Finding MD5 Collisions With Chinese Lottery 303
Stanislav Shalunov writes "Jean-Luc Cooke posted a Usenet article describing a distributed webpage-based effort (Chinese Lottery) to find a collision in the MD5 function. All you need to do to participate in the effort is visit the URL that loads the code. The author comments: 'What is interesting about this approach - when we reach final release stage - is that any website that adds this small snippet of code to their pages will have their visitors working on the problem for the duration of their visit to the site'."
Re:How do I add this to my site? (Score:3, Informative)
That's really interesting... (Score:5, Informative)
Java Applets, because of the sandbox they're run in, can't open up a network connection to any website, except for the websie they came from. Presumably, what they're doing is creating a small Java applet, that when loaded, executes some logic, then opens up a network connection back home and sends the results.
Fascinating. This way, you don't have to bother installing something and hope it doesn't fsck up your computer. It might be slightly less efficient than a dedicated, installed program, but this way, they can harness the power of a computer just casually browsing a web page. Very innovative.
Not very intensive. (Score:4, Informative)
Re:Normal Thread Priority (Score:5, Informative)
For anyone wanting the code... (Score:5, Informative)
<!-- try IFRAME, else use LAYER -->
<IFRAME SRC="http://www.jlcooke.ca/psearch/dmd5l.html" SCROLLING="NO" FRAMEBORDER="0" WIDTH="100" HEIGHT="32">
<LAYER SRC="http://www.jlcooke.ca/psearch/dmd5l.html" WIDTH="100" HEIGHT="32" CLIP="0,0,100,32"></LAYER>
</IFRAME>
It' s making an iframe that loads the applet, and just does its own thing - by loading in the iframe it can call back to their host, rather than yours
Someone should let him know that he needs to make his server parse
Re:./ effect = benefit?? (Score:2, Informative)
I'm running No-Java-Opera right now:because the java enabled opera was 11 more megs..
Point is, geeky as we are, we're probably all expirementing with stuff.
NOT LIKE THAT YOU PERVERTS!!/
Re:really bad idea for real system administrators (Score:2, Informative)
Re:Oh, lovely, distributed Javascript computing (Score:2, Informative)
Argggh! It's not ready yet! (Score:4, Informative)
Re:RFI: "collision" means? (Score:3, Informative)
Obviously, since a string can be an almost infinite length, there has *got* to be collisions somewhere, but so far, no one has found any.
Realize that 16 bytes = 128 bits = 3.40282367e38 different outputs of MD5. Given that the half-life of a proton is 10e31 years, you need to do about 1 per second before half of the universe ends for good. Or, if you want to finish it in 100 years, you would need to 10e20 per second.
You better start some time soon!
Anti-Javascript Post... (Score:1, Informative)
Why is it when I say this stuff, nobody believes me?
If that's not enough, check-out my
Re:That's really interesting... (Score:3, Informative)
A Java applet can't see what you're doing on your computer. It can't see your hard drive. It can't see what other processes are running, etc. It can only communicate within the confines of the browser window and well-marked pop-up windows that it can spawn. Security is enforced by the local JVM - which the user installs from a trusted source.
Java was designed the "right way". This isn't ActiveX - in which an applet can rummage though your files and send a copy of every one of them to whoever the applet author wants. Java applets run in a sandbox and can only execute a subset of the full Java language.
There really isn't anything to see here... Move along...
Re:Are there any known MD5 collisions today? (Score:3, Informative)
However, it is trivial to prove the fact that there are strings that have the same MD5 hash due to the fact that you can't represent 2^65 different numbers with only 2^64 keys.
Re:RFI: "collision" means? (Score:3, Informative)
This is a really big number.
Nobody's really concerned about MD5 hash collisions of reasonable corpii (corpuses?, forgive my pseudo-latin) if MD5 is actually a perfect hash, or somewhat close to it. What people are really concerned about is there being some weakness in MD5 where you can reverse the algorithm and given some MD5 hash (maybe not any hash, maybe just certain ones) and come up with strings which hash to that value.
For example, suppose that 2^127-1 is prime (it may well be but I'm too lazy to check). Then if you start pulling out random strings foo and using the remainder of foo mod 2^127-1 as your hash you'll also have a 1% chance of a random collision with a sample size of the order of roughly 2^63, as above. However there are some trivial collisions you can calculate, like 0*(2^127-1), 1*(2^127-1), 2*(2^127-1) all hash to the same value.
If the data you're feeding your hash algorithm is random (more or less) there's no reason to prefer the modulus algorithm over MD5. But if you're using it for cryptographic things the modulus algorithm is pretty useless, and it may turn out to fall down on many common inputs that MD5 gives good results for.
I may have goofed some of this, and there's lots more to be said about it but I've wasted enough time on this post as it is.
Re:RFI: "collision" means? (Score:3, Informative)
I think the original "Chinese Lottery" scenario was if everyone one in China had a radio that was set to do encryption, and the Chinese government broadcasted a particular ciphertext that it wanted to encrypt, every radio would do the decryption using different strings until one of them got the answer. I think it would be under the guise of a lottery, so whichever citizen came back with the winning radio would receive a prize, and the Chinese government would have their cracked ciphertext.
Re:RFI: "collision" means? (Score:2, Informative)
It is a bit like SETI@home, It is very likely that we're not alone in the universe, but until we have empirical proof that we're not, nobody is truly satisfied.
Besides, if this was of true significance for national safety, funding would be found to run this on dedicated machines.
WARNING! WARNING! DANGER WILL ROBINSON! (Score:3, Informative)
YOU HAVE BEEN WARNED
Re:Short answer: yes (Score:2, Informative)
Difference? The md5() function includes padding. The md5_compress() collision is cited here:
http://citeseer.nj.nec.com/denboer93collisions.
Re:Electrons in universe (Score:2, Informative)
Re:I don't get it (Score:2, Informative)
Re:RFI: "collision" means? (Score:2, Informative)
This is the essance of why I'm doing this.
Look around for evidance of this movment in crypto circles (ie don't listen to