Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Is there a string which MD5 Sum is all 0xffffffffffff?
13 points by gizmore on April 23, 2023 | hide | past | favorite | 16 comments



Assuming you meant a 128-bit hash with all bits set to '1' (i.e., '0xffffffffffffffffffffffffffffffff'), it would still be extremely difficult, if not practically impossible, to find a string that hashes to this specific value. The MD5 algorithm is designed to produce seemingly random output for small changes in input, and there are no known methods to easily reverse-engineer an MD5 hash.

That being said, MD5 is no longer considered cryptographically secure due to vulnerabilities discovered over the years, such as hash collisions. But finding a specific hash, like the one you mentioned, would still require a brute-force attack or an advanced cryptanalytic method, neither of which is guaranteed to succeed.


Found ChatGPT.


Simple answer: of course there is. The real challenge is finding such strings.

If I wanted to know the answer to that question, I'd first search some precomputed rainbow tables to see if anybody's gotten lucky:

http://project-rainbowcrack.com/table.htm


The discussion on security.SE seems to imply it's unknown: https://security.stackexchange.com/questions/107081/does-eve... so if you have a proof of your simple answer, I'm sure they'd welcome it


My statement is one of statistically-informed confidence. A physicist's proof, not a mathematician's. As I said, proving it is where the challenge lies.


I believe proof-by-induction is still a mathematically valid proof. Just one to be suspicious of/can be overridden by more rigid proofs.


Induction is a mathematical tool. Overwhelming statistics is the physicist's.


The linked answer on SE basically says statistically there's a near-100% chance that there's a string where md5(string) is 0xfffffff... but there's no concrete proof.

Which is basically the same thing the GP says.


Do you mean just that it is very very likely that there is, or is there some argument that the MD5 function must be surjective?


It is not known to be surjective.


There's an infinite number of those strings, but barring an edge case in the md5 algorithm, none are known.


Is the algorithm known to produce all theoretically possible hash values?

Imagine a simple algorithm that should hash a string to a number 0-3, but due to an extra condition it actually cannot produce "3", pseudocode:

``` Sum = sumOfAsciiCodeOfString(input); Rest = Sum % 4; Return Rest === 3 ? 2 : Rest; ```

Or due to a bug (replace `% 4` with `% 3`).

Can we prove that md5 doesn't suffer from such issues and it actually can output ffffffffffff or deaddeaddeaddead ?


I tried seeing if there were any references in log files or forum questions to that, but the bad news is that your specific hash is also what one would get from an "invalid" hash, same as asking about the magic string "00000000000000000000000000000000"


This is essentially what crypto mining is, FWIW


how many cpus or gpus would it take to find the answer within 1 year?


Sounds like a NP problem.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: