Do different files always lead to different MD5 or SHA1 hash codes?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
1
down vote
favorite
My question is if different files always lead to different MD5 or SHA1 hash codes?
Thanks
encryption
add a comment |Â
up vote
1
down vote
favorite
My question is if different files always lead to different MD5 or SHA1 hash codes?
Thanks
encryption
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
My question is if different files always lead to different MD5 or SHA1 hash codes?
Thanks
encryption
My question is if different files always lead to different MD5 or SHA1 hash codes?
Thanks
encryption
encryption
asked 4 hours ago
John
61
61
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
2
down vote
No they don't. If you think about it, sha1 output has 160 bits. There are more than 2^160 possible files, therefore there must be multiple (infinitely many) potential files that have the same hashes. The problem is finding them.
Here are two files that have the same sha1.
add a comment |Â
up vote
1
down vote
@PeterHarmann's answer is entirely correct, but to add to it: Secure hash algorithms (which MD5 was intended to be, and which is literally what "SHA" stands for) are supposed to be highly resistant to collisions where any two inputs have the same output. While such collisions will always exist for any algorithm that can take a longer (in terms of arbitrary bits of data) input than its output, finding them is supposed to be near-impossible. Ideally, doing so requires a brute-force attack on an infeasibly large search space, even when utilizing a birthday attack. In other words, while it's true that different files cannot always have different hash digests, in practice it's supposed to be possible to act as though they do.
SHA1 is deprecated because it has been demonstrated to be vulnerable to a collision attack, as Peter's link shows. MD5 is even worse, though; it has been demonstrated to be vulnerable to a chosen-prefix collision attack, where two distinct inputs can have suffixes appended to cause them to have the same hash digest. This was demonstrated as a way to break the protections afforded by cryptographic signatures (one of the key uses of secure hashes) by creating colliding X.509 certificates, allowing an attacker to generate a fraudulent certificate (with their own public key) that has the same hash and therefore the same signature as a valid certificate signed by a trusted certificate authority. The Flame malware used a fraudulent certificate purportedly signed by Microsoft, which was possible because Microsoft had a CA that was still issuing MD5-signed certificates.
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
No they don't. If you think about it, sha1 output has 160 bits. There are more than 2^160 possible files, therefore there must be multiple (infinitely many) potential files that have the same hashes. The problem is finding them.
Here are two files that have the same sha1.
add a comment |Â
up vote
2
down vote
No they don't. If you think about it, sha1 output has 160 bits. There are more than 2^160 possible files, therefore there must be multiple (infinitely many) potential files that have the same hashes. The problem is finding them.
Here are two files that have the same sha1.
add a comment |Â
up vote
2
down vote
up vote
2
down vote
No they don't. If you think about it, sha1 output has 160 bits. There are more than 2^160 possible files, therefore there must be multiple (infinitely many) potential files that have the same hashes. The problem is finding them.
Here are two files that have the same sha1.
No they don't. If you think about it, sha1 output has 160 bits. There are more than 2^160 possible files, therefore there must be multiple (infinitely many) potential files that have the same hashes. The problem is finding them.
Here are two files that have the same sha1.
answered 4 hours ago
Peter Harmann
5,73751425
5,73751425
add a comment |Â
add a comment |Â
up vote
1
down vote
@PeterHarmann's answer is entirely correct, but to add to it: Secure hash algorithms (which MD5 was intended to be, and which is literally what "SHA" stands for) are supposed to be highly resistant to collisions where any two inputs have the same output. While such collisions will always exist for any algorithm that can take a longer (in terms of arbitrary bits of data) input than its output, finding them is supposed to be near-impossible. Ideally, doing so requires a brute-force attack on an infeasibly large search space, even when utilizing a birthday attack. In other words, while it's true that different files cannot always have different hash digests, in practice it's supposed to be possible to act as though they do.
