MD4 wat'da hell was that ?

[LegoKid]

I just do some google to look what is md4 all about. I found a lot of results there and only give me a notation "it is a kind of encryption" digesting infomation. It uses 128-bit .. blah .. blah. Some guys made a collision attack in md4 ... blah ... blah ... blah.

Its making me confused just wanna know what it is, really. How md4 process nor what is the algorithm of it. Can anyone use md4 encryption rather than use the other encryption methods to encrypt data. How to decipher it ?

Could anyone lead me to a brighter information easy to understand in what md4 is.

[Hack]

It does not get any simpler than this in terms of a definition.

[TheBigB]

MD4 is a hash algorithm and not an encryption algorithm.
The difference is that a hash is generally irreversible but an encryption is.

I say generally, because by brute-forcing the original message is often retrievable.
Specially with older hashing algorithms like MD4.

The collisions you mention are equal hashes for different messages.

[aNubies]

@Hack - Yeah, that was one of source where I get the collision thing and hash algorithm thing . But
for some reason Im confused about it.
@TheBigB -so a hash algorithm. So usually in VB.Net to hash a data we used the method "HashSet" or "HashTable". So what is the algorithm about it I mean what formula they used about it. Cause in encryption the formula about it is something replacing the character ascii onto something the use of key how about hash? And how to brute force it to retrieve the messsagge back to original?

[jmcilhinney]

Hashing is the process of using a set of steps, i.e. an algorithm, to generate a value that represents the original data. Unlike encryption, hashing is intended to be one-way. As a result, hash values are usually relatively small and often the same size for the same algorithm no matter the size of the original data. Another feature is that small changes in the original data should produce large and unpredictable changes in the result. For instance, you might have one megabyte of data that produces a hash value 10 bytes in length. Changing one byte in the original data would produce a completely different hash value that is also 10 bytes in length.

There are various hash algorithms in use and some of them are implemented in the .NET Framework. These include the common SHA1 and MD5.

The .NET Object class has a GetHashCode method that any class can override to to provide its own implementation. .NET classes like the HashSet and Hashtable use that GetHashCode method. For instance, when you add an object to a HashSet, the object is hashed and the result stored internally. If you try to add another object that produces the same hash value, it will not be added to the set because that hash value already exists in the set. For the purposes of a HashSet and a Hashtable, two objects are considered identical if they produce the same hash value. It's for that reason that you need to give some thought to your implementation of GetHashCode. Should two instances with the same property values be considered the same or different?

[aNubies]

@JM - sire does anyone know what is the algorithm implemented in hash (or its better not to know it ? ) cause I saw some implementations that what would be the value of this sets:

""
"a"
"ab"
"abc"

those sets gives different values but with the same size (I think thats what you meant by "As a result, hash values are usually relatively small and often the same size for the same algorithm no matter the size of the original data") right ?.

Encryption use a key to encrypt and decrypt data right, how about hash do we need to use a key to make the data back in its original form and vice versa.

[jmcilhinney]

Encryption use a key to encrypt and decrypt data right, how about hash do we need to use a key to make the data back in its original form and vice versa.

It seems that you haven't actually read what we've been posting. You do NOT convert a hash value back to its original form. That's what encryption is for. Encryption is a two-way operation. Hashing is a one-way operation. If you want to learn how any particular hash algorithm works, look it up. There's a whole WWW out there. I just Googled md5, which I already mentioned is a common hash algorithm that is implemented in the .NET Framework, and the first result was the Wikipedia entry, which provides a description and a link to the relevant RFC, which has all the technical details.

[LegoKid]

to: anubies - looks like we have a the same research thesis that need to be done right . From what
section you were from ?
to: jmcill - how you will know what is the original form of a hash data contain?

[aNubies]

@legokid - james is that you ? You retard , didn't know your the one who posted this (that makes me think who in the hell have the same research as i have ) anyway we got to listen to this guys .

@jm - ok I'm gonna search about it .

[jmcilhinney]

You guys both seem to be missing the point. When it comes to hashing, you don't care what the original data was. You DO NOT EVER use a hash value to determine what the original data was. The only people who do that are hackers who want to find out what peoples passwords are. If you want to be able to transform data to hide it and then transform it back to its original form then you use encryption, not hashing.

Hashing is used to check whether two sets of data are the same by checking whether the hash values are the same. One example of where hashing is used is in downloading files. Often times, when you download a file they will give you the MD5 hash of the file contents. When you have downloaded the file, you can hash its contents and compare that to the value they provided and, if they are the same, you know that your downloaded file is free of corruption. This is simpler than comparing two possibly multi-megabyte files byte by byte.

