Ask HN: Is there a string which MD5 Sum is all 0xffffffffffff?

13 pointsgizmore2y ago16 comments

16 comments

Assuming you meant a 128-bit hash with all bits set to '1' (i.e., '0xffffffffffffffffffffffffffffffff'), it would still be extremely difficult, if not practically impossible, to find a string that hashes to this specific value. The MD5 algorithm is designed to produce seemingly random output for small changes in input, and there are no known methods to easily reverse-engineer an MD5 hash.

That being said, MD5 is no longer considered cryptographically secure due to vulnerabilities discovered over the years, such as hash collisions. But finding a specific hash, like the one you mentioned, would still require a brute-force attack or an advanced cryptanalytic method, neither of which is guaranteed to succeed.

c1yd3i2y ago

Found ChatGPT.

klyrs2y ago

Simple answer: of course there is. The real challenge is finding such strings.

If I wanted to know the answer to that question, I'd first search some precomputed rainbow tables to see if anybody's gotten lucky:

http://project-rainbowcrack.com/table.htm

mdaniel2y ago

The discussion on security.SE seems to imply it's unknown: https://security.stackexchange.com/questions/107081/does-eve... so if you have a proof of your simple answer, I'm sure they'd welcome it

klyrs2y ago

My statement is one of statistically-informed confidence. A physicist's proof, not a mathematician's. As I said, proving it is where the challenge lies.

1 more reply

hnfong2y ago

The linked answer on SE basically says statistically there's a near-100% chance that there's a string where md5(string) is 0xfffffff... but there's no concrete proof.

Which is basically the same thing the GP says.

drdeca2y ago

Do you mean just that it is very very likely that there is, or is there some argument that the MD5 function must be surjective?

voldacar2y ago

It is not known to be surjective.

hospitalhusband2y ago

There's an infinite number of those strings, but barring an edge case in the md5 algorithm, none are known.

dzek692y ago

Is the algorithm known to produce all theoretically possible hash values?

Imagine a simple algorithm that should hash a string to a number 0-3, but due to an extra condition it actually cannot produce "3", pseudocode:

``` Sum = sumOfAsciiCodeOfString(input); Rest = Sum % 4; Return Rest === 3 ? 2 : Rest; ```

Or due to a bug (replace `% 4` with `% 3`).

Can we prove that md5 doesn't suffer from such issues and it actually can output ffffffffffff or deaddeaddeaddead ?

mdaniel2y ago

I tried seeing if there were any references in log files or forum questions to that, but the bad news is that your specific hash is also what one would get from an "invalid" hash, same as asking about the magic string "00000000000000000000000000000000"

fnordpiglet2y ago

This is essentially what crypto mining is, FWIW

natas2y ago

how many cpus or gpus would it take to find the answer within 1 year?

lagrange772y ago

Sounds like a NP problem.

j / k navigate · click thread line to collapse

16 comments

lphillips08252y ago

c1yd3i2y ago

Found ChatGPT.

klyrs2y ago

Simple answer: of course there is. The real challenge is finding such strings.

If I wanted to know the answer to that question, I'd first search some precomputed rainbow tables to see if anybody's gotten lucky:

http://project-rainbowcrack.com/table.htm

mdaniel2y ago

The discussion on security.SE seems to imply it's unknown: https://security.stackexchange.com/questions/107081/does-eve... so if you have a proof of your simple answer, I'm sure they'd welcome it

klyrs2y ago

My statement is one of statistically-informed confidence. A physicist's proof, not a mathematician's. As I said, proving it is where the challenge lies.

1 more reply

hnfong2y ago

The linked answer on SE basically says statistically there's a near-100% chance that there's a string where md5(string) is 0xfffffff... but there's no concrete proof.

Which is basically the same thing the GP says.

drdeca2y ago

Do you mean just that it is very very likely that there is, or is there some argument that the MD5 function must be surjective?

voldacar2y ago

It is not known to be surjective.

hospitalhusband2y ago

There's an infinite number of those strings, but barring an edge case in the md5 algorithm, none are known.

dzek692y ago

Is the algorithm known to produce all theoretically possible hash values?

Imagine a simple algorithm that should hash a string to a number 0-3, but due to an extra condition it actually cannot produce "3", pseudocode:

``` Sum = sumOfAsciiCodeOfString(input); Rest = Sum % 4; Return Rest === 3 ? 2 : Rest; ```

Or due to a bug (replace `% 4` with `% 3`).

Can we prove that md5 doesn't suffer from such issues and it actually can output ffffffffffff or deaddeaddeaddead ?

mdaniel2y ago

fnordpiglet2y ago

This is essentially what crypto mining is, FWIW

natas2y ago

how many cpus or gpus would it take to find the answer within 1 year?

lagrange772y ago

Sounds like a NP problem.

j / k navigate · click thread line to collapse