SHA1 is deprecated because it has been demonstrated to be vulnerable to a collision attack, as Peter's link shows. MD5 is even worse, though; it has been demonstrated to be vulnerable to a chosen-prefix collision attack, where two distinct inputs can have suffixes appended to cause them to have the same hash digest. This was demonstrated as a way to break the protections afforded by cryptographic signatures (one of the key uses of secure hashes) by creating colliding X.509 certificates, allowing an attacker to generate a fraudulent certificate (with their own public key) that has the same hash and therefore the same signature as a valid certificate signed by a trusted certificate authority. The Flame malware used a fraudulent certificate purportedly signed by Microsoft, which was possible because Microsoft had a CA that was still issuing MD5-signed certificates.
add a comment |Â
up vote
1
down vote
@PeterHarmann's answer is entirely correct, but to add to it: Secure hash algorithms (which MD5 was intended to be, and which is literally what "SHA" stands for) are supposed to be highly resistant to collisions where any two inputs have the same output. While such collisions will always exist for any algorithm that can take a longer (in terms of arbitrary bits of data) input than its output, finding them is supposed to be near-impossible. Ideally, doing so requires a brute-force attack on an infeasibly large search space, even when utilizing a birthday attack. In other words, while it's true that different files cannot always have different hash digests, in practice it's supposed to be possible to act as though they do.
SHA1 is deprecated because it has been demonstrated to be vulnerable to a collision attack, as Peter's link shows. MD5 is even worse, though; it has been demonstrated to be vulnerable to a chosen-prefix collision attack, where two distinct inputs can have suffixes appended to cause them to have the same hash digest. This was demonstrated as a way to break the protections afforded by cryptographic signatures (one of the key uses of secure hashes) by creating colliding X.509 certificates, allowing an attacker to generate a fraudulent certificate (with their own public key) that has the same hash and therefore the same signature as a valid certificate signed by a trusted certificate authority. The Flame malware used a fraudulent certificate purportedly signed by Microsoft, which was possible because Microsoft had a CA that was still issuing MD5-signed certificates.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
@PeterHarmann's answer is entirely correct, but to add to it: Secure hash algorithms (which MD5 was intended to be, and which is literally what "SHA" stands for) are supposed to be highly resistant to collisions where any two inputs have the same output. While such collisions will always exist for any algorithm that can take a longer (in terms of arbitrary bits of data) input than its output, finding them is supposed to be near-impossible. Ideally, doing so requires a brute-force attack on an infeasibly large search space, even when utilizing a birthday attack. In other words, while it's true that different files cannot always have different hash digests, in practice it's supposed to be possible to act as though they do.
SHA1 is deprecated because it has been demonstrated to be vulnerable to a collision attack, as Peter's link shows. MD5 is even worse, though; it has been demonstrated to be vulnerable to a chosen-prefix collision attack, where two distinct inputs can have suffixes appended to cause them to have the same hash digest. This was demonstrated as a way to break the protections afforded by cryptographic signatures (one of the key uses of secure hashes) by creating colliding X.509 certificates, allowing an attacker to generate a fraudulent certificate (with their own public key) that has the same hash and therefore the same signature as a valid certificate signed by a trusted certificate authority. The Flame malware used a fraudulent certificate purportedly signed by Microsoft, which was possible because Microsoft had a CA that was still issuing MD5-signed certificates.
@PeterHarmann's answer is entirely correct, but to add to it: Secure hash algorithms (which MD5 was intended to be, and which is literally what "SHA" stands for) are supposed to be highly resistant to collisions where any two inputs have the same output. While such collisions will always exist for any algorithm that can take a longer (in terms of arbitrary bits of data) input than its output, finding them is supposed to be near-impossible. Ideally, doing so requires a brute-force attack on an infeasibly large search space, even when utilizing a birthday attack. In other words, while it's true that different files cannot always have different hash digests, in practice it's supposed to be possible to act as though they do.
SHA1 is deprecated because it has been demonstrated to be vulnerable to a collision attack, as Peter's link shows. MD5 is even worse, though; it has been demonstrated to be vulnerable to a chosen-prefix collision attack, where two distinct inputs can have suffixes appended to cause them to have the same hash digest. This was demonstrated as a way to break the protections afforded by cryptographic signatures (one of the key uses of secure hashes) by creating colliding X.509 certificates, allowing an attacker to generate a fraudulent certificate (with their own public key) that has the same hash and therefore the same signature as a valid certificate signed by a trusted certificate authority. The Flame malware used a fraudulent certificate purportedly signed by Microsoft, which was possible because Microsoft had a CA that was still issuing MD5-signed certificates.
answered 4 hours ago
CBHacking
8,54711525
8,54711525
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f194954%2fdo-different-files-always-lead-to-different-md5-or-sha1-hash-codes%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password