If I have two different hashes from the same password, is there a way to find out the password faster than usual?

K

Kirill2019-07-14 22:56:15

Mathematics

Kirill, 2019-07-14 22:56:15

There is a private key S, I can get md5(S) and sha256(S) from the server. I need to decrypt S. Does having 2 hashes give me any advantage from a mathematical point of view? Not necessarily md5 and sha256 - the theoretical possibility of an attack in the presence of such a situation is of interest.
It is clear that brute force using the fastest algorithm will be more effective. But are there other ways?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

sim3x, 2019-07-15
@kirill89

Depending on what you want to do
- get a clean text: take the hash that takes less CPU time to generate or use rainbow tables
- get a text that gives the same hash: take a hash that is subject to collisions and / or attacks
All hashes are different, because "theoretical" questions of this kind are useless

A

Alexander, 2019-07-14
@Survtur

Brute-force hash function due to collisions can find several variants of S (in infinite time - infinitely many). With the help of the second function, you can additionally check whether it is the same S. Again, given enough time, you can find as many S as you like, giving the desired hashes in both functions.
It seems that sha256 is not particularly slower than MD5, but it definitely has fewer collisions. Therefore, it is reasonable to brute force using SHA256. I assume that the first option will be correct.