I have been researching but I am clueless. I know that MD5 can have both numbers and letters but if I ever find a case where an MD5 has only numbers or only letters it breaks my script currently
Can an MD5 hash have ONLY numbers or ONLY letters in it?
MD5 hashes (also termed message digests) are typically represented as a sequence of 32 hexadecimal digits. so what's the problem? suggest you post code/example... –
Believe
So it is possible for the usual string representation of a hash to contain only letters or only decimal digits. Definitely valid and possible. Just like it's possible for a decimal number to contain only odd digits. –
Sottish
MD5 "should be considered cryptographically broken and unsuitable for further use," –
Believe
Mark: it will be hexidecimal digits 0-9 A-F: what's your question? –
Believe
for now I am messing with md5 but I will use a better hash function once I get it working with md5 –
Carpospore
@Mark: You could use SHA-256 or some better function. –
Talich
What exactly do you mean your script breaks? There's some other problem with your script which needs to fixed if its only expecting alphanumeric hashes. –
Definiens
You have 32 digits. If we assume all ciphers equally distributed, there are 10^32 combinations, just made of numeric ciphers, 6^32 combinations of just alphabetic ciphers, and 16^32 combinations in total.
Which makes a (10^32 + 6^32) / 16^32 probability that your script will fail, on each invocation.
echo "scale=10;(10^32 + 6^32) / 16^32" | bc
.0000002938
So once in about 3.4 million cases it will fail. How often do you want to use it?
That's a good point (often but not that often) I guess my real issue is I am trying to use sed to return only the first part of a 2 part expression (the first part will be the md5) I have: sed 's/([a-z,0-9]*).*/\1/' –
Carpospore
but is there a way to do this where it will work if first expression is only letters or only number? (there will be a space every time after the md5) –
Carpospore
The regular expression looks fine, though I don't think you need the trailing .* as this will match any amount of characters. If sed doesn't work properly with [a-z,0-9]* you could also try (([a-z]|[0-9])*) –
Thurber
A small improvement for the regex is
's/^([a-z0-9]{32}) .*/\1/' which explicitly asks for 32 digits. The comma doesn't do what you think it does. –
Endowment List of few first strings that give only-digit md5 hash:
ximaz : 61529519452809720693702583126814
aalbke : 55203129974456751211900188750366
afnnsd : 49716523209578759475317816476053
aooalg : 68619150135523129199070648991237
bzbkme : 69805916917525281143075153085385
Here's one with only letters:
cbaabcdljdac : cadbfdfecdcdcdacdbbbfadbcccefabd
How did you find them? –
Endowment
i bet he brute-forced them 🙄 –
Gil
You have 32 digits. If we assume all ciphers equally distributed, there are 10^32 combinations, just made of numeric ciphers, 6^32 combinations of just alphabetic ciphers, and 16^32 combinations in total.
Which makes a (10^32 + 6^32) / 16^32 probability that your script will fail, on each invocation.
echo "scale=10;(10^32 + 6^32) / 16^32" | bc
.0000002938
So once in about 3.4 million cases it will fail. How often do you want to use it?
That's a good point (often but not that often) I guess my real issue is I am trying to use sed to return only the first part of a 2 part expression (the first part will be the md5) I have: sed 's/([a-z,0-9]*).*/\1/' –
Carpospore
but is there a way to do this where it will work if first expression is only letters or only number? (there will be a space every time after the md5) –
Carpospore
The regular expression looks fine, though I don't think you need the trailing .* as this will match any amount of characters. If sed doesn't work properly with [a-z,0-9]* you could also try (([a-z]|[0-9])*) –
Thurber
A small improvement for the regex is
's/^([a-z0-9]{32}) .*/\1/' which explicitly asks for 32 digits. The comma doesn't do what you think it does. –
Endowment Theoretically, yes, an MD5 hash (when converted to a hexadecimal string) could contain only decimal digits or only letters.
In practice, also yes: the string ximaz yields an MD5 hash of 61529519452809720693702583126814. Try it!
(Thanks to PHP Sadness for the example)
MD5 was intended to be a good hash function (currently broken, should not be used security applications) which means that it produces random looking output so that all possible values that fit into output space are utilized. Those letters and numbers are hex representation of the output. Yes, sometimes you could get output that consists of letters only or numbers only, but most of the time you will have both.
If I had to parse hex representations of MD5 I would surely take time to support those rather rare cases when output is letters only or numbers only.
@Mitch Wheat: Not in cases where there're no security concerns. –
Talich
@Mitch Wheat: For example, for data identification: https://mcmap.net/q/48893/-how-do-i-assess-the-hash-collision-probability CRC won't do - it has too narrow output. –
Talich
MD5 is a hackable hash function. Unless you add a SALT, you should not use it or the results can (most of the time) be easily hacked with a rainbow table. Though this is not the scope of the question, if we are discussing good hash functions, use SHA. –
Thurber
@Brain2000: Not all SHA functions are cryptographically good - SHA-1 is broken too. –
Talich
@Mitch Wheat: I mean there're scenarios where there's no attacker and hash collisions can only be random. –
Talich
@Mitch Wheat: Okay, I agree that it would be better to use a "right" function. But then comes real life. Suppose I have no attacker and no SHA-2 implementation I could use, but I have MD5 implementation. –
Talich
@Mitch Wheat: I edited my answer so that it doesn't contain that claim anymore. –
Talich
I guess my real issue is I am trying to use sed to return only the first part of a 2 part expression (the first part will be the md5 will use a better function in futre) I have: sed 's/([a-z,0-9]*).*/\1/' but is there a way to do this where it will work if first expression is only letters or only number? (there will be a space every time after the md5) –
Carpospore
@Mark: I guess you should ask that as a separate question. –
Talich
I believe you are working with the hex representation of the MD5 hashes. MD5 hashes are actually 128-bit strings. Most tools print them with the hex-representation which amounts to 32 hexadecimal digits. Hexadecimal digits use 0-9 and a-f.
Example:
susam@swift:~$ echo -n "foo" | md5sum
acbd18db4cc2f85cedef654fccc4a4d8 -
I know this is a very old question, but I found three more strings with only numbers in their md5 hashes, and Google couldn't find anything while searching these hashes so I thought it might be worth posting these:
Ioktak : 54948232518148653519995784773259
'99x\`b0x\'b : 24034969117462298298932307218853
uttuJ## : 74616072929762262275291990931711
© 2022 - 2024 — McMap. All rights reserved.