or message digest of a message of arbitrary length. It is conjectured that the difficulty of coming up with two messages having the same message digest is on the order of 2^64 operations, and that the difficulty of coming up with any message having a given message digest is on the order of 2^128 operations.

The algorithm used to generate an MD5 is incredibly simple... they explain the whole thing in pseudo code in the RFC, and then offer a reference implementation in C. The simple algorithms are the best. :-)

Seth