More on the CYBERCOM MD5 Hash

Posted by in Blog | 0 comments

Cyber Command LogoYesterday, the Internet “blew up” with hype over the mysterious characters around the U.S. Cyber Command logo. As reported by the various blogs and news outlets all over the world (here’s one from ComputerWorld), people quickly started to catch on that the mysterious string is an MD5 hash. ComputerWorld and many others lead you to believe that these people were also able to “crack” them MD5 hash and recover a secret message, but that is absolutely untrue. In fact, it is impossible to generate an original message or piece of data from an MD5 hash.

MD5 Hashes Explained

For those of you that know what an MD5 hash is, feel free to skip this section. Otherwise, read on. An MD5 hash in simplest terms is a digital “footprint” of a piece of data. That data could be a message, a computer program, a music file, or anything else that occupies data storage. It doesn’t matter how large the file is -- an MD-5 hash is usually 128 bits. An algorithm creates a “hash” of the data (for more information on how a hash function works, take a look at thisWikipedia article). The most common application for a hash is to verify the integrity of a file -- if you generate a hash, change the file, and then generate a new hash, the hashes will not match. This helps to determine if a file was changed either on purpose or by accident (such as being corrupted in a download). Another important fact is that a hash function is one-way -- that means there is no way to recover the original data from the hash itself. The only way to see if a particular piece of data corresponds to the hash is to run the algorithm against the data you think the hash might be for and see if the algorithm yields the same output. Basically, brute force it, or guess and check.

In recent years, researchers found quite a few vulnerabilities in both the MD5 hash and SHA-1, another one-way hash function. These vulnerabilities could compromise the intent of the hash function and could theoretically allow someone to make changes to the file which are undetected by the hash function (in other words, the hash would stay the same after the change). The most secure implementation of the one-way hash at the moment is the SHA-2 algorithm, so if you’re looking for the best, use that.

Obviously, the hash function in the CYBERCOM logo is meant for decoration, and to get some attention. I guess it worked.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>