Another example of where hashing is used is in securing passwords. The default ASP.NET membership service is an example. When a user registers, the password they provide is hashed and the hash value is stored in the database. Anyone could then read the database and they wouldn't know what the password is. When the user logs in, the password they provide is hashed and that hash value compared to the hash value stored in the database. If the hashes match then you know that the password is valid.

As in basically all cases where hashing is used, these examples demonstrated why this one-way transformation is useful: basically, hashing is used where you don't actually care what the data is, only whether it's the same as some other data.

[aNubies]

OohOh, Now I know that is a well explained sire. So only hackers do that that make me wonder how in the world they're gonna know what it is the hash data contain. But anyway you also give a nice example there sir . Now all we need to do now is make a lot of research about MD5.

[P.S]
Microsoft use hash for the user password right. So are they using also some software that is built-in to recover the hash data. So meaning the brute force that sire BigB said was user make a several combination of characters to compare to that hash data.


You are truly a genius sire. Im a slow pick-up in explanation but you do the job well . Thanks

[jmcilhinney]

Microsoft use hash for the user password right. So are they using also some software that is built-in to recover the hash data. So meaning the brute force that sire BigB said was user make a several combination of characters to compare to that hash data.

Microsoft do exactly what I said they do: they hash the data provided by the user and compare that to the hash value stored in the database. At no point do Microsoft try to recreate the original password from the hash value. "Brute force" basically just means trial and error. You get a computer to try lots of different values until it finds one that works. There are some hash algorithms that have weaknesses that make doing that a bit easier because you can get clues as to what might work from previous attempts. I'm not aware of any such weakness in MD5 but I have a feeling that SHA1 may.

[aNubies]

Microsoft do exactly what I said they do: they hash the data provided by the user and compare that to the hash value stored in the database. At no point do Microsoft try to recreate the original password from the hash value. "Brute force" basically just means trial and error. You get a computer to try lots of different values until it finds one that works. There are some hash algorithms that have weaknesses that make doing that a bit easier because you can get clues as to what might work from previous attempts. I'm not aware of any such weakness in MD5 but I have a feeling that SHA1 may.

Added to our research . So let me give an example im trying to get the hashcode of letter "a" which is hash value supposed to be "bde52cb31de33e46245e05fbdbd6fb24" I tried it in VB.Net just for some preview, I used:

Code:

Dim valueToHash As String = "a"
Msgbox(valueToHash.GetHashCode)

It gives me a different value why is that ? And when trying to hash a data 'are programmers (whatever he is hackers/normal programmer) etc. they used the build-in hash method or they just create an algorithm to do the hash thing (like in vb.net GetHashCode etc.).

[LegoKid]

I've search regarding Hashing, look like implementing hash coding is too difficult. Some says, implementing some integral, some says implementing some permutation etc. And I found something that there's a lot of hash implementation including those (2) algorithm, some says the use of "hash shift" if im not mistaken and a lot more.

Are we able to make our own hash algorithm or they're just doing some collisions about it .

Rob the research might get us B- (.

[TheBigB]

Added to our research . So let me give an example im trying to get the hashcode of letter "a" which is hash value supposed to be "bde52cb31de33e46245e05fbdbd6fb24" I tried it in VB.Net just for some preview, I used:

Code:

Dim valueToHash As String = "a"
Msgbox(valueToHash.GetHashCode)

It gives me a different value why is that ? And when trying to hash a data 'are programmers (whatever he is hackers/normal programmer) etc. they used the build-in hash method or they just create an algorithm to do the hash thing (like in vb.net GetHashCode etc.).

There are many different types of hashes. You can even create your own (but it is likely to have a lot of collisions).
JMC mentioned the framework contains a MD5 hashing implementation.
Not that it uses it.

[dilettante]

Hashes can be used for cryptographic purposes as a "digest" of information such as a message or authentication credentials (like a fancy checksum) or they can be used to reduce a large address space to a smaller address space for table key values (like a fancy modulus function). As far as I can recall these are the most common uses anyway.

In reality these two are the same thing, but different hashes optimize for different things: hash size in bits, difficulty in mapping back from hash outputs to hash inputs, tendencies to create clustered vs. evenly distributed outputs based on assumptions about inputs, etc.

Even Soundex algorithms are hashes.

[aNubies]

Ok that's harsh. Thank you guys, I think we need to study more about this specially different algorithms implemented in hashing .