I wrote the RSA ASE MD5 SHA- 1 encryption scheme of our company's project.
Take me directly to the meeting to share the manuscript)
Answer your question first:
Your concern is correct,
The result value A of MD5 encryption can be obtained from two different contents B and C..
That is, the result of MD5 encryption with the expected correct password a a? 0cc 175 B9 c0f 1b6a 83 1c 399 e 26977266 1
Someone entered the wrong password x,
The MD5 value of 0cc175b9c0f1b6a831c399e 269772661can be obtained through special algorithm processing.
————
However, you should pay attention to the fact that the wrong password data can only be obtained through a complicated algorithm, which is simply called "collision algorithm". Collision algorithm can actually be regarded as a camouflage algorithm, which disguises the wrong thing as the MD5 value of the correct thing.
As for the principle of "collision algorithm", we can know that 1, 2,
The process of MD5 encryption has four steps:
Fill 2. Initialize variables? 3. Processing packet data 4. Output result
The principle of "collision algorithm" is to carry out the first three steps of "filling-trial and error-filling trial and error" until the expected results are obtained.
Three points must be made clear in the process of cracking;
1. Many examples of correct passwords.
2. Adopt collision algorithm
3. The correct result predicted and expected by the cracker in advance.
All three are indispensable.
The example scenario of MD5 "collision algorithm" is also to digest encrypt files (such as digital signatures).
In other words, as cryptographers have shown:
A and B with the same MD5 value can be obtained by the algorithm. A and b are only pronouns. This algorithm was implemented by China cryptographer Wang Xiaoyun in 2004.
But going back to the focus of the theme,
Illegal elements, don't know in advance? Zhang Wuji's account number-MD5 value corresponds to the correct password.
He can only use the "collision algorithm" to try, make up a fake password at will, and use the "collision algorithm" for camouflage filling-trial and error.
But the trial process is a process of checking your company's background countless times.
In this process, the background of your company has to deal with the maximum number of wrong passwords entered by users on that day.
So in theory, there is no case where a person enters the wrong password and successfully logs in.
Assuming that this person can try five times a day, it will take several lifetimes to use the "collision algorithm".
——
But it emphasizes the application premise of "MD5 collision algorithm":
Known plaintext and MD5 value corresponding to plaintext.
According to the condition of 1, the algorithm can disguise another plaintext and the same MD5 value.
Therefore, there is no mistake in entering the wrong password, and the MD5 value of the correct password is obtained by using MD5 encryption, which does not meet the conditions and preconditions of "collision algorithm".
It's impossible.
Safety summary:
Files may easily collide, but MD5, as a high-performance and high-security digital signature algorithm, is still very practical for passwords or ciphertexts with limited length.
——
In a word, some questions about MD5 conflict.
In most cases, invisible characters will be generated, and passwords cannot have invisible characters.
The length of the generated "conflict" character can be the same as the length of the password itself. Almost impossible.
Based on the above two points, a little writing can prevent the collision of MD5.
The 1. password is encrypted multiple times by MD5.
2. Password filtering does not look at characters.
3. The password has a fixed length, such as 32 characters. If users don't have enough characters, they should be supplemented by a fixed character, such as a space. Too long is illegal.
————
Reference article
1 China cryptographer Wang Xiaoyun submitted an algorithm to crack MD5 in 2004.
Principle analysis of collision algorithm
A new set of sufficient conditions for MD5 collision.
4MD5 collision