Friday, February 18, 2005

Geeky Friday: An Illustrated Guide to Cryptographic Hashes

Via Tiny's blog, "An Illustrated Guide to Cryptographic Hashes". I've used md5sum directly to verify big downloads and I had a basic understanding of how hashes are used to store passwords in plain text files. The author addresses something I've wondered about: "it seems obvious that many input streams are available that can produce any given hash." (also known as a collision). He goes on:
If so, this seems to undermine the whole premise of cryptographic hashes until one learns that for industrial-strength hashes like MD5, nobody has found a collision yet (well, almost nobody, but we're getting to that) .

This astonishing fact is due to the astonishingly large number of possible hashes available: a 128-bit hash can have 3.4 x 1038 possible values, which is:    340,282,366,920,938,463,463,374,607,431,768,211,456 possible hashes

Well, now it make more sense. Even though there are so many possible hashes, it takes some serious craftiness to make sure that the math to generate the hash values don't all cluster on a small percentage of those 3.4 x 1038 values. Those mathematician types are pretty clever.

No comments: