08-26-2010 #12TITLE: MD5 Algorithm Cracked Using Gaming Consoles
security researchers have successfully created a forged certificate authority, exploiting a so-called "colliding certificates" attack, clearly indicating that the certification authorities must advance their security related standards with immediate effect.
The researchers used 200 PS3 game consoles over eight days.
Extracted from: http://blogs.techrepublic.com.com/networking/?p=776
Well there ya go. 200 PS3s. There are thousands of registered users here. Even if only a tenth of us contributed, I'm sure we could bust the Cell encryption open in no time.
With a rainbow table you can crack an md5 in about 25 seconds - 4 minuets using the above method. MD5 is not that secure, as I found out last night, it only allows for quick easy compare method as you can tell whether the file was tampered with.
And you only need 1 ps3 or single core computer.
Well, what i've posted is for cloning certificates, by creating collisions so that you can have two different certificates with the same md5 integrity verification validated...
MD5 is just for checking the integrity of files (i.e.: if you change one single bit inside a file, the MD5 hash check will fail) - not to encrypt/decrypt...
I mean, you can theoretically have two hashes (one for the decrypted file and one for the encrypted file), which would be verified and accepted by your PS3 - this assuming that PS3 was/is/were using Md5 checks - but what would the PS3 do with the already decrypted file which has a valid MD5 check ? doesn't the PS3 needs to "decrypt" the already decrypted (and MD5 integrity checked) file so to execute it?
What you really need to know is what encryption/decryption method is being used by PS3..
You don't decrypt md5 you just use it to compare to an already known file/hash. So the ps3 would use the md5 to insure that the file is either complete or correct. It is in fact impossible to decrypt a md5 since it has multiple answers which is the reason collisons work. Its 2 answers to the same problem.
Uh... MD5 does NOT encrypt (or decrypt) anything... (i've post above that link to wiki, so to explain better what's MD5 - MD5 is just a integrity check algo...)
I'll say it again...what is needed to know, is the encryption algorithm used - which is a different thing from MD5.
you can surely encrypt any number of text under 128 characters into md5 just not the reverse. However finding the other encryption method will be the challenge.
example of some Integrity check (Authentication) Algorithms:
MD5; SHA1; SHA-2; CRC; CRC32; etc
example of some Encryption algorithms:
RSA; DES; 3DES; Blowfish; RC4; etc
In my limited knowledge of cryptography and based on what i've always considered to be the way cryptography worked, idk how can you use MD5 has an encryption algo, since it was never designed to do so.
Many websites use Md5 to store passwords as even if you get the database you can not reverse the passwords. However I have a feeling they are using RSA or a variation of it.